Sunday, August 17, 2008

Unveil All Seeing Internet Eye

All Seeing Internet Eye use a multilayered method of obfuscations and commands, sometimes it partially and/or randomly encrypts its multi layered obfuscation so that my offers of de-obfuscation or illumination can´t be set up in all events but they fit in several situations. Let´s start to shed some light by unveiling these little all-pervasive (be like water) network packets. By the way this method can also be used to decipher some subhack related windows internal phenomenons which you find at the end of many executables, drivers and dlls in windows operation system.

Some typical methods of obfuscation:
1. I am here = I/A/M/H/E/R/E
2. Specific codewords like: Exodus = ÈXÐØXŽUŽ,
3. Short messages like: We at ram = WÊ@rA¨m
4. Names like Ru0, Á"Lï, .ÐR.EÜRð, Fu2NL, E;!ÔF¡P, Róñ
5. Permutation in the lines e.g.: Hello lloeH
6. Allocation chars to individuals and/or locations like A <> B
7. Letter replacements through chars: S = $
8. Letter associations to numbers: A=1, B=2,C=3,D=4,E=5,F=6,G=7,H=8,I=9, J=10....
9. Multiple use of different languages such as german, french, english, spanish, italian, turkish, arabic, yugoslav, latin ...
10. Psychopathic, eccentric use of anagrams

There is also a high and excessive use of other words e.g.: DÁÕ›U probably has a relation to TAO, a frequent use of SÚS = SUS. Some know it also as SUS Malware.
Anagrams often refer to bioscience, genetic studies and vet medicine, e.g.: VLdãLd

Other discovered codewords: Pnì^¹, JªVHÛB (evtl relation to Java)

A lot of analyzed packets refer to a japanese network of Tokyo: trip.orz.hm.

No comments: