Cryptovirology: Virus Approach

TL;DR

Cryptovirology explores how cryptographic techniques can be maliciously exploited to develop offensive malware, enabling attacks like extortion, enhanced anonymity, and information leakage, and discusses countermeasures for such threats.

Contribution

This paper introduces the concept of cryptovirology, demonstrating how cryptography can be used offensively in malware and analyzing associated threats and countermeasures.

Findings

Cryptovirology enables malware to use cryptography for malicious purposes.

Attacks can conceal origin and increase attacker anonymity.

Countermeasures include controlled access to cryptographic tools.

Abstract

Traditionally, "Cryptography" is a benediction to information processing and communications, it helps people to store information securely and the private communications over long distances. Cryptovirology is the study of applications of cryptography to build the malicious software. It is an investigation, how modern cryptographic tools and paradigms can be used to strengthen, develop and improve new malicious software attacks. Cryptovirology attacks have been categorized as : give malware enhanced privacy and be more robust against reverse-engineering, secondly give the attacker enhanced anonymity while communicating with deployed malware. This paper presents the idea of "Cryptovirology" which introduce a twist on how cryptography can also be used offensively. Being offensive means, it can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography usually prevents. Also analyze threats and attacks that misuse of cryptography can cause when combined with fraudulent software (viruses, Trojans). Public-key cryptography is very essential for the attacks that based on cryptovirology. This paper also suggest some of the countermeasures, mechanisms to cope with and prevent such attacks. Even if the attackers actions on the host machine are being monitored, it still cannot be proven beyond reasonable doubt that he or she is the attacker; and it is an "originator-concealing attack". Evidence should be collected from the "author's own system which was used for the attack". These attacks have implications on how the use of cryptographic tools and techniques should be audited and managed in general purpose computing environments, and imply that access to the cryptographic tools should be in well control of the system(such as API routines).