micky said:
OT What the heck do they mean, "Target Hackers Wrote Partly in
Russian," Doesn't the code have to be written in machine language or
the same language it was originally written in?
http://online.wsj.com/news/articles/SB10001424052702304419104579324902602426862
This is not the only place where it makes such a claim
It's hard to say, because you're getting information from
a journalist. Who will make things up, if necessary
The original malware was purchased from someone. It
may have been purchased in source code form. The comments
in the source code might have been in Russian. The source
code is not likely to be sitting on the Target POS systems.
So we'll discount that idea.
The attacker would then add code to package the malware,
make it invisible and so on. The final code should be
binary. Only if the attackers wanted to taunt authorities,
would they leave string constants inside the code in
Russian. It's also possible, if the code was written
in an object oriented language, the names of the routines
could be embedded in the binary, if the binary had not
been properly stripped. You can strip a binary, and leave
absolutely nothing inside suitable for symbolic debugging.
That's useful if you want the smallest executable possible.
I would say they "weren't very good", if they left that
sort of stuff behind. And the sophistication of the attack
says otherwise. They're good. So this Russian baloney,
may be determined by knowing that a certain individual
sold the malware in the first place, and they have
some idea what country that person is in.
Ars mentioned that it might have been Krebs that
released some information as well. I'd try to
find a news article that quotes people closer
to the analysis, or people who know these
malware sellers well enough, to know what country
they're in. I doubt the attackers were that sloppy.
Look how long they were inside that system. And they
may have attacked other retailers. Perhaps some
that haven't even admitted it or detected it yet.
Paul