Was RSA or RC4 broken to decipher Conficker?

05:22 a.m

Initially, when I read about the use of symmetric and asymmetric cryptography in Conficker worm, I didn’t realize the real risk. I already knew that modern malware use some type of encryption to prevent detection, but the use of algorithms like RSA and RC4 puzzled me. Not only that, the use of long 4096-bit keys made me even more uneasy.

How could a malware use such a sophisticated method for replication? I am not an authority in this area, but with whatever little I know, malware use techniques to shorten their code so that the malicious content could be easily injected into another file. Long code means sooner detection. Even if Conficker uses RSA for safe transmission, how it managed key-handling? Who possessed the secret key and how he remotely decrypts the malware code on a remote machine? Were the good guys able to decrypt the code? RSA 2048 & 4096-bit key is considered reasonably safe and if the good guys could decipher the code, does it mean there is a backdoor in the algorithm itself?

I was more concerned about the last question until Paul Duckin, of SOPHOS labs, answered my query. Below is the extract of his answer:

Continue reading

Counterattack Autrorun Malwares with Panda USB Vaccine

Panda USB Vaccine is a small utility from Panda Security to deal with the malware that makes use of the autorun.inf file to spread via removable devices.

Autorun.inf itself is simply a text configuration file that tells Windows Operating System which executable to start automatically when a removable media is inserted. Malware authors are taking the benefit of this file to execute malicious code that could spread via your USB drives.

A simple autorun.inf file may look somewhat like this:

Continue reading

How to Select a Good Anti-Virus Product – Part I

What to expect when you are expecting?

 For most users, selecting an anti-virus product is like buying daily grocery items. There are many products on the shelf and you can always pick the other one depending upon the price and the attractive packaging. But this strategy is not helpful while selecting an anti-virus product. If you come under any of the following categories, you should read this article and the subsequent articles of this series:

  1. You don’t want to loose your data. Your data is your life.
  2. You don’t want to waste time on frequent formatting of your PC and re-installation of all the stuff again.
  3. You want to buy an anti-virus product that meets your requirements, and not of your neighbour or your friend.
  4. You want best possible protection for your PC.

Continue reading