Sometimes malware authors leave clues in their code which might reveal something about themselves.
In the past, I’ve seen malware which has provided pointers as to the creator’s language of choice, preferred programming language, or country of origin.
In the most extreme examples there has even been malware which has included the author’s real name, phone number and address.
I don’t think I’ll ever forget Filipino macro virus writer Michael Buen, a contemporary of Love Bug author Onel de Guzman, who was dumb enough to use victim’s computers to print out his entire CV and contact details as he was looking for a job…
But normally, if any clues are left at all in an increasingly professional world of cybercrime, they can’t narrow down the list of suspects that tightly.
Take, for instance, the case of the ransomware affecting Australian computer users right now: Trojan.Cryptolocker.S.
According to Symantec researchers, the malware uses images grabbed from the popular TV show about an everyday Chemistry teacher turned Crystal Meth drugpin badass “Breaking Bad”.
Specifically, ransom demands popped up by the malware use the logo of “Los Pollos Hermanos”, the chain of fast-food fried chicken restaurants run by (spoilers!) the rather terrifying Gus Fring.
Furthermore, the criminals behind the ransomware attack are using an anonymous email account named after a quote from Walter White, the lead character played in the show by Bryan Cranston.
Seems to me that the one thing we can be pretty sure about is that whoever wrote this latest ransomware is a fan of Walter White.
You can learn more about this particular malware by reading Symantec’s blog post.
Stay safe folks.