Malware and cryptography
Some time ago, I was a usual reader of security sites, mailing lists and public advisories. Sadly for me, I didn't have the time lately to keep reading about security.
Anyway, today I've found an interesting post in one of the blogs I usually read, the one from Ivan Krstić. In this post Ivan covers the use of cryptography in malware and viruses, pointing to a variant of Gpcode, called Gpcode.ak which, once a system is infected, encrypts every user file/document, leaving a note asking for some money if the user wants to get the files back. Impressive.
From Ivan's post:
it creates a unique 128-bit RC4 (Arcfour) key on each machine and uses a random initialization vector for each file it targets. The IV is written to the beginning of the file, encrypted by the per-machine key, run through MD5, and the output constitutes the per-file key, used to encrypt each file with RC4. At the end, the main per-machine RC4 key is encrypted with a 1024-bit RSA public key which the malware carries within its payload.
Seems this has been around for a while now, but it's the first time it catches my eye.
Of course, I agree with the idea that the problem behind this is not the fact that the malware/virus uses advanced cryptography, but the fact that people use insecure software and insecure operating systems (or broken ones, if you prefer).
Luckily for me, I'm not one of those.