KasperskKaspersky is asking for help?

The Mystery of Gauss : Kaspersky needs help Decrypting Gauss Malware

Posted by EHN Reporter on Wednesday, August 15, 2012 | 0 comments 

       

Researchers at Kaspersky Lab are asking the public for help in cracking encryption of the recently discovered malware Gauss.

“Perhaps the most interesting mystery is Gauss’ encrypted warhead. Gauss contains a module named ‘Godel’ that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it. Despite our best efforts, we were unable to break the encryption. ” Securelist blog post reads.

“So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.”

The payload is delivered to machines via an infected USB stick that uses the .lnk exploit to execute the malicious activity. In addition to the encrypted payload, infected USB sticks deliver two other files that also contain encrypted sections that Kaspersky has been unable to crack.

 
“The code that decrypts the sections is very complex compared to any regular routine we usually find in malware,” Kaspersky writes. Kaspersky believes one of these sections may contain data that helps crack the payload.If you are a world class cryptographer or if you can help kaspersky with decrypting them, you can contact Kaspersky by e-mail: theflame@kaspersky.com.
Advertisements

Author: SK,Seo

Me! Name: SK Seo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s