Through my research of malware and botnets I've come across a really interesting pattern I thought I'd share my thoughts. Only 1 time have I seen a piece of malware and their payload or Comand and Control system/server over the last 2 years use 256AES. Blowfish sure, Twofish yes, RC4 yes, but only once have I seen 256AES used. Now Flame, Stuxnet, Duqu, Grauss all used RC4 to encrypt their payload I believe (At least Flame & Grauss did, Duqu & Stuxnet I'll re-check). Now if these "Military Malware" which are so complex are not using 256AES to hide it's telling me something. Now I may be on the wrong track, forgive me if I am. But I think 256AES is at least susceptible to unknown new side channel attacks or it's actually been totally broken. I'd like to hear what you think.