Like criminals, like fingerprints left behind when committing the crime, malware and the word "fingerprint." Will be held next month, Black Hat, security researchers will demonstrate how to find clues from the malicious program, identify the identity of the attacker. Meanwhile, security researchers also plan to release a free fingerprint tool. In fact, malware writers will be in the program left many clues, clues can be identified by those of their native language and geographical location. Combined with the attack of other clues left behind, in some cases enable law enforcement agencies to find the true identity of malware writers.

Greg Hoglund is a computer security and forensics firm HBGary founder and CEO, a few months ago he spent a lot of time to study the attack Google, Adobe, Intel and other companies of Operation Aurora malicious programs, combined with GhostNet, he found that malware authors several key features. In Operation Aurora, he found a clue in Chinese, registry entries and IP addresses, and even the Chinese papers. He has developed a fingerprint identification tool can identify a malicious program development environment: using the compiler version, the original name of the other projects. Hoglund noted that many attackers will often rename their malicious programs, but sometimes left some things that seem harmless, sometimes leaving the original project name, the hard drive and library path. If you collect this information, the attacker can create a modus "fingerprint" of the.