This project was about creating viruses and antiviruses to investigate and explore data security, shining light on the extreme difficulty in creating an effective antivirus in comparison to the simplicity of malware.

THESIS

Creeper - the first virus

ILOVEYOU - Infected 10% of the internet at the time

AIDS Trojan - First Ransomware

PRECEDENTS

Algorithm

Key: demokey Numkey: 3

Security Analysis

Timeline: This was used around the mid 20th century

But many modern encryptions use this function as a part of a larger algorithm

ENCRYPTION

Not that secure. Because the key repeats and the XOR and shift are the only operations, using a known translation(like a file header) can let people break the encryption. It isn't very easy to do without a significant time investment and computation power however.

؜Convert file data and text key into binary strings

Compare each bit of data with repeating key bits

Output 1 if bits differ, 0 if they match

Shift the binary by the numkey

Convert back to ASCII text

STATE DIAGRAM

Ransomware

Controlware

STATE DIAGRAM

Antivirus

STATE DIAGRAM

؜ANTIVIRUS

1. Scanning of directories and individual files for malicious programs
2. Analyzation of running processes
3. Ability to see what files are being run/accessed/edited
4. Able to monitor network connections(kinda)
5. YARA matching
6. Heuristic and behavioral threat detection
7. Beaconing detection
8. Process whitelisting
9. CPU, memory, disk and network usage analysis
10. 
    

FEATURES

؜CONTROLWARE

1. Able to click and scroll
2. Keys work
3. Encrypted communication
4. Able to handle multiple clients at once

RANSOMWARE

1. Has persistance mechanisms that make the program persist through system restarts and closing of the application
2. Encrypts files with XOR binary shift encryption

FEATURES

PROTOTYPES

PROTOTYPES

PROGRAM DASHBOARD

PROTOTYPES

ACTIVE PROCESS MONITORING

PROTOTYPES

ACTIVE NETWORK MONITORING

PROTOTYPES

؜THREAT ANALYSIS

PROTOTYPES

PROTOTYPES

DETAILED PROGRAM LOGGING

1. Get packet sniffing fully working on the antivirus
2. Make mouse control work on the controlware
3. Expand the ransomware to have slightly better encryption

NEXT STEPS