Main Area and Open Discussion > General Software Discussion

Interesting Approach by the Profiteering Malware Author

<< < (5/6) > >>

Ehtyar:
Now, factoring RSA-1024... I wonder just how feasible that is, even with a SETI or Folding@Home size grid. Probably more realistic to track down the bastard.
-f0dder (June 11, 2008, 05:52 PM)
--- End quote ---
It seems to me that, provided the arsehole isn't using an open proxy, or TOR etc., the assistance of his email providers, or his credit card processors etc. in this case could quite easily lead to his eventual identification.

On another note, after further googling it appears that Gpcode is generating what KL are calling a "master" key when it begins its work, then modifying the key for each file it encrypts, using some unique aspect of the file itself (its creation time, file name etc) thereby making the approach toward cracking the RC4 that much more complicated. KL are keeping extraordinarily tight-lipped about this process for an organisation claiming to want to put an end to this outbreak. Hypothetically, if KL were to release this kind of information, both the Fluhrer, Mantin & Shamir, and the Klein attack could be quite successful in breaking the encryption, provided the author had not defended against one or the other and that the key length was sufficiently small.

Ehtyar.

[edit]
Is he using the Microsoft cryptography provider for the RC4, or just the RSA i wonder. The Microsoft cryptography documentation does not supply information regarding defense against known attacks, so one can most likely safely assume it is not protected against either of the attacks listed above. Though if the author were to be using 3rd party code for the RC4, then he would be free to introduce any modification to the algorithm he wanted.
[/edit]

mwb1100:
Probably more realistic to track down the bastard.
-f0dder (June 11, 2008, 05:52 PM)
--- End quote ---
Why am I suddenly in support of waterboarding?  ;)
-40hz (June 11, 2008, 10:13 AM)
--- End quote ---
Rubber hose cryptanalisys!  :up:
-scancode (June 11, 2008, 09:41 AM)
--- End quote ---

Maybe if the FBI or some other 'three letter agency' were to get infected...  I think this scheme would be 'broken' in short order.

Ehtyar:
Maybe if the FBI or some other 'three letter agency' were to get infected...  I think this scheme would be 'broken' in short order.
-mwb1100 (June 11, 2008, 06:51 PM)
--- End quote ---
The RC4 perhaps, but from a conspiracy theorist's point of view, were the government capable of breaking 1024 bit RSA in short order, it would be in their best interests, regardless of whatever information was encrypted, to keep that fact a secret. The entire cryptography community could collapse into total mayhem were this sort of information to get out.

Ehtyar.

[edit]
At the risk of starting a flame war, why don't we all just forget about breaking the crypto and simply follow Symantec's excellent "removal" instructions ;)
[/edit]

f0dder:
Ehtyar: not only the cryptography community... I don't even dare think about the consequences of anybody being able to factor 1024-bit RSA in realistic time.

mwb1100:
Maybe if the FBI or some other 'three letter agency' were to get infected...  I think this scheme would be 'broken' in short order.
-mwb1100 (June 11, 2008, 06:51 PM)
--- End quote ---
The RC4 perhaps, but from a conspiracy theorist's point of view, were the government capable of breaking 1024 bit RSA in short order, it would be in their best interests, regardless of whatever information was encrypted, to keep that fact a secret.
-Ehtyar (June 11, 2008, 06:59 PM)
--- End quote ---

I meant more from the point of view of being able to track down the blackmailer and using old fashioned methods of getting the key.

Navigation

[0] Message Index

[#] Next page

[*] Previous page