12 Days competition: Day 6 – Clocking up a decade of mobile malware

The Twelve Days of Christmas - melody

Here’s the melody – click to sing along!

In an era before Angry Birds, apps, HD and phablets, when Barack Obama was still four years from the Oval office and Friends episodes weren’t all re-runs, the first mobile phone virus emerged blinking from the primordial cyber-swamp.

Things have evolved a lot since then.

In June we charted the history of mobile malware’s first decade with a dectet of viruses, worms, trojans and other nasties…

Unhappy birthday
to you –
mobile malware
turns 10
And for your chance to win an exclusive, limited edition, Naked Security T-shirt, work out the answer to Paul Ducklin’s brain teaser below…

This December we’re celebrating Christmas by giving away five of our much-coveted, limited edition Naked Security T-shirts every day for 12 days!

We’ve selected twelve of the most interesting stories from 2014 and we’ll be writing about one of them each day.

All you have to do to win a T-shirt is read the story and answer the question.

We’ll pick 5 lucky winners out of a hat (OK, /dev/urandom) each day and those who answer the most questions correctly over the 12 days will be entered into our grand prize draw for a goody bag of geeky gifts valued at up to $500!

We need to know your email address so that we can contact you if you’ve won. When we contact you, we’ll need your T-shirt size, a delivery address and a contact number so we can ship your prize. We won’t use any of your personal details for anything other than this competition.

Entries close at 23:59 Pacific Standard Time (UTC-8) each day. Sophos staff, those pro­fessionally connected to the company, and their families, are welcome to submit answers for fun, but can’t win. T-shirt styles may vary from those depicted. Sophos’s decision is final, and so on. Please read our official competition terms and conditions.

What was Day 5’s answer?

On Day 5, we asked you to unscramble this cryptogram:


The answer was a description of the final TrueCrypt version, published at the same time that the developers said, “Goodbye, Farewell and Amen” to their product.

The final version, 7.2, was designed to let you use TrueCrypt one last time in order to remove it.

The correct answer was:


The encryption algorithm was a simple Caesar cipher, where each letter is shifted two places along in the alphabet to scramble it, and moved two places back to unscramble it.

The problem with a Caesar cipher is that there are only 25 possible ways to encrypt any input text (shift by 1,2,3..25 letters).

So you only need to try at most 25 decryptions to crack the cipher: one will be correct and the others will be garbage:

Even for short messages like the one above, where there isn’t much plaintext to work with, trying every possible decryption key is only a moment’s work.

By the way, choosing a password from any short list, such as a four-digit code or an eight-character word, leaves you with exactly the same problem: it’s easy for a crook to try all the possibilities.

So, at the least, take this as a warning to learn How To Pick a Proper Password:

→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.