On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

A conserved and essential basic region mediates tRNA binding to the Elp1 subunit of the <em>Saccharomyces cerevisiae</em> Elongator complex

Elongator is a conserved, multi-protein complex discovered in Saccharomyces cerevisiae, loss of which confers a range of pleiotropic phenotypes. Elongator in higher eukaryotes is required for normal growth and development and a mutation in the largest subunit of human Elongator (Elp1) causes familial dysautonomia, a severe recessive neuropathy. Elongator promotes addition of mcm(5) and ncm(5) modifications to uridine in the tRNA anticodon ‘wobble’ position in both yeast and higher eukaryotes. Since these modifications are required for the tRNAs to function efficiently, a translation defect caused by hypomodified tRNAs may therefore underlie the variety of phenotypes associated with Elongator dysfunction. The Elp1 carboxy-terminal domain contains a highly conserved arginine/lysine-rich region that resembles a nuclear localization sequence (NLS). Using alanine substitution mutagenesis, we show that this region is essential for Elongator's function in tRNA wobble uridine modification. However, rather than acting to determine the nucleo-cytoplasmic distribution of Elongator, we find that the basic region plays a critical role in a novel interaction between tRNA and the Elp1 carboxy-terminal domain. Thus the conserved basic region in Elp1 may be essential for tRNA wobble uridine modification by acting as tRNA binding motif

Axially rigid steerable needle with compliant active tip control

Steerable instruments allow for precise access to deeply-seated targets while sparing sensitive tissues and avoiding anatomical structures. In this study we present a novel omnidirectional steerable instrument for prostate high-dose-rate (HDR) brachytherapy (BT). The instrument utilizes a needle with internal compliant mechanism, which enables distal tip steering through proximal instrument bending while retaining high axial and flexural rigidity. Finite element analysis evaluated the design and the prototype was validated in experiments involving tissue simulants and ex-vivo bovine tissue. Ultrasound (US) images were used to provide visualization and shape-reconstruction of the instrument during the insertions. In the experiments lateral tip steering up to 20 mm was found. Manually controlled active needle tip steering in inhomogeneous tissue simulants and ex-vivo tissue resulted in mean targeting errors of 1.4 mm and 2 mm in 3D position, respectively. The experiments show that steering response of the instrument is history-independent. The results indicate that the endpoint accuracy of the steerable instrument is similar to that of the conventional rigid HDR BT needle while adding the ability to steer along curved paths. Due to the design of the steerable needle sufficient axial and flexural rigidity is preserved to enable puncturing and path control within various heterogeneous tissues. The developed instrument has the potential to overcome problems currently unavoidable with conventional instruments, such as pubic arch interference in HDR BT, without major changes to the clinical workflow

The extension problem for partial Boolean structures in Quantum Mechanics

Alternative partial Boolean structures, implicit in the discussion of classical representability of sets of quantum mechanical predictions, are characterized, with definite general conclusions on the equivalence of the approaches going back to Bell and Kochen-Specker. An algebraic approach is presented, allowing for a discussion of partial classical extension, amounting to reduction of the number of contexts, classical representability arising as a special case. As a result, known techniques are generalized and some of the associated computational difficulties overcome. The implications on the discussion of Boole-Bell inequalities are indicated.Comment: A number of misprints have been corrected and some terminology changed in order to avoid possible ambiguitie

Anatomy of Malicious Singularities

As well known, the b-boundaries of the closed Friedman world model and of Schwarzschild solution consist of a single point. We study this phenomenon in a broader context of differential and structured spaces. We show that it is an equivalence relation $\rho$, defined on the Cauchy completed total space $\bar{E}$ of the frame bundle over a given space-time, that is responsible for this pathology. A singularity is called malicious if the equivalence class $[p_0]$ related to the singularity remains in close contact with all other equivalence classes, i.e., if $p_0 \in \mathrm{cl}[p]$ for every $p \in E$. We formulate conditions for which such a situation occurs. The differential structure of any space-time with malicious singularities consists only of constant functions which means that, from the topological point of view, everything collapses to a single point. It was noncommutative geometry that was especially devised to deal with such situations. A noncommutative algebra on $\bar{E}$, which turns out to be a von Neumann algebra of random operators, allows us to study probabilistic properties (in a generalized sense) of malicious singularities. Our main result is that, in the noncommutative regime, even the strongest singularities are probabilistically irrelevant.Comment: 16 pages in LaTe

Machine Learned Interatomic Potential for Dispersion Strengthened Plasma Facing Components

Tungsten (W) is a material of choice for the divertor material due to its high melting temperature, thermal conductivity, and sputtering threshold. However, W has a very high brittle-to-ductile transition temperature and at fusion reactor temperatures ($\geq$1000K) may undergo recrystallization and grain growth. Dispersion-strengthening W with zirconium carbide (ZrC) can improve ductility and limit grain growth, but much of the effects of the dispersoids on microstructural evolution and thermomechanical properties at high temperature are still unknown. We present a machine learned Spectral Neighbor Analysis Potential (SNAP) for W-ZrC that can now be used to study these materials. In order to construct a potential suitable for large-scale atomistic simulations at fusion reactor temperatures, it is necessary to train on ab initio data generated for a diverse set of structures, chemical environments, and temperatures. Further accuracy and stability tests of the potential were achieved using objective functions for both material properties and high temperature stability. Validation of lattice parameters, surface energies, bulk moduli, and thermal expansion is confirmed on the optimized potential. Tensile tests of W/ZrC bicrystals show that while the W(110)-ZrC(111) C-terminated bicrystal has the highest ultimate tensile strength (UTS) at room temperature, observed strength decreases with increasing temperature. At 2500K, the terminating C layer diffuses into the W, resulting in a weaker W-Zr interface. Meanwhile, the W(110)-ZrC(111) Zr-terminated bicrystal has the highest UTS at 2500K

Turkey wattle temperature response to distinct environmental factors

Rearing environmental conditions are important for turkey production, because this bird is particularly sensitive to heat stress. This study aimed at measuring the wattle temperature response of turkeys of three different ages (61, 96, and 131 days old) exposed to different combinations of dry bulb temperature, relative humidity, and wind speed ranges, as an indication of their physiological responses. The experiment was conducted with 42 male birds housed in a controlled environment chamber and exposed to different combinations of two air speed (WS) ranges (WS1 = 0.3-0.6 ms-1, considered low, and WS2 = 1.2-1.6 ms-1, considered high), dry bulb temperature (DBT) between 22 and 34 °C, and relative humidity (RH) between 40 to 90 %. The statistical analysis showed that WS, DBT, and RH significantly influenced wattle temperature of 61-d-old turkeys, while only WS and DBT influenced this response when turkeys were 96 days old. Furthermore, DBT was highly correlated with both low and high WS. In 131-day-old turkeys, WT response was virtually the same at both wind speed ranges when high DBT was applied. Turkey wattle temperature was influenced by wind speed, and was dependent on both environmental dry bulb temperature and relative humidity, as well as bird age.17443944