Does it have to be anything
Except a way of causing security experts to waist time looking for a none existent needle in a haystack.
Can YOU crack the Gauss uber-virus encryption?
Antivirus experts have called on cryptographers and other clever bods for help after admitting they are no closer to figuring out the main purpose of the newly discovered Gauss supervirus. While it's known that the complex malware features many information-stealing capabilities, with a specific focus on capturing website …
-
-
Tuesday 14th August 2012 15:32 GMT Dr. Vesselin Bontchev
Textbook clueless agent
From the description on Kaspersky's blog, this is a textbook implementation of Bruce Schneider's "clueless agents" idea [1]. Virus writers had discovered it on their own in the early DOS days, but the encryption used then was sloppy (essentially a trivial Vegenere variant) and easily breakable [2]. The people behinds the Gauss thingy were obviously pros and implemented it properly - as I predicted it would happen in a paper of mine presented at the RSA crypto conference in Tokyo in 2004. [3]
There is no hope breaking the code except by luck (i.e., the anti-virus researchers happen to stumble upon an infected system that contains the file names the virus is looking for) or by breaking the RC4 cypher, which isn't doable by amateurs (i.e., it requires the resources of a nation-state). That, or unexpected advances in cryptanalysis, discovering holes in the RC4 cypher - but I wouldn't bet on that happening any time soon, either.
[1] James Riordan and Bruce Schneider , "Environmental Key Generation Towards Clueless Agents," Mobile Agents and Security, Springer-Verlag, 1998, pp. 15-24.
[2] Dmitry Gryaznov , "Analyzing the Cheeba Virus," EICAR Conference, 1992, pp. 124-136.
[3] Dr. Vesselin Bontchev , "Cryptographic and Cryptanalytic Methods Used in Computer Viruses and Anti-Virus Software," RSA Conference, 2004.
-
Tuesday 14th August 2012 15:45 GMT Anonymous Coward
Re: Textbook clueless agent
There is no hope breaking the code except by luck (i.e., the anti-virus researchers happen to stumble upon an infected system that contains the file names the virus is looking for)
So why don't they improve on luck by creating a "Could It Be Me" web page and invite all those interested in this sort of thing to try their luck. The page could provide a mechanism for the user to check their own system for files with the required characteristics.
They may then hit on some good candidates for the decryption key.
-
Tuesday 14th August 2012 15:57 GMT Dr. Vesselin Bontchev
Re: Textbook clueless agent
Something like this has most probably been done already - a custom program that check's the user's file system for file names that would produce the correct hash, offered to the victims. This is exactly the first step Gryaznov took when trying to crack the Cheeba code - and it yielded nothing, so he used better means. Even if this succeeds, I would still classify it as "luck" and wouldn't rely on it.
-
-
Tuesday 14th August 2012 15:47 GMT Anonymous Coward
That Is Only True, If
"There is no hope breaking the code except by luck"
..thre creators of flame have not made an implementation mistake, such as encriphering two plaintexts with the same key (which they haven't according to the kaspersky webpage).
As you are a crypto expert, could the RC4 weakness of the first few bytes being strongly correlated to the key being used in this case ?
-
-
Tuesday 14th August 2012 16:59 GMT Anonymous Coward
Re: That Is Only True, If
It is a pleasure, sir. Genuinely.
And I second your argument. While RC4 does have some known weaknesses, none really apply to this particular style of implementation.
About the best chance possible right now is a Gauss@Home Project in which people donate processing power to a distributed brute-force attempt.
-
Tuesday 14th August 2012 18:21 GMT h4rm0ny
Re: That Is Only True, If
"About the best chance possible right now is a Gauss@Home Project in which people donate processing power to a distributed brute-force attempt."
Given the possible state involvement of this thing, and that breaking open the package might actually yield a clue to that, there could actually be a lot of interest from people in participating in such a project. How easy would it be to set up the software and system to try and brute-force this?
-
-
-
-
-
Tuesday 14th August 2012 19:22 GMT stanimir
Re: Textbook clueless agent
The very same. :-)
Wow, back in the day as as sub-teen kid reading the stories what kind of tricks [the ax=13h, int 21h (virus friendly interrupt)] viruses employed was so damn exciting. I bet I can still quote some phrases.
I wonder if any DOS virus actually preprogrammed 8259 PIC (in nowadays terms that would be the perfect keylogger)?
And no, I never wrote a virus myself.
-
-
-
Tuesday 14th August 2012 18:15 GMT h4rm0ny
Re: Textbook clueless agent
Presumably the encrypted parts must be unencrypted at some point to be of use. This is a genuine question. How possible is it to monitor this thing and see what they are when they are opened up? Presumably the keys to the package are stored elsewhere. Is it possible to run this thing in a VM under a variety of different circumstances that might trigger it to go get the keys and do whatever it is it's supposed to do, and see what the RAM contains at that point or else grab the keys as they are retrieved?
I wont be the first person who has ever thought of that so what stops it working?
-
This post has been deleted by its author
-
Wednesday 15th August 2012 15:35 GMT James Riordan
Re: Textbook clueless agent
That is true be we (I am the first author) suggested a number of fairly precise targeting mechanisms that would require knowledge of the intended execution environment (e.g. the secret is _which_ environment is targeted). The paper is available at
http://www.schneier.com/paper-clueless-agents.html
and I think it is pretty readable as crypto papers go.
-
-
-
Tuesday 14th August 2012 17:56 GMT Destroy All Monsters
Re: Hang on, I've read Digital Fortress!
I suppose the virus payloads have to be deposed in the pattern of a REGULAR PENTAGRAM around the AXIS OF EVIL, which currently (as per decree of our WISE OVERLORDS including BLACK POTUS, runs through TEHRAN with LEY LINES into DAMASCUS and possibly BEIJING) upon which the STARS WILL BE RIGHT and the simultaneous opening of the CRYPTO PAYLOAD will cause a STRANGE AEONS EVENT ushering in WORLD DOMINATION of the BLUE FORCES allied with the nethermost kraken of DREAMS.
I hope you have CASE NIGHTMARE GREEN one phonecall away.
-
-
-
This post has been deleted by its author
-
-
Tuesday 14th August 2012 16:29 GMT Neil 44
Debugger time?
Don't they have a debugger that they can run the virus under until it has unencrypted itself - then they should be able to see what it is looking for (and satisfy its search so they can see what it does when it finds what it is looking for!)
Mine's the one with the assembler card in the pocket...
-
Tuesday 14th August 2012 18:31 GMT Destroy All Monsters
What the hell do I have the pleasure of reading?
> the so-called Duqu Framework was developed using plain old Object-Oriented C
Well, "plain old Object-Oriented C" does not really exist because it's not a common way of doing things, is it?
The last I heard was the Duqu framework was written in something extremely similar to SOOC and that SOOC was open-sourced after parties unknown (*cough*) developed Duqu. I don't know whether anyone followed up on this bizarre reverse causality. Maybe someone did and has "fallen off a balcony" or something.
-
Tuesday 14th August 2012 19:10 GMT Martin 50
more info please
Can someone explain for interested armchair spectators: what exactly is used as the key? (e.g. what different filenames is it trying, everything in a particular folder perhaps, everything longer than a certain length), and how does the program know it has succeeded? (I assume it doesn't continually attempt to execute gibberish, is it testing for a short string?).
I'm surprised Vesselin (that name rings a dim bell for me too) wrote off a website check; i mean, I bet plenty of people looked at the javascript generated message on Securelist's page that told them they weren't infected; if the extra check for the payload conditions could be included in the javascript then that sounds like a better option than waiting for a nation state or botnet owner to take interest.
PS Installing a new font is strange, any theorys?
-
Tuesday 14th August 2012 20:59 GMT Jonathan Richards 1
Re: more info please
Jeez, mate!
El Reg wrote in TFA: More details and a technical description of the problem are available in a blog post here.
That's a clue for you to move your mouse cursor to the pretty blue underlined word 'here' and click the left mouse button. Or the right button if you've got it set up for left-handers. If you're reading with lynx, ignore the mouse. Use cursor keys to move the cursor before the word 'here', and press Enter. That should set you on the path!
-
Tuesday 14th August 2012 23:19 GMT Dr. Vesselin Bontchev
Re: more info please
Oh, and BTW, you can't look for the file name with a Web page. Web pages aren't allowed to access the files on your machine - and for very good reasons. It has to be either an ActiveX object or some other program that you download and run explicitly. A Web page can make the process easier, but the whole thing can't just be done in-page with a few lines of JavaScript, for security reasons.
-
Tuesday 14th August 2012 23:19 GMT Dr. Vesselin Bontchev
Re: more info please
You really should read the explanation and description of the algorithm on Kaspersky's blog (referenced near the end of the ElReg article). It can't be explained simpler than that, sorry.
The virus knows that it has found the right file because the cryptographic hash of the file name matches a value hard-coded in the virus. But since crypto hashes are not reversible, we can't know what the file name is just by knowing the hash. And when the right name is found, the virus uses a DIFFERENT crypto hash of it as a decryption key. So, we can't find the key without finding the file name.
It is like this. Suppose that a secret agent has been given a locked case with instructions what to do. He doesn't have a key to the case, and doesn't know where to find it, but he's given a pretty good description of the key. So, he wanders around aimlessly, looking for the key. You have captured the agent and have interrogated him. He has told you everything he knows - but he can't tell you what he doesn't know. He's clueless regarding his secret instructions. So, you have two choices. Either start wandering aimlessly around, looking for the key by its description (which the agent has told you), or try to break the locked case, which is very hard to do.
-
Wednesday 15th August 2012 00:05 GMT Anonymous Coward
@Dr. Vesselin Bontchev - Re: more info please
You seem to be saying that there is no point looking for the right filename as it is just a matter of luck, and also that there is no point trying to crack the encryption.
That seems to exhaust the possibilities of a direct approach, so what, then, do you suggest?
-
Wednesday 15th August 2012 08:19 GMT Vic
Re: more info please
> The virus knows that it has found the right file because the cryptographic hash of
> the file name matches a value hard-coded in the virus
OK, I've not read the blog post, so this might be a somewhat misguided comment, but is this the sort of thing that could be crowdsourced?
If we've got the hash - and that's the bit I've not checked - it would be entirely possible to write a hash-checker, to test each file in the system against that hash and report any matyches. Distribute that program - with source, to satisfy us paranoid types - and see who reports matches, and against what...
It's a targetted brute-force attack; we can be reasonably sure that the hash will match a file on someone's computer.
Vic.
-
Wednesday 15th August 2012 12:55 GMT stanimir
Re: more info please (file name)
@Vic
The AV company did try millions of file names they have in their database. The filename needs special character (basically anything non asci, except '~') in the path, it is likely to be targeting non English speaking country, hence greatly shrinking the available crowd.
However there is an easy way to protect from the virus - just all files have to have ASCI names (no ~, though) --- even w/o running the hashcode checker.
-
Wednesday 15th August 2012 13:15 GMT Vic
Re: more info please (file name)
> The filename needs special character (basically anything non asci, except '~') in the path
Yes, that's why I suggested crowd-sourcing it. That gives you a much higher probability of having the target file on your system than doing the test in a single locale...
> it is likely to be targeting non English speaking country
Indeed. It would make sense to look for it in that sort of locale, then, wouldn't it?
Vic.
-
-
-
-
-
Wednesday 15th August 2012 02:46 GMT Frumious Bandersnatch
re: Sounds like a fairly standard Kuang Grade Mk 11 penetration program.
Heh. I had to smile reading that, given that Mr. Bontchev has been posting responses here atm. I'm thinking, of course, of his paper "Possible Virus Attacks Against Integrity Programs and How to Prevent Them":
http://www.people.frisk-software.com/~bontchev/papers/attacks.html (search for "Kuang").
As for the concept of multi-partite, oblivious agent-style viruses... super interesting. Even though the concept is very old, there are lots of fairly new techniques that could be applied. Chaffing and Winnowing (perhaps together with an all-or-nothing transform, and/or time-dependent hashing algorithms or cryptographic time servers) looks like one way of approaching it. Secret sharing schemes (Shamir, Rabin) with cryptographic accumulators (to validate a collection of parts as constituting a whole) is another. Then there's homomorphic encryption combined with polymorphic engines, but I don't think that's practical yet, despite recent advances.
It is very interesting to consider how a swarm of agents can combine to become greater than the sum of their parts and survive as a collection even when individual components are being teased apart and eradicated. Mathematically and architecturally, at least. It's equally important to remember, though, that these "perfect" (in some senses of the word) systems are being controlled by external agents, increasingly for nefarious purposes, as opposed to latter-day virus writers who did it purely for the technical challenge. That, in my opinion, is the weakest point. Sure, it would be nice to crack the key in this case, but wouldn't it be even nicer if we could trace the swarm back to its controllers?
-
This topic is closed for new posts.
Biting the hand that feeds IT
