Follow Slashdot stories on Twitter


Forgot your password?
Security Crime

Marcus Hutchins' Code Used In Malware May Have Come From GitHub ( 52

troublemaker_23 quotes ITWire: A security researcher says code has been discovered that was written by British hacker Marcus Hutchins that was apparently 'borrowed' by the creator of the banking trojan Kronos. The researcher, known as Hasherezade, posted a tweet identifying the code that had been taken from Hutchins' repository on GitHub.
Hasherezade also found a 2015 tweet where a then-20-year-old Hutchins first announces he's discovered the hooking engine he wrote for his own blog -- being used in a malware sample. ("This is why we can't have nice things," Hutchins jokes.) Hasherezade analyzed Kronos's code and concluded "the author has a prior knowledge in implementing malware solutions... The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

Monday on Twitter Hutchins posted that "I'm still on trial, still not allowed to go home, still on house arrest; but now I am allowed online. Will get my computers back soon."
This discussion has been archived. No new comments can be posted.

Marcus Hutchins' Code Used In Malware May Have Come From GitHub

Comments Filter:
  • by symes ( 835608 ) on Saturday August 19, 2017 @12:23PM (#55048293) Journal

    Smith and Wesson have an awful lot to answer for then.

    • Smith and Wesson have an awful lot to answer for then.

      Absolutely not! They are a beloved company, a first class citizen. Not a second class 99% citizen nor a *shudders* European. My $0.02 is they fry him anyhow, facts be dammed.

  • Reasonable doubt (Score:4, Insightful)

    by Martin S. ( 98249 ) <> on Saturday August 19, 2017 @01:36PM (#55048583) Homepage Journal

    If the code existed before on a public resource, it clearly raises a reasonable doubt.

  • This is the FBI, fer crissakes! The guys who were deeply, deeply penetrated by the Chinese military intelligence during the Clinton/Bush administrations (and are probably still in control). And then there is this: [] [] []
  • by Anonymous Coward on Saturday August 19, 2017 @02:25PM (#55048759)

    The code is code for a service intercept. Those can be tricky to get right, but are used in all manner of system enhancements, are not primarily useful for malware at all.
    Intercept code I have used in the past:
    * Added time, place, privilege level, and called-by-code conditions to file accesses
    * Allowed file open to alter the running priority of processes
    * Allowed failed access for some of the above to optionally open a different file, transparently
    * Allowed files stored on backing storage (tape, network, disk, compressed files) to transparently appear local and present (or to be migrated to such storage)
    * Allowed file extension or creation that would use space to trigger "get space" processes
    * Allowed user mode undelete operations
    * Allowed control of storage space use to minimize storage fragmentation
    * Allowed controls based on access rate

    These and more useful kinds of extensions are among things that can be implemented with an intercept. Not one of these has anything to do with malware.

    So kindly stop and think a bit before claiming the code was done to help malware function.

    • If you have access to your code, why do you need to create a service intercept when you could change your own code? All that you have written is possible to write without an intercept service, unless you were modifying something not meant to be modified...
  • by Anonymous Coward

    I'd love to go to America to visit yellow stone... but this kinda shit puts me off. Massive jails and anyone vaguely doing computer security is a criminal unless in top secret government 3 letter agency.

  • It's about time we get some GPL'd malware! ;)

  • Wait, he's on house arrest in someone else's house?

I've noticed several design suggestions in your code.