Researchers at Kaspersky Lab are asking the public for help in cracking encryption of the recently discovered malware Gauss.
"Perhaps the most interesting mystery is Gauss’ encrypted warhead. Gauss contains a module named 'Godel' that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it. Despite our best efforts, we were unable to break the encryption. " Securelist blog post reads.
"So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload."
The payload is delivered to machines via an infected USB stick that uses the .lnk exploit to execute the malicious activity. In addition to the encrypted payload, infected USB sticks deliver two other files that also contain encrypted sections that Kaspersky has been unable to crack.
“The code that decrypts the sections is very complex compared to any regular routine we usually find in malware,” Kaspersky writes. Kaspersky believes one of these sections may contain data that helps crack the payload.
If you are a world class cryptographer or if you can help kaspersky with decrypting them, you can contact Kaspersky by e-mail: theflame@kaspersky.com.
