Malware and cryptography
August 2008
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
About
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Ya estan aquiiii....(08/19 19:39)
bogofilter and the importance of HAM(08/18 19:48)
From scripting to object-oriented Python programming(08/14 14:27)
upgrading django applications to recent revisions(08/14 13:52)
First Codigo23 sprint(08/13 14:39)
FreeBSD, OpenLDAP and the boot process(08/12 14:27)
I'll be at the djangocon(08/01 11:00)
My second MRI(08/01 10:41)
xkcd: linux, a true story(07/30 11:32)
Debugging your webapp, the funny way(07/10 18:37)
Recent Comments
Re: Aprender Python(foz : 08/20 00:03)
Re: bogofilter and the importance of HAM(Wu : 08/19 14:08)
Re: bogofilter and the importance of HAM(Juanjo : 08/18 19:52)
Re: From scripting to object-oriented Python programming(r0sk : 08/14 17:13)
Re: First Codigo23 sprint(r0sk : 08/13 22:54)
Re: I'll be at the djangocon(Wu : 08/11 16:21)
Will try(Milan Andric : 08/09 04:42)
Re: Problem with ssl in Python 2.5(Wu : 08/06 01:45)
Re: I'll be at the djangocon(Wu : 08/06 01:43)
Re: I'll be at the djangocon(pAvL0 : 08/05 19:59)
Other Weblogs

Greece: Residence permit for european citizens
2008-08-21 Graffic

My deepest condolences to Madrid
2008-08-21 Graffic

Breezy Hill
2008-08-20 betabug

Modo psíquico de Pidgin
2008-08-20 blackshell

¿Quién envía correos con mail() de PHP?
2008-08-19 blackshell

Unplugged
2008-08-18 emereci

Work in an empty city
2008-08-18 betabug

Brother printer and GNU (aka Linux)
2008-08-17 The Best of Marc García

Full moon + eclipse at the Parthenon.
2008-08-17 Graffic

SSH: Tarda mucho en conectar
2008-08-14 userlinux

¡ hacedme sitio domingueros !
2008-08-14 propiedadprivada.com

Apapacho's time
2008-08-13 emereci

Test Post
2008-08-13 BSDCow

No title provided
2008-08-13 emereci

StdImage updated to trunk
2008-08-13 The Best of Marc García

Google Insights para Búsquedas
2008-08-12 propiedadprivada.com

Eclipse: instalando PDT
2008-08-12 userlinux

Género de la palabra wiki
2008-08-11 userlinux

La blogosfera valenciana y la cadena SER
2008-08-09 blackshell

Alzamiento y caida de… Twitter
2008-08-09 propiedadprivada.com

Cuil? WTF!
2008-08-08 The Best of Marc García

Sweet Tourist Life
2008-08-07 betabug

BSD in Paris
2008-08-04 BSDCow

Netboot installing Ubuntu on a SunFire X2200
2008-06-02 Tomster

Eco-friendly danger sign
2008-05-26 BSDCow

blueprint css + jquery
2008-04-26 Tomster

Connecting Plone to Mac OS X Server with LDAP
2008-04-18 Tomster

Recent Trackbacks
Aprender Python en Lugo(10/27 19:09)
Categories
OpenBSD (7 items)
BSD (0 items)
FreeBSD (4 items)
Linux (0 items)
Security (3 items)
Python (7 items)
Zope (8 items)
Daily (36 items)
e-shell (3 items)
Hacks (4 items)
PostgreSQL (1 items)
OSX (6 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (1 items)
Nintendo Wii (0 items)
Django (4 items)
Music (5 items)
Archives
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007

Syndicate this site (XML)

RSS/RDF 0.91

18 junio
2008

Malware and cryptography

or how to bring them all on their knees!
[Security] 

Some time ago, I was a usual reader of security sites, mailing lists and public advisories. Sadly for me, I didn't have the time lately to keep reading about security.

Anyway, today I've found an interesting post in one of the blogs I usually read, the one from Ivan Krstić. In this post Ivan covers the use of cryptography in malware and viruses, pointing to a variant of Gpcode, called Gpcode.ak which, once a system is infected, encrypts every user file/document, leaving a note asking for some money if the user wants to get the files back. Impressive.

From Ivan's post:

it creates a unique 128-bit RC4 (Arcfour) key on each machine and uses a random initialization vector for each file it targets. The IV is written to the beginning of the file, encrypted by the per-machine key, run through MD5, and the output constitutes the per-file key, used to encrypt each file with RC4. At the end, the main per-machine RC4 key is encrypted with a 1024-bit RSA public key which the malware carries within its payload.

Seems this has been around for a while now, but it's the first time it catches my eye.

Of course, I agree with the idea that the problem behind this is not the fact that the malware/virus uses advanced cryptography, but the fact that people use insecure software and insecure operating systems (or broken ones, if you prefer).

Luckily for me, I'm not one of those.

Posted by wu at 14:15 | Comments (0) | Trackbacks (0)
<< Classic photographies (lego style) | Main | From The Edge Of The Deep Green Sea >>
Comments
There are no comments.
Trackbacks
Please send trackback to:http://blog.e-shell.org/75/tbping
There are no trackbacks.
Post a comment