Building a Cryptovirus Using Microsoft’s Cryptographic API
This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. A novel countermeasure against cryptoviral extortion is presented that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. The exact sequence of API calls that is used for both the viral payload and the code for key generation, decryption, and so on is given. More specifically, it is shown that by using 8 types of API calls and 72 lines of ANSI C code, the payload can hybrid encrypt sensitive data and hold it hostage on the host computer system. These findings demonstrate the ease with which one can apply cryptography to devise the payload of a cryptovirus when a cryptographic API is readily available on host machines.
KeywordsCryptovirus hybrid encryption public key cryptography RSA symmetric cryptography MS CAPI hash function mix networks
Unable to display preview. Download preview PDF.
- 1.Apple Computer. Apple Cryptographic Service Provider Functional Specification (March 10, 2005), Downloaded from http://developer.apple.com
- 4.DoD 5220.22-M. National Industrial Security Program Operating Manual, 01/1995. Chapter 8: Automated Information System SecurityGoogle Scholar
- 5.National Institute of Standards and Technology (NIST). Secure Hash Standard (SHS), FIPS PUB 180-2. In Federal Register (August 2002) Google Scholar
- 6.Golle, P., Boneh, D.: Almost Entirely Correct Mixing with Applications to Voting. In: Ninth ACM CCS, pp. 59–68 (2002)Google Scholar
- 8.General Services Administration, Washington, D.C. Telecommunications: Compatibility Requirements for Use of the Data Encryption Standard. Proposed Federal Standard 1026 (October 1977) Google Scholar
- 10.Microsoft Corporation. Microsoft Developer Network. Available on the web at, http://msdn.microsoft.com/library/default.asp
- 11.PKCS #1 v2.1: RSA Cryptography Standard. RSA Labs (June 14, 2002)Google Scholar
- 13.Schechter, S., Smith, M.: How Much Security is Enough to Stop a Thief? In: Proceedings of Financial Crypto, pp. 122–137 (2003)Google Scholar
- 14.Slade, R.M.: REVIEW: Malicious Cryptography, Adam L. Young/Moti Yung. Post to the Usenet newsgroups: alt.comp.virus, comp.security.misc, and alt.computer.security by rslade at xxxxxx.ca (December 20, 2004)Google Scholar
- 15.Young, A., Yung, M.: Cryptovirology: Extortion-Based Security Threats and Countermeasures. In: IEEE Symp. on Security & Privacy, pp. 129–141 (1996)Google Scholar