[ Curiosity,Experimentation ]

Random stuff from the parallel universe of Ones and Zeroes

Archive for October, 2009

An Encrpyting/Blackmailing Malware with code [Visual Basic]

Posted by appusajeev on October 29, 2009

All right fellas,this post deals with creating a malware that encrypts the files on a computer which can only be decrypted upon  your command which well,is another form of blackmailing ! 🙂 . The stuff is fairly simple conceptually but does churn some line of code when implemented .

When the thing is run for the first time,it scans the entire file system(entire drives in the computer excluding A: and C: drives) of  and creates a list of files (i have used an Access database to store the list of files) matching a certain criteria,say file extension.I chose to attack doc,rtf,xls,jpg,txt files. That done,the encryption process is started and each file from the list of files in the database is encrypted sequentially.An ‘e‘  flag is stored against the file name of each file so that the encrypted files can be later identified for decryption.The stuff is also resume capable,ie if the list creation/encryption/decryption process is interrupted by a shut down or something,the process will resume the activity next time its executed. And relax,i have incorporated a mechanism to avoid file corruption during shutdown or other interruptive events.

Download Source

The encryption /decryption process is determined by the presence of the string “action” in the path
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\cryp\action\action
If this key is non-existent or a value other that “d”  is present,encryption process starts and if a “d” has been specified,decryption process is invoked.
The encryption algorithm is have used way too simple. I replace each character in the file with a character whose ASCII code is obtained by subtracting the ASCII code of the original character from 255(ensuring that the result lies between 0 and 255).Repeat the same and you get  back the original character ! I know this is a pretty lame method which can be easily cracked since this is an algorithm based encryption method. You may implement your own method (like RSA or something)

I have used an Acces database integrated using ADO to store the list of files against its status(whether encrypted or not) cuz the process involves a lot of search,update routines which,i think is better dealt with a DBMS.Since this is not a mash up program,knowing the status of  a file is crucial to the decryption process.

Once the user/victim thinks enough is enough,you can initiate the decryption process by setting “d” as the value of the registry string under the key HKEY_CURRENT_USER\Software\VB and VBA Program Settings\cryp\action\action.The decryption method uses the same encryption algorithm to restore the original contents of the file and a ‘d’ flag is stored against the name of the decrypted file

Download Source
Note:Be Careful while testing,encryption process is automatically invoked when run in a new environment(reason explained above)

Posted in Encryption, Visual Basic | Tagged: , | 1 Comment »