DRG - FIRST 2013 Challenge - Trivia 300

Question:

Trivia 300

A well known weakness in a class of cryptographic functions that was largely theoretical was recently seen in the wild for the first time. What piece of malware used this weakness?

Answer:

1. flame

[Reference]

The Flame malware successfully used a new variation of a chosen-prefix collision attack to spoof code signing of its components by a Microsoft root certificate that still used the compromised MD5 algorithm.

• http://en.wikipedia.org/wiki/Collision_attack
• Microsoft releases Security Advisory 2718704
• CWI cryptanalyst discovers new cryptographic attack variant in Flame spy malware