On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. A joint operation was recently conducted by the FBI and the Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but has not stopped it completely. Due to the complex structure and advanced anti-reverse engineering techniques, the Citadel malware analysis process is both challenging and time-consuming. This allows cyber criminals to carry on with their attacks while the analysis is still in progress. In this paper, we present the results of the Citadel reverse engineering and provide additional insight into the functionality, inner workings, and open source components of the malware. In order to accelerate the reverse engineering process, we propose a clone-based analysis methodology. Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant. Two types of code analysis techniques are provided in the methodology, namely assembly to source code matching and binary clone detection. The methodology can help reduce the number of functions requiring manual analysis. The analysis results prove that the approach is promising in Citadel malware analysis. Furthermore, the same approach is applicable to similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper appeared in FPS 201

A conserved and essential basic region mediates tRNA binding to the Elp1 subunit of the <em>Saccharomyces cerevisiae</em> Elongator complex

Elongator is a conserved, multi-protein complex discovered in Saccharomyces cerevisiae, loss of which confers a range of pleiotropic phenotypes. Elongator in higher eukaryotes is required for normal growth and development and a mutation in the largest subunit of human Elongator (Elp1) causes familial dysautonomia, a severe recessive neuropathy. Elongator promotes addition of mcm(5) and ncm(5) modifications to uridine in the tRNA anticodon ‘wobble’ position in both yeast and higher eukaryotes. Since these modifications are required for the tRNAs to function efficiently, a translation defect caused by hypomodified tRNAs may therefore underlie the variety of phenotypes associated with Elongator dysfunction. The Elp1 carboxy-terminal domain contains a highly conserved arginine/lysine-rich region that resembles a nuclear localization sequence (NLS). Using alanine substitution mutagenesis, we show that this region is essential for Elongator's function in tRNA wobble uridine modification. However, rather than acting to determine the nucleo-cytoplasmic distribution of Elongator, we find that the basic region plays a critical role in a novel interaction between tRNA and the Elp1 carboxy-terminal domain. Thus the conserved basic region in Elp1 may be essential for tRNA wobble uridine modification by acting as tRNA binding motif

The Analysis of Large Order Bessel Functions in Gravitational Wave Signals from Pulsars

In this work, we present the analytic treatment of the large order Bessel functions that arise in the Fourier Transform (FT) of the Gravitational Wave (GW) signal from a pulsar. We outline several strategies which employ asymptotic expansions in evaluation of such Bessel functions which also happen to have large argument. Large order Bessel functions also arise in the Peters-Mathews model of binary inspiralling stars emitting GW and several problems in potential scattering theory. Other applications also arise in a variety of problems in Applied Mathematics as well as in the Natural Sciences and present a challenge for High Performance Computing(HPC).Comment: 8 pages, Uses IEEE style files: Ieee.cls, Ieee.clo and floatsty.sty. Accepted for publication in High Performance Computing Symposium, May 15-18 (HPCS 2005) Guelph, Ontario, Canad

Asymptotic near optimality of the bisection method

Journal ArticleThe bisection method is shown to possess the nearly best rate of convergence for infinitely differentiable functions having zeros of arbitrary multiplicity. If the multiplicity of zeros is bounded, methods are known which have asymptotically at least quadratic rate of convergence

Asymptotic Optimality of the Bisection Method

The bisection method is shown to possess the asymptotically best rate of convergence for infinitely differentiable functions having zeros of arbitrary multiplicity. If the multiplicity of zeros is bounded methods are known which have asymptotically at least quadratic rate of convergence

Learning Koopman eigenfunctions of stochastic diffusions with optimal importance sampling and ISOKANN

The dominant eigenfunctions of the Koopman operator characterize the metastabilities and slow-timescale dynamics of stochastic diffusion processes. In the context of molecular dynamics and Markov state modeling, they allow for a description of the location and frequencies of rare transitions, which are hard to obtain by direct simulation alone. In this article, we reformulate the eigenproblem in terms of the ISOKANN framework, an iterative algorithm that learns the eigenfunctions by alternating between short burst simulations and a mixture of machine learning and classical numerics, which naturally leads to a proof of convergence. We furthermore show how the intermediate iterates can be used to reduce the sampling variance by importance sampling and optimal control (enhanced sampling), as well as to select locations for further training (adaptive sampling). We demonstrate the usage of our proposed method in experiments, increasing the approximation accuracy by several orders of magnitude

The extension problem for partial Boolean structures in Quantum Mechanics

Alternative partial Boolean structures, implicit in the discussion of classical representability of sets of quantum mechanical predictions, are characterized, with definite general conclusions on the equivalence of the approaches going back to Bell and Kochen-Specker. An algebraic approach is presented, allowing for a discussion of partial classical extension, amounting to reduction of the number of contexts, classical representability arising as a special case. As a result, known techniques are generalized and some of the associated computational difficulties overcome. The implications on the discussion of Boole-Bell inequalities are indicated.Comment: A number of misprints have been corrected and some terminology changed in order to avoid possible ambiguitie

Anatomy of Malicious Singularities

As well known, the b-boundaries of the closed Friedman world model and of Schwarzschild solution consist of a single point. We study this phenomenon in a broader context of differential and structured spaces. We show that it is an equivalence relation $\rho$, defined on the Cauchy completed total space $\bar{E}$ of the frame bundle over a given space-time, that is responsible for this pathology. A singularity is called malicious if the equivalence class $[p_0]$ related to the singularity remains in close contact with all other equivalence classes, i.e., if $p_0 \in \mathrm{cl}[p]$ for every $p \in E$. We formulate conditions for which such a situation occurs. The differential structure of any space-time with malicious singularities consists only of constant functions which means that, from the topological point of view, everything collapses to a single point. It was noncommutative geometry that was especially devised to deal with such situations. A noncommutative algebra on $\bar{E}$, which turns out to be a von Neumann algebra of random operators, allows us to study probabilistic properties (in a generalized sense) of malicious singularities. Our main result is that, in the noncommutative regime, even the strongest singularities are probabilistically irrelevant.Comment: 16 pages in LaTe