For New Trojan, It’s All About Go

Tuesday, September 25, 2012 @ 04:09 PM gHale

Google’s Go is now seeing use as a programming language for malware.

The Encriyoko Trojan uses components written in Go, a compiled language developed by the search giant and unveiled in 2009.

RELATED STORIES
Browser Exploits, Mobile Devices Top Threats
Conficker Hits Prison System
Popular Malware for July
New Trojans Covering Tracks

Once installed on a Microsoft Windows PC, the Trojan attempts to use the Blowfish algorithm to encrypt all files matching various criteria including particular document types and a range of file sizes. The key used to encrypt the data either pulls from a particular file on the D: drive or ends up randomly generated. This renders the data useless to its owner if the cipher is not recoverable.

“Restoration of the encrypted files will be difficult, if not impossible,” Symantec said in a warning about the Trojan.

The malware is circulating in the wild, and disguises itself as a tool to “root” Samsung Galaxy smartphones — a process that would otherwise allow customized operating systems to install on the phones. Symantec researchers said malware developers are probably experimenting with Google’s Go.

“The advantage for (virus developers) could be that they are more familiar with that specific language as opposed to some other languages and the language itself may offer some degree of flexibility in coding terms,” said Paul Wood, a security researcher at Symantec.

“It also might be more resilient to reversing attempts by researchers as Go isn’t really mainstream,” he said. “The latter may be more a perception by the coders than in reality.”



Leave a Reply

You must be logged in to post a comment.