The development of version Brontok

Because I only have the initial version and the final version, I can not make a comparison gradually, but the importance of this development:
Final version of the initial version
Using VB6, compiled a PCode. Easy to dismantle at. Using VB6, is compiled into native code. More difficult to be demolished.
EXE "naked". The size of about 80 Kb. EXE dipack Mew with 11.2. The size of about 40 Kb.
Key Registry remains, to use the file. Inf file to finalize registry. Key Registry is variable, so the need to manually clean.
No running in safe mode. Running in safe mode.
Download the update from the URL fixed. The downloaded file is not checked. Download the update from the URL changed, with inspection of the downloaded file.
Using the most constant string. Using many of the string-split to reduce the constant.
Encryption simple. Encryption more serpentine.
The name of the file remains. Make various kinds of files, some of which are fixed and there is a random (based on the time activation brontok).
Encryption in Brontok

So that the contents of the string Brontok not easily visible, the String Brontok encrypted. The first version utilizing a very weak encryption, which is shifting as much as 3 letter (A becomes D, B becomes E, etc.) This is a very easy way dijebol because the encryption is the ancient existing since the days of Julius Caesar (also called encryption is the Caesar Chiper), but the latest version using monoalphabetic substitution chiper, even substitution is done twice.

Brontok use a little kink in the encrypt and decrypt the stringnya, decryption procedures in the Brontok I have simplified the C can be seen in the listing below. (The original procedure more involved because the table is created on-the-fly at runtime alias with a special procedure with many loop).