Peaches Posted June 23, 2009 Report Share Posted June 23, 2009 Jun23All feedback is good feedback12:07 am (UTC-7) | by Robert McArdle (Senior Malware Researcher) In our recently published white paper on Pushdo we noted that the malware used a certain string as part of its encryption routine.Poshel-ka ti na hui drug averThis string roughly translates to “Screw you my friend Aver” (well its actually a lot less polite than that, but you get the idea). We theorized that the word Aver could refer to a certain computer hardware reseller based in Moscow, but one of our peers at Kaspersky pointed out that this word could mean “AVer” (a slang term used mainly on english virus writing forums meaning AV researcher).Doh!This is not the first time that malware writers have left hidden message that are only revealed during reverse engineering. My personal favorite was from a sample of the WORM_RINBOT family which included a message for a fellow AV researcher, after he assigned the name RINBOT to the malware family instead of the criminal gangs prefered name:Dear Symantec:For years I have longed for just one thing,to make malware with just the right sting,you detected my creation and got my domains killed,but I will not stop,I can rebuild.P.S. F*** you a**holes, especially Stephen Doherty who is the biggest f****t I know of.details trendmicro - http://blog.trendmicro.com/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.