Abstract
This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. A novel countermeasure against cryptoviral extortion is presented that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. The exact sequence of API calls that is used for both the viral payload and the code for key generation, decryption, and so on is given. More specifically, it is shown that by using 8 types of API calls and 72 lines of ANSI C code, the payload can hybrid encrypt sensitive data and hold it hostage on the host computer system. These findings demonstrate the ease with which one can apply cryptography to devise the payload of a cryptovirus when a cryptographic API is readily available on host machines.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Apple Computer. Apple Cryptographic Service Provider Functional Specification (March 10, 2005), Downloaded from http://developer.apple.com
Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
DoD 5220.22-M. National Industrial Security Program Operating Manual, 01/1995. Chapter 8: Automated Information System Security
National Institute of Standards and Technology (NIST). Secure Hash Standard (SHS), FIPS PUB 180-2. In Federal Register (August 2002)
Golle, P., Boneh, D.: Almost Entirely Correct Mixing with Applications to Voting. In: Ninth ACM CCS, pp. 59–68 (2002)
Gülcü, C., Tsudik, G.: Mixing e-mail with Babel. In: Symposium on Network and Distributed System Security, pp. 2–16. Internet Society, San Diego (1996)
General Services Administration, Washington, D.C. Telecommunications: Compatibility Requirements for Use of the Data Encryption Standard. Proposed Federal Standard 1026 (October 1977)
Jakobsson, M.: A Practical Mix. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 448–461. Springer, Heidelberg (1998)
Microsoft Corporation. Microsoft Developer Network. Available on the web at, http://msdn.microsoft.com/library/default.asp
PKCS #1 v2.1: RSA Cryptography Standard. RSA Labs (June 14, 2002)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. CACM 21(2), 120–126 (1978)
Schechter, S., Smith, M.: How Much Security is Enough to Stop a Thief? In: Proceedings of Financial Crypto, pp. 122–137 (2003)
Slade, R.M.: REVIEW: Malicious Cryptography, Adam L. Young/Moti Yung. Post to the Usenet newsgroups: alt.comp.virus, comp.security.misc, and alt.computer.security by rslade at xxxxxx.ca (December 20, 2004)
Young, A., Yung, M.: Cryptovirology: Extortion-Based Security Threats and Countermeasures. In: IEEE Symp. on Security & Privacy, pp. 129–141 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Young, A.L. (2005). Building a Cryptovirus Using Microsoft’s Cryptographic API. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds) Information Security. ISC 2005. Lecture Notes in Computer Science, vol 3650. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11556992_28
Download citation
DOI: https://doi.org/10.1007/11556992_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29001-8
Online ISBN: 978-3-540-31930-6
eBook Packages: Computer ScienceComputer Science (R0)