とりあえず、とくに大きな影響は無かった模様。

I took a bit of time to examine the binary and I don’t believe it poses a huge threat. Here are my reasons why:

1. The program is written in Visual Basic. While there’s nothing wrong with that, VB is not the preferred programming language of very many professionals. C\C++\C# would tend to be better choices for complicated and efficient programs. VB tends to be a language for quick applications or for those beginning programming.
2. There is a tracking website required to use the application. Terrrorists don’t like to be tracked. Further, the site tracks referrals  thus it would be trivial to create cliques of users, which again is something terrorists would be desperate to avoid.
3. The website variables are in English. Extremists/Islamic Jihadists tend to not speak English, remember all the stories about the few English speakers they use? These guys have some understanding of English  indicating they might not be the stereotypical terrorist.
4. The web url is hard coded and it’s to a real web server. We’re in an age of dynamic dns and fast flux. A static/real url is very amateur and easily blocked.
5. There didn’t appear to be capability to dynamically update the program remotely  this would be key for updates and avoiding being blocked. I did a VERY QUICK analysis, but didn’t see this capability.
6. The executable wasn’t encrypted and didn’t fight malware analysis  real malware writers love to do malicious things to AV guys. They weren’t in this executable.
7. The webserver had frontpage extentions  this again just seems out of place for cyber war.

関連URL

• News from the Lab Archive : January 2004 to September 2015