Feeds

back to article Can YOU crack the Gauss uber-virus encryption?

Antivirus experts have called on cryptographers and other clever bods for help after admitting they are no closer to figuring out the main purpose of the newly discovered Gauss supervirus. While it's known that the complex malware features many information-stealing capabilities, with a specific focus on capturing website …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Does it have to be anything

Except a way of causing security experts to waist time looking for a none existent needle in a haystack.

0
3
Anonymous Coward

I can, I wrote it.

0
1
Silver badge
Coat

erm - NO

unless it uses a $ for an S, 0 for an O

*the one with P4$$w0rd5 f0r B3g1nn3r$ in the inside hidden pocket

0
0
Boffin

Textbook clueless agent

From the description on Kaspersky's blog, this is a textbook implementation of Bruce Schneider's "clueless agents" idea [1]. Virus writers had discovered it on their own in the early DOS days, but the encryption used then was sloppy (essentially a trivial Vegenere variant) and easily breakable [2]. The people behinds the Gauss thingy were obviously pros and implemented it properly - as I predicted it would happen in a paper of mine presented at the RSA crypto conference in Tokyo in 2004. [3]

There is no hope breaking the code except by luck (i.e., the anti-virus researchers happen to stumble upon an infected system that contains the file names the virus is looking for) or by breaking the RC4 cypher, which isn't doable by amateurs (i.e., it requires the resources of a nation-state). That, or unexpected advances in cryptanalysis, discovering holes in the RC4 cypher - but I wouldn't bet on that happening any time soon, either.

[1] James Riordan and Bruce Schneider , "Environmental Key Generation Towards Clueless Agents," Mobile Agents and Security, Springer-Verlag, 1998, pp. 15-24.

[2] Dmitry Gryaznov , "Analyzing the Cheeba Virus," EICAR Conference, 1992, pp. 124-136.

[3] Dr. Vesselin Bontchev , "Cryptographic and Cryptanalytic Methods Used in Computer Viruses and Anti-Virus Software," RSA Conference, 2004.

17
1
Silver badge

Re: Textbook clueless agent

If they do manage to break it (which you deem unlikey and I agree) won't the folks with the soppiest brown trowsers be the NSA/CIA/FSB/MOSSAD/MI-x because it may point to a gaping crack in other encryption methods?

1
1
Silver badge

Re: Textbook clueless agent

There is no hope breaking the code except by luck (i.e., the anti-virus researchers happen to stumble upon an infected system that contains the file names the virus is looking for)

So why don't they improve on luck by creating a "Could It Be Me" web page and invite all those interested in this sort of thing to try their luck. The page could provide a mechanism for the user to check their own system for files with the required characteristics.

They may then hit on some good candidates for the decryption key.

0
0
Stop

That Is Only True, If

"There is no hope breaking the code except by luck"

..thre creators of flame have not made an implementation mistake, such as encriphering two plaintexts with the same key (which they haven't according to the kaspersky webpage).

As you are a crypto expert, could the RC4 weakness of the first few bytes being strongly correlated to the key being used in this case ?

0
3

Re: Textbook clueless agent

The same Vesselin Bontchev who used to fight DOS viruses like v512 and the likes?

0
0
Boffin

Re: Textbook clueless agent

Something like this has most probably been done already - a custom program that check's the user's file system for file names that would produce the correct hash, offered to the victims. This is exactly the first step Gryaznov took when trying to crack the Cheeba code - and it yielded nothing, so he used better means. Even if this succeeds, I would still classify it as "luck" and wouldn't rely on it.

0
2
Boffin

Re: That Is Only True, If

If RC4 had such a weakness, it would be considered a "toy" cipher, not a real one. :-)

I am not a crypto expert, BTW. I'm a computer virus expert. Crypto is just a hobby of mine and I'm nothing but an informed amateur there.

2
1
Stop

I DO think RC4 has a weakness

See : http://en.wikipedia.org/wiki/RC4#Security

The standard approach to mitigate that is to throw away the first 3K of RC4 keystream.

1
3
Boffin

Re: Textbook clueless agent

The very same. :-) It's nice that someone still remembers a dinosaur like me.

5
0
Stop

Re: Textbook clueless agent

Never use "brown trousers" and "gaping crack" in the same sentence every again you hear?

12
0
Anonymous Coward

Re: That Is Only True, If

It is a pleasure, sir. Genuinely.

And I second your argument. While RC4 does have some known weaknesses, none really apply to this particular style of implementation.

About the best chance possible right now is a Gauss@Home Project in which people donate processing power to a distributed brute-force attempt.

3
0
Silver badge

Re: Textbook clueless agent

Presumably the encrypted parts must be unencrypted at some point to be of use. This is a genuine question. How possible is it to monitor this thing and see what they are when they are opened up? Presumably the keys to the package are stored elsewhere. Is it possible to run this thing in a VM under a variety of different circumstances that might trigger it to go get the keys and do whatever it is it's supposed to do, and see what the RAM contains at that point or else grab the keys as they are retrieved?

I wont be the first person who has ever thought of that so what stops it working?

2
1
Silver badge

Re: That Is Only True, If

"About the best chance possible right now is a Gauss@Home Project in which people donate processing power to a distributed brute-force attempt."

Given the possible state involvement of this thing, and that breaking open the package might actually yield a clue to that, there could actually be a lot of interest from people in participating in such a project. How easy would it be to set up the software and system to try and brute-force this?

0
0

Re: Textbook clueless agent

The very same. :-)

Wow, back in the day as as sub-teen kid reading the stories what kind of tricks [the ax=13h, int 21h (virus friendly interrupt)] viruses employed was so damn exciting. I bet I can still quote some phrases.

I wonder if any DOS virus actually preprogrammed 8259 PIC (in nowadays terms that would be the perfect keylogger)?

And no, I never wrote a virus myself.

0
0

This post has been deleted by its author

Re: Textbook clueless agent

That is true be we (I am the first author) suggested a number of fairly precise targeting mechanisms that would require knowledge of the intended execution environment (e.g. the secret is _which_ environment is targeted). The paper is available at

http://www.schneier.com/paper-clueless-agents.html

and I think it is pretty readable as crypto papers go.

1
0

Hang on, I've read Digital Fortress!

It's designed to break out and infect the computer of anyone smart enough to decrypt it!

Dan Brown said it, so it must be true.

1
0
Silver badge
Black Helicopters

Re: Hang on, I've read Digital Fortress!

I suppose the virus payloads have to be deposed in the pattern of a REGULAR PENTAGRAM around the AXIS OF EVIL, which currently (as per decree of our WISE OVERLORDS including BLACK POTUS, runs through TEHRAN with LEY LINES into DAMASCUS and possibly BEIJING) upon which the STARS WILL BE RIGHT and the simultaneous opening of the CRYPTO PAYLOAD will cause a STRANGE AEONS EVENT ushering in WORLD DOMINATION of the BLUE FORCES allied with the nethermost kraken of DREAMS.

I hope you have CASE NIGHTMARE GREEN one phonecall away.

5
0
Gold badge

Re: Hang on, I've read Digital Fortress!

Is that you, Am man From Mars? :)

1
0

Re: Hang on, I've read Digital Fortress!

BASHFUL INCENDIARY ? is That you ?

0
0
Silver badge

Re: AMFM?

Can't be -- capitalisation is wrong and it reads as more of a rant.

AMFM gives us something to puzzle over - usually it's pretty good when deciphered.

0
0

This post has been deleted by its author

Re: AMFM?

CASE NIGHTMARE GREEN - from Charles Stross' Laundry Series of books . Lovecraftian Spy Trillers

0
0

Oh my goodness

How the heck did I not spot that instantly. Senile at 23 apparently.

0
0
Headmaster

El Reg encrypted thus:

"The general concuss among security experts is that Gauss"

that I decrypted thus:

"The general consensus among security experts is that Gauss"

2
0
Facepalm

I read the two sentences, didn't see a difference.

I read them again, because your post made no sense to me, I mean what were you talking about, those two sentences are the same.

But wait, they're not the same length, SOMETHING is going on! Only caught it on the 3rd pass, comparing word for word visually :(

2
1

3rd pass, comparing word for word visually :(

...that hurts indeed.

0
0
Silver badge
Joke

diyf

> Only caught it on the 3rd pass, comparing word for word visually :(

diff is your friend

0
0

general concuss

I think they mean they are all banging their heads against a wall with this.

2
0

Re: diyf

After scanning through reams of code looking for differences, I use the good old method of looking for where the spaces don't line up.

1
0
Coat

Debugger time?

Don't they have a debugger that they can run the virus under until it has unencrypted itself - then they should be able to see what it is looking for (and satisfy its search so they can see what it does when it finds what it is looking for!)

Mine's the one with the assembler card in the pocket...

0
1
Black Helicopters

Re: Debugger time?

The problem is the decryption routine needs the unknown filename as a key, so they can't run it in a debugger until they know the filename. Once they know the filename, it's easy (unless the Gauss writers put some traps in)...

0
0

Re: Debugger time?

Detecting, in an obfuscated way, a debugger in use is very easy.

You'd just change code path and mislead the cracker. You then do something in retaliation at a later time.

1
0
Silver badge
Holmes

What the hell do I have the pleasure of reading?

> the so-called Duqu Framework was developed using plain old Object-Oriented C

Well, "plain old Object-Oriented C" does not really exist because it's not a common way of doing things, is it?

The last I heard was the Duqu framework was written in something extremely similar to SOOC and that SOOC was open-sourced after parties unknown (*cough*) developed Duqu. I don't know whether anyone followed up on this bizarre reverse causality. Maybe someone did and has "fallen off a balcony" or something.

2
0
Windows

more info please

Can someone explain for interested armchair spectators: what exactly is used as the key? (e.g. what different filenames is it trying, everything in a particular folder perhaps, everything longer than a certain length), and how does the program know it has succeeded? (I assume it doesn't continually attempt to execute gibberish, is it testing for a short string?).

I'm surprised Vesselin (that name rings a dim bell for me too) wrote off a website check; i mean, I bet plenty of people looked at the javascript generated message on Securelist's page that told them they weren't infected; if the extra check for the payload conditions could be included in the javascript then that sounds like a better option than waiting for a nation state or botnet owner to take interest.

PS Installing a new font is strange, any theorys?

0
1
Bronze badge
FAIL

Re: more info please

Jeez, mate!

El Reg wrote in TFA: More details and a technical description of the problem are available in a blog post here.

That's a clue for you to move your mouse cursor to the pretty blue underlined word 'here' and click the left mouse button. Or the right button if you've got it set up for left-handers. If you're reading with lynx, ignore the mouse. Use cursor keys to move the cursor before the word 'here', and press Enter. That should set you on the path!

1
1
Boffin

Re: more info please

Oh, and BTW, you can't look for the file name with a Web page. Web pages aren't allowed to access the files on your machine - and for very good reasons. It has to be either an ActiveX object or some other program that you download and run explicitly. A Web page can make the process easier, but the whole thing can't just be done in-page with a few lines of JavaScript, for security reasons.

0
0
Boffin

Re: more info please

You really should read the explanation and description of the algorithm on Kaspersky's blog (referenced near the end of the ElReg article). It can't be explained simpler than that, sorry.

The virus knows that it has found the right file because the cryptographic hash of the file name matches a value hard-coded in the virus. But since crypto hashes are not reversible, we can't know what the file name is just by knowing the hash. And when the right name is found, the virus uses a DIFFERENT crypto hash of it as a decryption key. So, we can't find the key without finding the file name.

It is like this. Suppose that a secret agent has been given a locked case with instructions what to do. He doesn't have a key to the case, and doesn't know where to find it, but he's given a pretty good description of the key. So, he wanders around aimlessly, looking for the key. You have captured the agent and have interrogated him. He has told you everything he knows - but he can't tell you what he doesn't know. He's clueless regarding his secret instructions. So, you have two choices. Either start wandering aimlessly around, looking for the key by its description (which the agent has told you), or try to break the locked case, which is very hard to do.

3
0
Silver badge

@Dr. Vesselin Bontchev - Re: more info please

You seem to be saying that there is no point looking for the right filename as it is just a matter of luck, and also that there is no point trying to crack the encryption.

That seems to exhaust the possibilities of a direct approach, so what, then, do you suggest?

0
0
Vic
Silver badge

Re: more info please

> The virus knows that it has found the right file because the cryptographic hash of

> the file name matches a value hard-coded in the virus

OK, I've not read the blog post, so this might be a somewhat misguided comment, but is this the sort of thing that could be crowdsourced?

If we've got the hash - and that's the bit I've not checked - it would be entirely possible to write a hash-checker, to test each file in the system against that hash and report any matyches. Distribute that program - with source, to satisfy us paranoid types - and see who reports matches, and against what...

It's a targetted brute-force attack; we can be reasonably sure that the hash will match a file on someone's computer.

Vic.

1
0
Alien

Re: more info please

Browser 'fingerprint'.

https://panopticlick.eff.org

0
0

Re: more info please

This read like the Batman line about the accountant trying to blackmail the richest man in the world who goes out and night and kicks the shit out of bad guys.

I would be very wary of having anything to do with this software, let alone putting it near my PC.

0
0

Re: more info please (file name)

@Vic

The AV company did try millions of file names they have in their database. The filename needs special character (basically anything non asci, except '~') in the path, it is likely to be targeting non English speaking country, hence greatly shrinking the available crowd.

However there is an easy way to protect from the virus - just all files have to have ASCI names (no ~, though) --- even w/o running the hashcode checker.

0
0
Vic
Silver badge

Re: more info please (file name)

> The filename needs special character (basically anything non asci, except '~') in the path

Yes, that's why I suggested crowd-sourcing it. That gives you a much higher probability of having the target file on your system than doing the test in a single locale...

> it is likely to be targeting non English speaking country

Indeed. It would make sense to look for it in that sort of locale, then, wouldn't it?

Vic.

0
0
Silver badge

Isn't it obvious?

Skynet is ready to reach singularity, and is looking for the final software modules it needs.

2
0
Trollface

Sounds like a fairly standard Kuang Grade Mk 11 penetration program.

3
0
Bronze badge

re: Sounds like a fairly standard Kuang Grade Mk 11 penetration program.

Heh. I had to smile reading that, given that Mr. Bontchev has been posting responses here atm. I'm thinking, of course, of his paper "Possible Virus Attacks Against Integrity Programs and How to Prevent Them":

http://www.people.frisk-software.com/~bontchev/papers/attacks.html (search for "Kuang").

As for the concept of multi-partite, oblivious agent-style viruses... super interesting. Even though the concept is very old, there are lots of fairly new techniques that could be applied. Chaffing and Winnowing (perhaps together with an all-or-nothing transform, and/or time-dependent hashing algorithms or cryptographic time servers) looks like one way of approaching it. Secret sharing schemes (Shamir, Rabin) with cryptographic accumulators (to validate a collection of parts as constituting a whole) is another. Then there's homomorphic encryption combined with polymorphic engines, but I don't think that's practical yet, despite recent advances.

It is very interesting to consider how a swarm of agents can combine to become greater than the sum of their parts and survive as a collection even when individual components are being teased apart and eradicated. Mathematically and architecturally, at least. It's equally important to remember, though, that these "perfect" (in some senses of the word) systems are being controlled by external agents, increasingly for nefarious purposes, as opposed to latter-day virus writers who did it purely for the technical challenge. That, in my opinion, is the weakest point. Sure, it would be nice to crack the key in this case, but wouldn't it be even nicer if we could trace the swarm back to its controllers?

0
0

Page:

This topic is closed for new posts.