July 13, 2011 at 15:31

Epic Fail by IDA and Eset

    image

    Hello!

    Today, literally hours ago, the news flew by - the whole set of the old tidbit of hackers, carders and crackers appeared in the public - the latest version of the IDA interactive disassembler with all the tools included.

    Specifically, it was launched:
    Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5.READ.NFO-RDW
    Hex-Rays.IDA.Pro.Advanced.SDK .v6.1-RDW
    Hex-Rays.IDA.Pro.Advanced.FLAIR.v6.1-RDW
    Hex-Rays.IDA.Pro.Advanced.IDS.Utilities.v6.1-RDW
    Hex-Rays.IDA.Pro. Advanced.LOADINT.v6.1-RDW
    Hex-Rays.IDA.Pro.Advanced.TILIB.v6.1-RDW
    Hex-Rays.IDA.Pro.Advanced.v6.1.TVision.v2009b.Source-RDW

    Number of links in The network is now growing exponentially.

    Well, one more face, you ask, and what is there to spread on the Habré in the Information Security section? The whole thing is hidden in the inscription, which is given in the title of this article.

    Earlier, I wrote about how companies involved in computer security relate to their own security . Now the story has repeated - superclosed in terms of purchase - and Ilfak Gilfanov’s super-expensive program “escaped” from Eset, the manufacturer of anti-virus products. That's what the organizers of the leak write about it in the nfo-file (there is also a Russian section, yes)

    This release should serve as a life lesson to those people who consider themselves “people of 'blue' blood.” He pursues the goal in some way to bring down arrogance, to put these people in place. To show that, besides them, there are other people who should be respected at least, appreciate their work and listen to them (at least listen).

    This release is dedicated to one person and one company who behave asocially, defiantly, arrogantly, do not reckon with anyone or anything, and therefore it is necessary to conduct a small "educational" work on the part of the community.

    Let's start in order: the person is Ilfak Gilfanov (Ilfak Guilfanov).
    I wanted to write a lot, then I thought - it makes no sense.

    And therefore, in principle, there is nothing special to tell. Those who are "in the know" and so everyone knows about this person. It’s almost impossible to buy an IDA. I described some details on my blog, the tag is 'ida' (I don’t give a link, I need to find it to anyone) You can read a little here (only in Russian
    lurkmore.ru/Reverse_Engineering#.D0.94.D0.B8.D0.B7.D0.B0.D1.81.D1.81.D0.B5.D0.BC.D0.B1 .D0.BB.D0.B5.D1.80.D1.8B

    I apologize to the crackers who were hired by HexRays SA that you, to some extent, also come under attack. But your manager, Unfortunately, there is no other choice.

    In December 2007, after Ilfak's unforgettable revelations in the topic www.idapro.ru/forum/viewtopic.php?t=463 that occurred after the IDA v5.5 warez release, I created a themewww.idapro.ru/forum/viewtopic.php?t=458 . In it, I expressed some thoughts about the “double standards” by the author of the IDA. Just a small example. A short conversation ensued, as a result of which Ilfak behaved absolutely inappropriately (in his usual manner) and banned me on the forum. But that is not all. Before banning me, he sent me a message in private (PM):
    ================================== =======================
    Subject: Went from here
    -
    I already told you that I’m tired of your verbs.

    It seems that you do not understand other words: go out
    ======================================== =================

    I recommend to reconsider your attitude towards people and the ways of expressing your thoughts when communicating with them. In any case, at the moment you are “reaping” exactly what you yourself “sowed”. I do not let such things go on the brakes.

    *** Further: the company - ESET - the manufacturer of NOD Antivirus

    There is such a proverb: “Mouse tears will pour out to the cat” (I already voiced it in relation to you in 2008-2009). Now this time has come.

    So, the actors from ESET (this is the minimum):

    * Juraj Malcho - the main smug short-sighted character
    * Marek Zeman (Customer [Un] Care; zeman@eset.sk)
    * Daniel Novomesky (Virus Researcher)

    ESET refers to developers of software products (small companies, individual developers of shareware products) - as a shit, and does not particularly hide it.

    The essence of the conflict is also described in my blog on the tags 'eset', 'nod', but is set out somewhere in the comments, in the discussion (I will not give links). Briefly: instead of learning how to correctly detect contents protected with TH / WL (primarily) and VMP files, ESET simply stupidly detected these protections * always * (such an Avira-style). And ESET is a seemingly technically competent company, the code is really well written. But such an approach. That is not all.

    At a specialized security forum, this company swore and swore that all the shareware developers that it touched could easily contact ESET, their programs would be thrown into exceptions. In fact, this turned out to be completely different. Outright rudeness, arrogance, bullying.

    ESET killed individual developers and small companies, because they, while protecting their products from crackers, lost their customers. Why? Because ESET NOD automatically detected files as malware. Moreover, he did not even let them download from sites! But this is not all, taking into account how the anti-virus industry is organized now, it was enough to upload such a file to VirusTotal, as other “fools” began to detect it, copying the verdict.

    The problem grew like a snowball. Due to the fact that users could not download products, developers and companies lost both their customer base and real money. Because of this, the developers had to ... abandon the protection used! And here we get a chain reaction: the client refuses the shareware program -> the developer of the shareware program refuses the protection used -> the protection developer loses clients and money. That is, ESET not only killed small companies and individual shareware developers, but also killed the client base and the profits of Oreans Technologies and VMProtect.

    Rafael, I know that you had a hard time at that time - this is my small personal gift to you. I know how difficult it is for small companies to defend their opinions and even agree on something at least.

    PolyTech, and this is for you too.

    The entire community of shareware developers - ESET will now get everything that it deserves, mocking you.

    ESET, Juraj Malcho: “su podla mna smiesne” - well, are you still funny? We in Russia say: “The one who laughs last is laughing well.” Now you can try to laugh.

    Just because you work in a large company with a world-famous reputation and millions of dollars in sales does not mean that you need to be shit and behave like shit. There are people around you, and you are no better and no worse than them. It's time to bring down the arrogance.

    *** A small warning

    In order to prevent any even more inadequate actions from occurring (for some reason, it’s not natural for people to learn from their mistakes), I consider it my duty to report that tens of thousands of different computers currently have an encrypted binary data array with some source codes and a number of specific data. The principle of operation is “to open”. Do not make Kaspersky Lab fail (hello to the “climber” and the April-May holidays) or the second Stuxnet

    A small (generally painless) confirmation will be shown shortly after this release.


    Here is such, as it were, information for consideration ...
    Tags:

    Also popular now: