On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

The fibrin-derived gamma377-395 peptide inhibits microglia activation and suppresses relapsing paralysis in central nervous system autoimmune disease.

Perivascular microglia activation is a hallmark of inflammatory demyelination in multiple sclerosis (MS), but the mechanisms underlying microglia activation and specific strategies to attenuate their activation remain elusive. Here, we identify fibrinogen as a novel regulator of microglia activation and show that targeting of the interaction of fibrinogen with the microglia integrin receptor Mac-1 (alpha(M)beta(2), CD11b/CD18) is sufficient to suppress experimental autoimmune encephalomyelitis in mice that retain full coagulation function. We show that fibrinogen, which is deposited perivascularly in MS plaques, signals through Mac-1 and induces the differentiation of microglia to phagocytes via activation of Akt and Rho. Genetic disruption of fibrinogen-Mac-1 interaction in fibrinogen-gamma(390-396A) knock-in mice or pharmacologically impeding fibrinogen-Mac-1 interaction through intranasal delivery of a fibrinogen-derived inhibitory peptide (gamma(377-395)) attenuates microglia activation and suppresses relapsing paralysis. Because blocking fibrinogen-Mac-1 interactions affects the proinflammatory but not the procoagulant properties of fibrinogen, targeting the gamma(377-395) fibrinogen epitope could represent a potential therapeutic strategy for MS and other neuroinflammatory diseases associated with blood-brain barrier disruption and microglia activation

The extension problem for partial Boolean structures in Quantum Mechanics

Alternative partial Boolean structures, implicit in the discussion of classical representability of sets of quantum mechanical predictions, are characterized, with definite general conclusions on the equivalence of the approaches going back to Bell and Kochen-Specker. An algebraic approach is presented, allowing for a discussion of partial classical extension, amounting to reduction of the number of contexts, classical representability arising as a special case. As a result, known techniques are generalized and some of the associated computational difficulties overcome. The implications on the discussion of Boole-Bell inequalities are indicated.Comment: A number of misprints have been corrected and some terminology changed in order to avoid possible ambiguitie

Diffraction behaviour of three-component fibonacci Ta/Al multilayer films

A class of quasiperiodic structure three-component Fibonacci (3CF) Ta/Al multilayer films is fabricated by dual-target magnetron sputtering. The microstructure of this film is investigated by transmission electron microscopy and electron and X-ray diffraction. Cross-section transmission electron microscopy demonstrates a well formed layer structure of 3CF Ta/Al superlattices. The electron-diffraction satellite spots, which can be indexed by three integers, correspond to the X-ray diffraction peaks in both position and intensity. The scattering vectors observed in electron and X-ray diffraction are in good agreement with the analytical treatment from the projection method

Anatomy of Malicious Singularities

As well known, the b-boundaries of the closed Friedman world model and of Schwarzschild solution consist of a single point. We study this phenomenon in a broader context of differential and structured spaces. We show that it is an equivalence relation $\rho$, defined on the Cauchy completed total space $\bar{E}$ of the frame bundle over a given space-time, that is responsible for this pathology. A singularity is called malicious if the equivalence class $[p_0]$ related to the singularity remains in close contact with all other equivalence classes, i.e., if $p_0 \in \mathrm{cl}[p]$ for every $p \in E$. We formulate conditions for which such a situation occurs. The differential structure of any space-time with malicious singularities consists only of constant functions which means that, from the topological point of view, everything collapses to a single point. It was noncommutative geometry that was especially devised to deal with such situations. A noncommutative algebra on $\bar{E}$, which turns out to be a von Neumann algebra of random operators, allows us to study probabilistic properties (in a generalized sense) of malicious singularities. Our main result is that, in the noncommutative regime, even the strongest singularities are probabilistically irrelevant.Comment: 16 pages in LaTe

Machine Learned Interatomic Potential for Dispersion Strengthened Plasma Facing Components

Tungsten (W) is a material of choice for the divertor material due to its high melting temperature, thermal conductivity, and sputtering threshold. However, W has a very high brittle-to-ductile transition temperature and at fusion reactor temperatures ($\geq$1000K) may undergo recrystallization and grain growth. Dispersion-strengthening W with zirconium carbide (ZrC) can improve ductility and limit grain growth, but much of the effects of the dispersoids on microstructural evolution and thermomechanical properties at high temperature are still unknown. We present a machine learned Spectral Neighbor Analysis Potential (SNAP) for W-ZrC that can now be used to study these materials. In order to construct a potential suitable for large-scale atomistic simulations at fusion reactor temperatures, it is necessary to train on ab initio data generated for a diverse set of structures, chemical environments, and temperatures. Further accuracy and stability tests of the potential were achieved using objective functions for both material properties and high temperature stability. Validation of lattice parameters, surface energies, bulk moduli, and thermal expansion is confirmed on the optimized potential. Tensile tests of W/ZrC bicrystals show that while the W(110)-ZrC(111) C-terminated bicrystal has the highest ultimate tensile strength (UTS) at room temperature, observed strength decreases with increasing temperature. At 2500K, the terminating C layer diffuses into the W, resulting in a weaker W-Zr interface. Meanwhile, the W(110)-ZrC(111) Zr-terminated bicrystal has the highest UTS at 2500K

The influence of defined ante-mortem stressors on the early post-mortem biochemical processes in the abdominal muscle of the Norway lobster, Nephrops norvegicus (Linnaeus, 1758)

The effects of four different ante-mortem stressors (exercise, emersion, starvation and a patent infection with the parasite Hematodinium sp.) on post-mortem processes have been investigated in the abdominal muscle of Norway lobster Nephrops norvegicus by measuring changes in the pH, the levels of glycogen, l-lactate, arginine phosphate, ATP, ADP, AMP, IMP, HxR, Hx and the adenylate energy charge (AEC) over a time course of 24 h with samples being taken at 0, 3, 6, 12 and 24 h. The acute stresses of intense exercise and 2 h emersion resulted in a premature onset of anaerobic glycolysis, leading both to an enhanced glycogen depletion rate and an early accumulation of l-lactate. The chronic stressors, starvation and parasite infection, resulted in a complete ante-mortem depletion of muscle glycogen and consequently the failure of post-mortem glycolytic fermentation. Post-mortem pH and ATP inter-conversion were significantly altered in chronically stressed animals. Ante-mortem, a rapid, almost complete depletion of arginine phosphate was observed in all stress groups. The AEC was altered significantly by all stresses, indicating a strong energy demand. The findings suggest that ante-mortem stressors strongly influence the post-mortem biochemical processes. The laboratory-based results are compared to 'field' data and effects on post-harvest product quality are discussed

Far-Infrared Excitations below the Kohn Mode: Internal Motion in a Quantum Dot

We have investigated the far-infrared response of quantum dots in modulation doped GaAs heterostructures. We observe novel modes at frequencies below the center-of-mass Kohn mode. Comparison with Hartree-RPA calculations show that these modes arise from the flattened potential in our field-effect confined quantum dots. They reflect pronounced relative motion of the charge density with respect to the center-of-mass.Comment: 8 pages, LaTeX with integrated 6 PostScript figure

Diffraction based Hanbury Brown and Twiss interferometry performed at a hard x-ray free-electron laser

We demonstrate experimentally Hanbury Brown and Twiss (HBT) interferometry at a hard X-ray Free Electron Laser (XFEL) on a sample diffraction patterns. This is different from the traditional approach when HBT interferometry requires direct beam measurements in absence of the sample. HBT analysis was carried out on the Bragg peaks from the colloidal crystals measured at Linac Coherent Light Source (LCLS). We observed high degree (80%) spatial coherence of the full beam and the pulse duration of the monochromatized beam on the order of 11 fs that is significantly shorter than expected from the electron bunch measurements.Comment: 32 pages, 10 figures, 2 table