Top 4 Malware Fails

Even though malware, ransomware, and other types of malicious software continue to pose a significant threat to consumers and enterprises worldwide, not all of these “projects” are successful. In most cases, this is due to sloppy work by the developers who aim to wreak havoc with their malicious code. In fact, most of these issues revolve around a lackluster understanding of cryptography.

#4 Voodoo Programming

Do not be mistaken in thinking this is a digital way to hex someone or put a curse on them. Voodoo programming is a term used to illustrate a troublesome misunderstanding of cryptographic technology. One such example is the Zeus malware, which used a badly-coded command and control communication method. Even though command and control communication is still present in most forms of malware, things have significantly improved over time.

For the Zeus malware, its developers used the RC4 stream cipher as a base and decided to improve upon it. By XORing each byte with the next to produce final ciphertext, the developers thought they were doing the right thing. Unfortunately for them, this did nothing to improve traffic security. While this has no negative consequences, it illustrated the lack of understanding related to RC4.

#3 Malware Improvisation Is A Bad Idea

Malware developers are always trying to showcase their skills, and one-up their competitors. Solving programming issues by improving can lead to great results, but it can also backfire. The late Nuclear Exploit Kit fell victim to badly executed improvisation by its developers. Using the Diffie-Hellman Key Exchange to encrypt information was a good idea, yet setting the secret key to “0” resulted in not having effective encryption whatsoever.




#2 Malware Is Not A Poker Game Bluff

Some types of malware show a great deal of bark, yet come with little bite. Nemucod, a well-known Trojan, made some headlines because it could transform into ransomware. However,  the toolkit lied to its victims by stating the files were encrypted with RSA-1024. A rather odd statement from a type of malware that was incapable of encrypting files at the time.

Moreover, Nemucod did nothing more than alter file extensions, rather than holding them hostage in exchange for a Bitcoin payment. On the few occasions files got locked, they were not encrypted with RSA-1024 either. Instead, the developers used a simple rotation XOR cipher. To the average computer users, it is impossible to tell the difference. Security researchers, however, quickly cracked Nemucod and eliminated the threat.

#1 Copy And Paste Is Sloppy

Although many people expect great things from malware developer, some of these criminals are lazy. Using code found online can provide valuable insights as to how the malware should behave. Copying and pasting this code into a new malware toolkit is sheer laziness. CryptoDefense is a prime example of this behavior, as it was a near 1:1 clone of CryptoLocker. One major difference was the implementation of the low-level cryptographic API offered by Windows OS. Unfortunately, the developers nearly copied this code piece by piece, rendering the ransomware ineffective. After all, any victim could decrypt their files without paying any money.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.