There’s a lot of hype circulating around about a Jihad application meant to wage cyber war in the near future. A lot of people have speculated and while the experts are dismissive, the topic is still getting a lot of press and worrying average users. I took a bit of time to examine the binary and I don’t believe it poses a huge threat. Here are my reasons why:

  1. The program is written in Visual Basic. While there’s nothing wrong with that, VB is not the preferred programming language of very many professionals. C\C++\C# would tend to be better choices for complicated and efficient programs. VB tends to be a language for quick applications or for those beginning programming. ( OR amateurs )

  2. There is a tracking website required to use the application. Terrrorists don’t like to be tracked. Further, the site tracks referrals – thus it would be trivial to create cliques of users, which again is something terrorists would be desperate to avoid. ( But they did use it, got tracked..and were a clique, a terrorist isn't a programmer, he just trusts his Cadre... )

  3. The website variables are in English. Extremists/Islamic Jihadists tend to not speak English, remember all the stories about the few English speakers they use? These guys have some understanding of English – indicating they might not be the stereotypical terrorist. ( also may indicate Western ( English ) trained advisor's, our paradigm indicators say, India )

  4. The web url is hard coded and it’s to a real web server. We’re in an age of dynamic dns and fast flux. A static/real url is very amateur and easily blocked.

  5. There didn’t appear to be capability to dynamically update the program remotely – this would be key for updates and avoiding being blocked. I did a VERY QUICK analysis, but didn’t see this capability.

  6. The executable wasn’t encrypted and didn’t fight malware analysis – real malware writers love to do malicious things to AV guys. They weren’t in this executable.
    ( non-professional help, home grown? wanabees. )

  7. The webserver had frontpage extentions – this again just seems out of place for cyber war.

All told, the little bits of analysis make the code look to be written by high school or early college kids. If their network gets large enough, maybe they could have caused harm. Right now the websever isn’t working and the app seems like a no-go. I’d suggest everyone block traffic to the server and stop worrying.




This is their 3 attempt.

The group is Al Ansar Hacking Team.

They need to be taken out.

The 10th or 20th time they might get it right.

Significant resources should be expended to nip this.

( tracking websites taken down also )