You missed something. forgotusername strongly seems to be suggesting that security experts are falsely claiming this is from Al Qaeda so they can get money from the US government to fight the terrorists. That's what daeken was responding to.
Sarcasm failure? The comment's intention was to suggest that it is directly and unequivocally in the interests of AV and infosec companies to dress up these daft events to make them sound as evil as possible, as the resulting fear drives their bottom line.
I'll walk you through it step by step.
> What now.. a heavily cybermilitarized nationstate so broke it needs to skim its own citizens' bank accounts?
This alludes to the fact the evil hacker espionage ultra-worm targets banking web sites, which is exactly the kind of worm we've had for hundreds of years now, only it's not written by governments, it's written by the kind of people who can sell those details on the black market. My attempt at making seemingly obvious humour in the form of "nationstate so broke it needs to skim its own citizens' bank accounts?" was clearly a failure.
> Advanced Persistent Phish?
Here I allude to a vague concept ("Advanced! Persistent! Threat!") pushed over the past 5 years or so by the AV/infosec community: one of this ill-defined superpower, for which evidence rarely exists, ready to pounce at any moment, spending trillions of Afghani rupees over years on the ability to read your private mail, and therefore obviously in return you should spend a great deal of money on your security (because you never know.. the boogey-man might already have root!).
> Trying to remember the last time I didn't read about some ultra-dooper-al-quaeda-cyber-virus. Seems any kid with a C compiler these days pumping out cutpasted code qualifies as a complex threat.
Well that's just it. This is a virus I could write, and I'm not even a vx guy. As someone else pointed out, the 0day it uses is distributed with Metasploit! This isn't exactly screaming "APT", "nationstate", or 007 is it. More it's screaming a pasty faced 15 year old armed with nothing but wget and the URL "www.phrack.com/my-first-virus-tutorial-1985-edition.txt".
> Coming up: 50 page white paper on the seemingly "innocuous" font (translation: obviously some previously unknown 0day secret intelligence 007 cyber warhead) and its implications for national security funding.
If you've been following along, this clearly references the copious scaremongering white papers produced by AV vendors around the time of Stuxnet.
More nonsense from the article:
> Another key feature of Gauss is the ability to infect USB thumb drives
The first computer viruses spread by floppy disk. I have no clue why this is 'key' to Gauss. I'll walk you through the BS in the article step by step if you really feel it's necessary.
tl;dr I am extremely cynical of the AV community scaremongering, because given time it will result in laws that'll get in the way the freedom to use mine or my childrens' computers. It's obviously already taken root in some of the minds around here, as y'all grasp to cope with this seemingly deadly evil threat, and my making light of it.
