[cryptography] Is there a cryptanalyst in the house?
marsh at extendedsubset.com
Wed Jun 29 22:50:40 EDT 2011
There's a new and improved botnet around that's got the tech press all
> The ‘indestructible’ botnet Encrypted network connections
> One of the key changes in TDL-4 compared to previous versions is an
> updated algorithm encrypting the protocol used for communication
> between infected computers and botnet command and control servers.
> The cybercriminals replaced RC4 with their own encryption algorithm
> using XOR swaps and operations.
I think we can predict how this will end...maybe?
It's a curious phrase "using XOR swaps and operations", like something
has been left out. Was it "XOR, swaps, and AND operations" fixed by an
overzealous word processor? It could mean "swaps implemented with XOR
and other XOR operations" (a big difference). Or it could be something
redacted (like parts of some images in the article).
Perhaps its a more established algorithm that these researchers didn't
In any case, if anyone is looking for an analysis project you might see
what you could do with it. A successful break of this algorithm could
earn you a hearty 'thank you' from 4.5 million infected PC owners.
Perhaps we could collaborate on the list.
I don't have a code sample right now but I could ask around. Shouldn't
be too hard to find with that many copies around.
More information about the cryptography