Black Energy has been in the news again recently (well, it was recent back when I wrote the first draft of this).
I’m not here to talk about Citigroup, I’m here to talk about cryptography, and how to fail at it. That being said, allegedly Citibank was “hacked” using Black Energy, according to the Wall Street Journal. Citigroup flat out denies it, and aside from this assertion from the WSJ, there’s no other information. But it doesn’t make sense that “Black Energy” itself, or what is commonly referred to by that name, was used for some kind of banking attack; It’s a DDoS bot.
Now, it could actually be Black Energy that’s responsible, or something different which just looks like Black Energy. But lately, a very Black Energy-like DDoS “module” tends to get installed along with other malware such as Zeus, via the “Yes Exploit System“, or via Oficla/Sasfis, and like every bot, it can download and execute arbitrary files upon command. I have no idea what, if anything, happened at Citibank, but I speculate that a Black Energy bot was just along for the ride. An infection of one bot, quickly leads to an infestation of many. [cute metaphor about infestations goes here] It’s kinda like a big ball of malware goo.
Analogy
Ok, so you remember how the five robot lions in the show “Voltron” would form a giant robot to battle space monsters? Each lion had its own distinct identity, like one was green, and another one was pink, etc. but they could combine to form a single robot, with a distinct identity apart from each individual lion. Ok, well malware also combines together to form a giant robot.
[I was going to make the same analogy using the Constructicons as examples, they're evil bots you see… but that's just a little too obscure.]
Anyway, so for something less ambiguous… onto the technical part!
