1. 16
  1. 1

    Panchan is written in Golang, and utilizes its built-in concurrency features to maximize spreadability and execute malware modules

    I’m naive in this domain. Is it unusual for worms to be written in high-level, modern languages? If so, why?

    1. 4

      I think because of the size of the executable and memory requirements. According to the article, this Go worm is already 30MB! This has to do with the runtime that is embedded into the binary and tons of dependencies.

      1. 3

        I believe that golang is becoming popular in malware. It’s extreme portability and the ease at which you can compile cross platform makes it perfect for broad attacks.

        So many vulnerable devices have at least a few hundred megs of space and high speed internet is practically global now days.

        1. 1

          I think it’s a bit of a mix. Often high-level languages used are more the type of “native” scripting languages for target, either because it’s part of getting the exploit to run at all (powershell, VBA, …) or because common on the platform (powershell, Python, …). Whereas for more low-level attacks the exploits are developed by people that have skills in more low-level languages and are happy to use those.

          Although maybe with malware-as-a-service the core and payload modules might be written in a higher-level language and only the pieces that need to be low-level are C/C++/… ? Not sure, but I bet there’s analysis of samples of those around.

        2. 1

          Cool. Haha