All Feedback Is Good Feedback


Recommended Posts

Jun23

All feedback is good feedback

12:07 am (UTC-7) | by Robert McArdle (Senior Malware Researcher)

In our recently published white paper on Pushdo we noted that the malware used a certain string as part of its encryption routine.

Poshel-ka ti na hui drug aver

This string roughly translates to “Screw you my friend Aver” (well its actually a lot less polite than that, but you get the idea). We theorized that the word Aver could refer to a certain computer hardware reseller based in Moscow, but one of our peers at Kaspersky pointed out that this word could mean “AVer” (a slang term used mainly on english virus writing forums meaning AV researcher).

Doh!

This is not the first time that malware writers have left hidden message that are only revealed during reverse engineering. My personal favorite was from a sample of the WORM_RINBOT family which included a message for a fellow AV researcher, after he assigned the name RINBOT to the malware family instead of the criminal gangs prefered name:

Dear Symantec:

For years I have longed for just one thing,

to make malware with just the right sting,

you detected my creation and got my domains killed,

but I will not stop,

I can rebuild.

P.S. F*** you a**holes, especially Stephen Doherty who is the biggest f****t I know of.

details trendmicro - http://blog.trendmicro.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...