Remember The Threatened Cyber-Jihad? McAfee Has The Binary Code
Cyber Jihad Isn’t Here Yet
By Matthew Wollenweber at McAfee
There’s a lot of hype circulating around about a Jihad application meant to wage cyber war in the near future. A lot of people have speculated and while the experts are dismissive, the topic is still getting a lot of press and worrying average users. I took a bit of time to examine the binary and I don’t believe it poses a huge threat. Here are my reasons why:
The program is written in Visual Basic. While there’s nothing wrong with that, VB is not the preferred programming language of very many professionals. C\C++\C# would tend to be better choices for complicated and efficient programs. VB tends to be a language for quick applications or for those beginning programming.
There is a tracking website required to use the application. Terrrorists don’t like to be tracked. Further, the site tracks referrals – thus it would be trivial to create cliques of users, which again is something terrorists would be desperate to avoid.
The website variables are in English. Extremists/Islamic Jihadists tend to not speak English, remember all the stories about the few English speakers they use? These guys have some understanding of English – indicating they might not be the stereotypical terrorist.
The web url is hard coded and it’s to a real web server. We’re in an age of dynamic dns and fast flux. A static/real url is very amateur and easily blocked.
There didn’t appear to be capability to dynamically update the program remotely – this would be key for updates and avoiding being blocked. I did a VERY QUICK analysis, but didn’t see this capability.
The executable wasn’t encrypted and didn’t fight malware analysis – real malware writers love to do malicious things to AV guys. They weren’t in this executable.
The webserver had frontpage extentions – this again just seems out of place for cyber war.
All told, the little bits of analysis make the code look to be written by high school or early college kids. If their network gets large enough, maybe they could have caused harm. Right now the websever isn’t working and the app seems like a no-go. I’d suggest everyone block traffic to the server http://al-jinan.net and stop worrying.
Be respectful of others and their opinions. Inflammatory remarks and inane leftist drivel will be deleted. It ain’t about free speech, remember you’re in a private domain. My website, my prerogative.
If you can't handle using your real email address, don't bother posting a comment.
This is an old story. That program has been reverse-engineered ad nauseum. The pukes that wrote the program are a day late and a dollar short. We’re on to them…
November 12th, 2007 at 3:33 pmGreat pic, Bash. P’shop some nipple rings on that beast and it could easily be mistaken for Pelosi in the buff, no?
…democrats in the mist?
November 12th, 2007 at 4:20 pmNothing new. When the e-Jihad story appeared on this website back in July or August, I checked out the content of the executable and website. Their server was down and the program was clearly written in VB by an amateur. Their way of running a DDOS attack is way too primitive, traceable and detectable (by any half-decent IDS) to be effective. In other words, they’re a freaking joke.
November 12th, 2007 at 6:02 pmHAHAHAHAHAHAHAHA, a e-jihadist being smart enough to create a decent virus?
November 13th, 2007 at 7:39 amHAHAHAHAHAHAHAHAHA, oh god, oh god, hahahahahaha, oh god.