Malware Writers To AntiVirus Companies: Screw You

In a recent post on the TrendLabs blog, Robert McArdle made note of a particular string that certain malware has been using as part of its encryption routine. The string reads as, Poshel-ka ti na hui drug aver which essentially translates into a screw you message. Originally, TrendMicro believed that the word “Aver” could refer to a certain computer hardware reseller based in Moscow. However, someone at Kaspersky pointed out that this word could mean “AVer” which is a term commonly used on English virus writing forums meaning AntiVirus researcher.

This type of hidden message is hardly the first to be found.  They are often found when these companies reverse engineer these malicious pieces of software to figure out how they work so they can write proper definition files to remove them.

A hidden message directed at Symantec:

Dear Symantec:
For years I have longed for just one thing,
to make malware with just the right sting,
you detected my creation and got my domains killed,
but I will not stop,
I can rebuild.

P.S. F*** you a**holes, especially Stephen Doherty who is the biggest f****t I know of.

And lastly, a hidden message directed at numerous AV companies:

we will attack f-secure,symantec,trendmicro,mcafee , etc.
The 11th of march is the skynet day lol .

It’s rather amusing to see these malware writers venting (and ranting) at the people who work very hard to do undo what they have done. It’s a vicious cycle and a cat and mouse game. At least, we know these AV companies are working diligently to remove these nasty malware infections that plague us.