Malware and cryptography
July 2017
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
About
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Recent Comments
Recent Trackbacks
Categories
OpenBSD (9 items)
BSD (0 items)
FreeBSD (19 items)
Linux (3 items)
Security (3 items)
Python (22 items)
Zope (13 items)
Daily (144 items)
e-shell (9 items)
Hacks (14 items)
PostgreSQL (3 items)
OSX (8 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (3 items)
Nintendo Wii (1 items)
Django (24 items)
Music (12 items)
Plone (7 items)
Varnish (0 items)
Lugo (2 items)
Sendmail (0 items)
europython (7 items)
Cherokee (1 items)
self (1 items)
Nature (1 items)
Hiking (0 items)
uwsgi (0 items)
nginx (0 items)
cycling (9 items)
Networking (1 items)
DNS (0 items)
Archives

Syndicate this site (XML)

RSS/RDF 0.91

18 junio
2008

Malware and cryptography

or how to bring them all on their knees!

Some time ago, I was a usual reader of security sites, mailing lists and public advisories. Sadly for me, I didn't have the time lately to keep reading about security.

Anyway, today I've found an interesting post in one of the blogs I usually read, the one from Ivan Krstić. In this post Ivan covers the use of cryptography in malware and viruses, pointing to a variant of Gpcode, called Gpcode.ak which, once a system is infected, encrypts every user file/document, leaving a note asking for some money if the user wants to get the files back. Impressive.

From Ivan's post:

it creates a unique 128-bit RC4 (Arcfour) key on each machine and uses a random initialization vector for each file it targets. The IV is written to the beginning of the file, encrypted by the per-machine key, run through MD5, and the output constitutes the per-file key, used to encrypt each file with RC4. At the end, the main per-machine RC4 key is encrypted with a 1024-bit RSA public key which the malware carries within its payload.

Seems this has been around for a while now, but it's the first time it catches my eye.

Of course, I agree with the idea that the problem behind this is not the fact that the malware/virus uses advanced cryptography, but the fact that people use insecure software and insecure operating systems (or broken ones, if you prefer).

Luckily for me, I'm not one of those.

Posted by wu at 12:15 | Comments (0) | Trackbacks (0)
<< Classic photographies (lego style) | Main | From The Edge Of The Deep Green Sea >>
Comments
There are no comments.
Trackbacks
Please send trackback to:http://blog.e-shell.org/75/tbping
There are no trackbacks.
Post a comment