Even though malware, ransomware, and other types of malicious software continue to pose a significant threat to consumers and enterprises worldwide, not all of these “projects” are successful. In most cases, this is due to sloppy work by the developers who aim to wreak havoc with their malicious code. In fact, most of these issues revolve around a lackluster understanding of cryptography.
Do not be mistaken in thinking this is a digital way to hex someone or put a curse on them. Voodoo programming is a term used to illustrate a troublesome misunderstanding of cryptographic technology. One such example is the Zeus malware, which used a badly-coded command and control communication method. Even though command and control communication is still present in most forms of malware, things have significantly improved over time.
For the Zeus malware, its developers used the RC4 stream cipher as a base and decided to improve upon it. By XORing each byte with the next to produce final ciphertext, the developers thought they were doing the right thing. Unfortunately for them, this did nothing to improve traffic security. While this has no negative consequences, it illustrated the lack of understanding related to RC4.
Malware developers are always trying to showcase their skills, and one-up their competitors. Solving programming issues by improving can lead to great results, but it can also backfire. The late Nuclear Exploit Kit fell victim to badly executed improvisation by its developers. Using the Diffie-Hellman Key Exchange to encrypt information was a good idea, yet setting the secret key to “0” resulted in not having effective encryption whatsoever.
Some types of malware show a great deal of bark, yet come with little bite. Nemucod, a well-known Trojan, made some headlines because it could transform into ransomware. However, the toolkit lied to its victims by stating the files were encrypted with RSA-1024. A rather odd statement from a type of malware that was incapable of encrypting files at the time.
Moreover, Nemucod did nothing more than alter file extensions, rather than holding them hostage in exchange for a Bitcoin payment. On the few occasions files got locked, they were not encrypted with RSA-1024 either. Instead, the developers used a simple rotation XOR cipher. To the average computer users, it is impossible to tell the difference. Security researchers, however, quickly cracked Nemucod and eliminated the threat.
Although many people expect great things from malware developer, some of these criminals are lazy. Using code found online can provide valuable insights as to how the malware should behave. Copying and pasting this code into a new malware toolkit is sheer laziness. CryptoDefense is a prime example of this behavior, as it was a near 1:1 clone of CryptoLocker. One major difference was the implementation of the low-level cryptographic API offered by Windows OS. Unfortunately, the developers nearly copied this code piece by piece, rendering the ransomware ineffective. After all, any victim could decrypt their files without paying any money.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
Something just shifted again on the Bitcoin network, and it’s one of those things miners…
Something interesting is quietly happening in the market again, and it’s coming from a name…
At a glance, XRP’s price hasn’t done much lately. It’s been moving sideways, not giving…
At the latest “SEC Speaks in 2026” event, the U.S. Securities and Exchange Commission made…
Morgan Stanley is edging further into the crypto space after filing a second amended S-1…
Ethereum co-founder Vitalik Buterin is once again stirring conversation across the crypto space, this time…