http://www.f-secure.com/weblog/archives/00002406.html?tw_p=twt


http://www.f-secure.com/weblog/archives/GaussTrafficEncryption_ACDC.png

[ROFL1]

Yeah, I don't understand any of that.

Children of stuxnet. A little metal for the mullahs [Beer]

Sorry Sharpie... sometimes I forget.

Background
http://www.f-secure.com/weblog/archives/00002403.html

so with Gauss, they Xored the shell with the Hex 0xACDC

To break it down even more simply ... XOR is a computer operation that stands for Exclusive OR. When you XOR two numbers or signatures, each bit (0=FALSE, 1=TRUE) is the product of the relative bits of the two inputs.

For example:

0 XOR 0 = 0 but 1 XOR 0 = 1
00 XOR 01 = 01

Now, to make things shorter, we like to compress binary stuff like 0101101011110111 into hexadecimal which is 0-9 plus A=10, B=11, C=12, D=13, E=14, F=15 so now we have a numeric system based on the number 16. In hex (traditional denoted 0x), each decimal place represents 16 (versus 10 in traditional decimal).
0101 = 5, 1010 = 10 decimal = A in hex, 1111 = 15 decimal = F in hex, 0111 = 7
so the number above is now 0x5AF7.

Byte Stryke is saying they encrypted the shell with the hex signature 0xACDC so every 64 bits of the shell program is XORed with 1010110011011100.

NERDS!

Definitly over my head.

Definitly over my head.


they hid the virus behind a "math problem" and they "key" was ACDC
the virus would play AC/DCs "thunderstruck" on some computers at a predetermined time...

among other things

To break it down even more simply ... XOR is a computer operation that stands for Exclusive OR. When you XOR two numbers or signatures, each bit (0=FALSE, 1=TRUE) is the product of the relative bits of the two inputs.

For example:

0 XOR 0 = 0 but 1 XOR 0 = 1
00 XOR 01 = 01

Now, to make things shorter, we like to compress binary stuff like 0101101011110111 into hexadecimal which is 0-9 plus A=10, B=11, C=12, D=13, E=14, F=15 so now we have a numeric system based on the number 16. In hex (traditional denoted 0x), each decimal place represents 16 (versus 10 in traditional decimal).
0101 = 5, 1010 = 10 decimal = A in hex, 1111 = 15 decimal = F in hex, 0111 = 7
so the number above is now 0x5AF7.

Byte Stryke is saying they encrypted the shell with the hex signature 0xACDC so every 64 bits of the shell program is XORed with 1010110011011100.

Oh. Well, that's MUCH more clear. Thanks.

[Bang]

This all sounds like the gibberish I'm listening to the villains spew in Live Free or Die Hard right now...

To break it down even more simply ... XOR is a computer operation that stands for Exclusive OR. When you XOR two numbers or signatures, each bit (0=FALSE, 1=TRUE) is the product of the relative bits of the two inputs.

For example:

0 XOR 0 = 0 but 1 XOR 0 = 1
00 XOR 01 = 01

Now, to make things shorter, we like to compress binary stuff like 0101101011110111 into hexadecimal which is 0-9 plus A=10, B=11, C=12, D=13, E=14, F=15 so now we have a numeric system based on the number 16. In hex (traditional denoted 0x), each decimal place represents 16 (versus 10 in traditional decimal).
0101 = 5, 1010 = 10 decimal = A in hex, 1111 = 15 decimal = F in hex, 0111 = 7
so the number above is now 0x5AF7.

Byte Stryke is saying they encrypted the shell with the hex signature 0xACDC so every 64 bits of the shell program is XORed with 1010110011011100.

Now that you broke it down into simple terms it's freakin' hilarious! Seriously...I can't stop laughing.

:confused:

I get it the band... right?

i can barely program in visual basic

If this was in HTML I'd probably get it...

I used to use 0xDEADBEEF as a condition flag. Nerd enough to join the club?

I used to use 0xDEADBEEF as a condition flag. Nerd enough to join the club?


Yes.


Im not sharing jokes from now on...

I feel like I'm in a conversation with my brother and I'm definitely going to need a drink to carry on...

Yes.


Im not sharing jokes from now on...

Oh. So there's a positive outcome to this?

[Coffee]

:P Okay, they hit them with a program that randomly played songs by AC/DC then they encrypted the next version with a code based on ACDC. Is that plain enough to still be funny? :p

If it has to be explained 4 or 5 times...it really isn't that funny. Unless you're "in the know", I guess.