This article can also be found in the Premium Editorial Download "Information Security magazine: What are botnets and how can you prepare for them?."

Download it now to read this article plus other related content.

Could cryptography be the next destructive malware payload?


    Requires Free Membership to View

Malicious Moneymakers
Over the past year, attackers have perfected the art of using malware in moneymaking criminal schemes. We've seen the increasing proliferation and complexity of malware-based scams, all centered around the widespread propagation of malicious code via viruses, worms and Trojans. Attackers are turning their skills and compromised systems into cash via the following methods:

Selling customized malicious code. Some members of the digital underground support themselves by selling customized AV-resistant versions of their backdoors and bots for prices ranging from $20 to more than $1,000. Their buyers: private investigators, organized crime groups and other hackers.

Selling advertisements. Instead of just watching where users surf, some spyware goes further by inserting advertisements in users' browsing sessions. Users have no way of differentiating which ads are generated by the sites they visit and which are inserted by spyware running on their machines.

Identity theft. Beyond the account data grabbing of phishing, some attackers also gather huge amounts of data about users via a bot on their compromised computers. With information such as credit card and Social Security numbers, and bill-paying history, the attacker can steal the identity of the victim.

Phishing. To collect sensitive financial account information and credit card data, attackers frequently try to dupe users with bogus e-mail solicitations. To minimize the chance of getting caught, bad guys not only send these e-mails via malware on compromised sites, but also gather financial data via backdoor collectors installed on other compromised machines.

DDoS extortion. Attackers will threaten enterprises with a massive packet flood if they don't pay a "protection fee." These threats have focused on porn and gambling sites, but an increasing number of attacks are directed at e-commerce sites.

Renting Botnets. Attackers with large, distributed networks of remotely controlled machines have valuable commodities at their disposal. These systems represent a virtual supercomputer, suitable for password and encryption-key cracking, or massive DDoS attacks. For prices starting around $100, attackers rent their botnets by the hour or day for use by other miscreants.

Advertising data aggregation. With spyware planted on a victim's machine, an unscrupulous person could harvest immense amounts of commercially interesting data and sell it to the highest bidder.

Researchers have talked for years about the threat of polymorphic malware that uses encryption to conceal its malicious intent and stealthily replicates itself in undetectable forms.

But what if encryption wasn't just a malware camouflage or propagation mechanism? What if malware writers could apply encryption in a payload to hold data for ransom, extorting victim enterprises?

It's more than theory. Conditions are ripe for a new class of malware: crypto-viruses. These yet-to-be-seen-in-the-wild contagions have the potential to hold critical data hostage, anonymously leaking it to third parties and making it nearly impossible to prove that valuable data was stolen. Malware writers are already using encryption as a means of concealing their creations, and research and proof-of-concept worms have shown that cryptography can be used as a weapon. If you're not prepared, you could lose your data.

The cryptovirology theory is simple: An attacker generates a public/private key pair for the purpose of holding the victim's data ransom. The public key is placed within the virus, and the private key is kept secret by the attacker. The virus queries the host operating system's random number generator for a symmetric key, such as a 128-bit AES key. The virus encrypts the host's data files, possibly including sensitive financial, research or other crucial information. The symmetric key is then encrypted with the virus's public key. In cryptography circles, this process is known as hybrid encryption and is the basis for virtually all e-mail encryption applications.

Next, the virus overwrites the symmetric key in memory and securely deletes all copies of the plaintext, ensuring that none of the compromised host's original files are accessible. The attacker then demands a ransom in exchange for the the private key to decrypt the data held hostage.

While it's relatively trivial to combine the power of cryptography with malware, conditions for exploiting the dangerous combination haven't been favorable until now. An attacker can encrypt data and create backdoors, but still needs a way of extorting his victims without getting caught. Anonymizing services, which form the basis for several e-mail systems, e-voting protocols and private Web-surfing services, provide an extortion mechanism. Also, as we've seen with DDoS extortion threats, phishing schemes and identity theft, the bad guys have created effective money-laundering mechanisms and have started working with organized criminal groups. Incorporating cryptography into these extortion schemes is highly likely. (See "Malicious Moneymakers.")

Likewise, other obfuscation techniques, such as having a cryptovirus post stolen, or encrypted data posted to a public bulletin board, make it much more difficult to trace an attacker. By posting encrypted data to a popular public Web site or newsgroup, anyone can see what's posted, but only the attacker can decrypt the package. Sorting out the actual attacker from the multitude of innocent visitors would be difficult. Disgruntled insiders, malicious social activists and cyberterrorists could use cryptovirology to destroy a company or operation.

Probable Crypto Attacks
Research conducted by Adam Young, a senior managing consultant at LEGC, and Moti Yung, a senior researcher at Columbia University, has identified myriad probable attack scenarios using malicious cryptography. Though plausible, none have yet been reported outside lab environments. The following are a sampling of possible cryptovirology attack scenarios:

Deniable Password Snatching. This attack combines public-key cryptography with a password-stealing Trojan. After grabbing passwords from a victim machine through keystroke logging, sniffing and/or cracking, the Trojan asymmetrically encrypts the recovered login/ password pairs using the attacker's public key. Only the attacker can decrypt the passwords with his private key. The Trojan writes a file with the encrypted passwords to all removable and writable media (such as USB hard drives, hundreds of users' home directories and networked machines), and possibly even sends the encrypted password file to hundreds or thousands of e-mail addresses, Web sites and newsgroups.

This attack maintains tight control over the stolen passwords, giving only the attacker access to them. It also diffuses culpability by giving the encrypted password file to anyone and anything that comes in contact with the compromised host, making the identification of an attacker extremely difficult.

Private Information Retrieval. This attack stealthily searches a victim's databases and servers for specific pieces of information, and steals them without revealing what the malware was searching for (the tag string) or what was stolen (the sensitive data). It's relatively easy to design code that scans a database for a specific data set, such as a person's name, and then use that string to find a corresponding piece of information, like the person's salary. To conceal the malicious activity, the attacker can use a crypto algorithm to cloak the database search. The malware then encrypts the stolen data, making it impossible to tell what was taken even if the enterprise intercepts the malware. The attacker is then free to use his private key to decrypt the pilfered data.

Questionable Encryption. This technique is designed to cast doubt on whether an attack has occurred. The attacker allows the victims to watch the asymmetrically encrypted data get transmitted to multiple sites and copied to tens of thousands of machines. After a certain period of time, the attacker anonymously reveals a bogus private key that has nothing to do with the encrypted data. The victim enterprise then uses this fake key to decrypt the data into bogus plaintext messages, which are intended to make the enterprise believe that the attacker was merely bluffing and didn't steal anything. Yet, with the proper private key, the attacker would still have access to all of the data.

There are numerous other possible variations of these attacks, some that open enterprises to extortion, others that leak sensitive information and a few that are designed to break down the integrity of victim systems.

While plausible, pulling off these attacks isn't trivial. To leverage public keys and other encryption schemes as malicious tools, the attacker needs in-depth knowledge of the implementation of public/private keys and nearly flawless code to ensure reliable execution. This is perhaps one of the reasons why no such attacks have been witnessed (or at least reported) in the wild. Still, with solid, open-source crypto packages available for download, malware employing these capabilities is very likely in the near future.

This was first published in March 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: