Malware and cryptography
September 2021
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Recent Comments
Recent Trackbacks
OpenBSD (9 items)
BSD (0 items)
FreeBSD (19 items)
Linux (3 items)
Security (3 items)
Python (22 items)
Zope (13 items)
Daily (144 items)
e-shell (9 items)
Hacks (14 items)
PostgreSQL (3 items)
OSX (8 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (3 items)
Nintendo Wii (1 items)
Django (24 items)
Music (12 items)
Plone (7 items)
Varnish (0 items)
Lugo (2 items)
Sendmail (0 items)
europython (7 items)
Cherokee (1 items)
self (1 items)
Nature (1 items)
Hiking (0 items)
uwsgi (0 items)
nginx (0 items)
cycling (10 items)
Networking (1 items)
DNS (0 items)

Syndicate this site (XML)

RSS/RDF 0.91

18 junio

Malware and cryptography

or how to bring them all on their knees!

Some time ago, I was a usual reader of security sites, mailing lists and public advisories. Sadly for me, I didn't have the time lately to keep reading about security.

Anyway, today I've found an interesting post in one of the blogs I usually read, the one from Ivan Krstić. In this post Ivan covers the use of cryptography in malware and viruses, pointing to a variant of Gpcode, called Gpcode.ak which, once a system is infected, encrypts every user file/document, leaving a note asking for some money if the user wants to get the files back. Impressive.

From Ivan's post:

it creates a unique 128-bit RC4 (Arcfour) key on each machine and uses a random initialization vector for each file it targets. The IV is written to the beginning of the file, encrypted by the per-machine key, run through MD5, and the output constitutes the per-file key, used to encrypt each file with RC4. At the end, the main per-machine RC4 key is encrypted with a 1024-bit RSA public key which the malware carries within its payload.

Seems this has been around for a while now, but it's the first time it catches my eye.

Of course, I agree with the idea that the problem behind this is not the fact that the malware/virus uses advanced cryptography, but the fact that people use insecure software and insecure operating systems (or broken ones, if you prefer).

Luckily for me, I'm not one of those.

Posted by wu at 14:15 | Comments (0) | Trackbacks (0)
<< Classic photographies (lego style) | Main | From The Edge Of The Deep Green Sea >>
There are no comments.
Please send trackback to:
There are no trackbacks.
Post a comment