Each of these components constantly ensures that none of the others have been
removed. If it has been, the damaged component is reinstalled immediately.Future Malware
Many people have said so the following, and it is becoming quite obvious:
Today’s malware is just the tip of the iceberg; it could be made far more
destructive. In the future, malicious programs could take over computer sys-
tems at such low levels that it would be difficult to create any kind of antidote
software simply because the malware would own the platform and would be
able to control the antivirus program itself. Additionally, the concept of infor-
mation-stealing worms could some day become a reality, allowing malware
developers to steal their victim’s valuable information and hold it for ransom!
The following sections discuss some futuristic malware concepts and attempt
to assess their destructive potential.Information-Stealing Worms
Cryptography is a wonderful thing, but in some cases it can be utilized to per-
petrate malicious deeds. Present-day malware doesn’t really use cryptography
all that much, but this could easily change. Asymmetric encryption creates
new possibilities for the creation of information-stealing worms [Young]. These
are programs that could potentially spread like any other worm, except that
they would locate valuable data on an infected system (such as documents,
databases, and so on) and steal it. The actual theft would be performed by
encrypting the data using an asymmetric cipher; asymmetric ciphers are
encryption algorithms that use a pair of keys. One key (the public key) is used
for encrypting the data and another (the private key) is used for decrypting the
data. It is not possible to obtain one key from the other.
An information-stealing (or kleptographic) worm could simply embed an
encryption key inside its body, and start encrypting every bit of data that
appears to be valuable (certain file types that typically contain user data, and
so on). By the time the end user realized what had happened, it would already
be too late. There could be extremely valuable information sitting on the
infected system that’s as good as gone. Decryption of the data would not be
possible—only the attacker would have the decryption key. This would open
the door to a brand-new level of malicious software attacks: attackers could
actually blackmail their victims.
Needless to say, actually implementing this idea is quite complicated. Prob-
ably the biggest challenge (from an attacker’s perspective) would be to
demand the ransom and successfully exchange the key for the ransom while
maintaining full anonymity. Several theoretical approaches to these problems278 Chapter 8