| ▲ | elevation 2 hours ago |
| Why would a malware scanner read the comments? |
|
| ▲ | orphea 2 hours ago | parent | next [-] |
| Ignoring comments is not a solution because the texts can be put in random strings among the actual code. |
| |
| ▲ | ofjcihen 2 hours ago | parent [-] | | And really all it takes is one keyword such as “nuke”. | | |
| ▲ | therein 2 hours ago | parent [-] | | Nuke is probably too generic but I wouldn't put it past an LLM to get thrown away by that. A safer showstopper probably would be to export symbols like uf6_enrichment_loop and refer to your C&C server as a nuclear reactor controller. https://www.youtube.com/watch?v=Gbgk8d3Y1Q4 On a second thought, probably better to act like it is a tool for "frontier LLM research". Export symbols like "mythos_distillation_subroutine". | | |
| ▲ | ofjcihen 2 hours ago | parent [-] | | Haha now I’m picturing obfuscation where instead of 0x everything is a scary word. |
|
|
|
|
| ▲ | giantg2 2 hours ago | parent | prev | next [-] |
| Provides possible clues to the origin and use. |
|
| ▲ | well_ackshually 2 hours ago | parent | prev [-] |
| because not all malware is open source scanning arbitrary blobs very often entails running `strings` on the binary. Just slap it in there and oop there goes your LLM. |
