Initially, when I read about the use of symmetric and asymmetric cryptography in Conficker worm, I didn’t realize the real risk. I already knew that modern malware use some type of encryption to prevent detection, but the use of algorithms like RSA and RC4 puzzled me. Not only that, the use of long 4096-bit keys made me even more uneasy.
How could a malware use such a sophisticated method for replication? I am not an authority in this area, but with whatever little I know, malware use techniques to shorten their code so that the malicious content could be easily injected into another file. Long code means sooner detection. Even if Conficker uses RSA for safe transmission, how it managed key-handling? Who possessed the secret key and how he remotely decrypts the malware code on a remote machine? Were the good guys able to decrypt the code? RSA 2048 & 4096-bit key is considered reasonably safe and if the good guys could decipher the code, does it mean there is a backdoor in the algorithm itself?
I was more concerned about the last question until Paul Duckin, of SOPHOS labs, answered my query. Below is the extract of his answer:
Autorun.inf itself is simply a text configuration file that tells Windows Operating System which executable to start automatically when a removable media is inserted. Malware authors are taking the benefit of this file to execute malicious code that could spread via your USB drives.
A simple autorun.inf file may look somewhat like this:
For most users, selecting an anti-virus product is like buying daily grocery items. There are many products on the shelf and you can always pick the other one depending upon the price and the attractive packaging. But this strategy is not helpful while selecting an anti-virus product. If you come under any of the following categories, you should read this article and the subsequent articles of this series:
You don’t want to loose your data. Your data is your life.
You don’t want to waste time on frequent formatting of your PC and re-installation of all the stuff again.
You want to buy an anti-virus product that meets your requirements, and not of your neighbour or your friend.