There's a new and improved botnet around that's got the tech press all
a-flutter.
http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot :
The ‘indestructible’ botnet Encrypted network connections
One of the key changes in TDL-4 compared to previous versions is an
updated algorithm encrypting the protocol used for communication
between infected computers and botnet command and control servers.
The cybercriminals replaced RC4 with their own encryption algorithm
using XOR swaps and operations.
I think we can predict how this will end...maybe?
It's a curious phrase "using XOR swaps and operations", like something
has been left out. Was it "XOR, swaps, and AND operations" fixed by an
overzealous word processor? It could mean "swaps implemented with XOR
and other XOR operations" (a big difference). Or it could be something
redacted (like parts of some images in the article).
Perhaps its a more established algorithm that these researchers didn't
recognize.
In any case, if anyone is looking for an analysis project you might see
what you could do with it. A successful break of this algorithm could
earn you a hearty 'thank you' from 4.5 million infected PC owners.
Perhaps we could collaborate on the list.
I don't have a code sample right now but I could ask around. Shouldn't
be too hard to find with that many copies around.
- Marsh
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
