A lot of cryptographic algorithms are used by malware today. Cryptography is a huge subject in itself and it is beyond the scope of the book. This section just gives an overview of cryptography. Malware can use cryptography for the following purposes:
- To obfuscate its own code so that antivirus or security researchers cannot identify the actual code easily.
- To communicate with its own C&C server, sometimes to send hidden commands across the network and sometimes to infiltrate and steal data
- To encrypt the files on the victim machine
A cryptographic system can have the following components:
- Plaintext
- Encryption key
- Ciphertext, which is the encrypted text
- Encryption algorithm, also called cipher
- Decryption algorithm
There are two types of cryptographic algorithms based on the kind of key used:
- Symmetric
- Asymmetric
A few assumptions before explaining the algorithm: the sender is the person who sends the data after encrypting it and the receiver is the person who decrypts the data with a key.