Home Security Marcus Hutchins' code written long after Kronos: researcher

Marcus Hutchins' code written long after Kronos: researcher

The security researcher, who claimed recently to have found code written by Briton Marcus Hutchins that was used in the Kronos banking trojan by a third party, now says this code predates both Hutchins and the unknown third party that used it in Kronos.

In an analysis done for security company Malwarebytes, researcher hasherezade wrote that Kronos had been first advertised on the black market in 2014 by someone calling themselves VinnyK and communicating in Russian.

This predates Hutchins' claim, made in 2015, that someone had made use of code, that he wrote for a hooking engine, in malware.

Hutchins, who gained the attention of the world when he stopped the spread of the WannaCry ransomware by accident in May, was arrested by the FBI in Las Vegas on 2 August after he had boarded a plane to leave the US.

He had gone to the US to attend the annual DEFCON security conference.

The chargesheet against him said he had written and helped distribute Kronos along with an unnamed co-conspirator.

After a detailed technical analysis of how Kronos works, hasherezade wrote that the hooking engine used in malware was similar to the engine that Hutchins had described on his blog.

"Looking at the hooking engine of Kronos we can see a big overlap, that made us suspect that this part of Kronos could be indeed based on his ideas," the researcher wrote. 

"However, it turned out that this technique was described much earlier (i.e. here, //thanks to  @xorsthings for the link ), and both authors learned it from other sources rather than inventing it.

"An overall look at the tricks used by Kronos shows that the author has a prior knowledge in implementing malware solutions. The code is well obfuscated, and also uses various tricks that requires understanding of some low-level workings of the operating system. 

"The author not only used interesting tricks, but also connected them together in a logical and fitting way. The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

Hutchins was granted bail on 14 August after a court appearance during which he pleaded not guilty to all six charges levelled against him. He is set to face court again in Milwaukee in October.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications