By William Kleinhenz –
In 1996, at the 1996 IEEE Security and Privacy conference, Adam Young and Moti Yung gave a presented a paper that described a new concept for the time: the offensive use of cryptography by malware which they dubbed cryptovirology. At this point, the internet had yet to face the threat posed by a cryptovirus thus the examples offered were more theory than examined malware made by attackers. In the following years, however, this would change, as we know now a large majority of the malware that exists on the internet integrate some aspect of cryptography ranging from ransomware to malware that use encryption to protect Command and control or update functionality.
The first cryptovirus that I will be highlighting is the Conficker worm, first discovered in 2008, Conficker targeted flaws in Microsoft Windows specifically a Remote code execution vulnerability in the NetBIOS server service outlined in MS08-067. Conficker would later spread by cracking weak admin passwords and infecting removable drive. The one aspect I will focus on is the way in which the worm would secure and verify the integrity of post infection updates. The first step involves Conficker’s control server computing a 512-bit hash, M, of the Windows binary that the host will be receiving. Next, the control server encrypts the binary with RC4 using M as the password. The now encrypted binary has its RSA signature computed using the scheme of (M^ private E) mod N. Now all clients that connect to this control server will then receive the encrypted file with its RSA signature appended. After downloading the package holding the encrypted update along with the update’s signature the client uses said signature to obtain the binary’s hash and encryption password M. After finding M the client is then able to decrypt the binary and check its integrity by comparing the file hash of the value of M. When successfully verified the client uses the shellexec() to run the received binary file. This type of process is similar, if not more in depth than how many non-malicious programs and allowed for Conficker to effectively spread throughout much of the internet.
Figure 1: Conficker’s use of cryptography to secure updates
While Conficker used cryptography intelligently, many cryptoviruses specifically ransomware would fail to do so. For this example, I will be showing off a piece of ransomware that tries to use strong cryptography, but ended up making it easy for researchers to decrypt the ransomed files. From a high-level bitcrypt appears secure, bitcrypt generates a new key for each file using a salted SHA1 hash that the CTR mode AES algorithm used to encrypt each file. Then, using RSA-1024 and a stored public RSA modulus bitcrypt encrypts the AES key used in the last step. The resulting encrypted file has the “.bitcrypt” extension and contains a header, the encrypted data, a trailer and then the size of the raw data, the encrypted AES key and the RSA modulus in an encoded form all using XML-like tags. Although this explanation of bitcrypt leads one to believe that bitcrypt effectively made it impossible to retrieve a user’s data without paying the ransom it turns out to not be the case. When researchers began to examine bitcrypt and decrypted the base64 encoded RSA modulus, they discovered that bitcrypt did use RSA but instead of a 1024 bit or 128-byte key, the author had incorrectly used a key size of 128 digits which is equivalent of RSA-426. This allowed researchers to be able to use the number field sieve algorithm to at the time, 2014, easily break to factor the RSA key in around 43 hours on a quad core CPU. Due to the ease and speed of breaking the RSA key, researchers were then able to develop and provided a python script to defeat the ransomware and decrypt the files.
While used to protect people and their information, a malware author can use cryptography to better increase the effectiveness of their malware. As I discussed above with Conficker a skilled attack can create a sophisticated and secure piece of malware using cryptography. On the other hand, however, if one is going to create a cryptovirus one should be sure that they understand the principles of cryptography and what makes the algorithms themselves strong. Cryptoviruses while not a very old concept has quickly moved from being a concept in academia to now a common and dangerous force on the internet that continues to evolve.
Sources and further reading