1993-08-13 - encrypting viruses

Header Data

From: nobody@rosebud.ee.uh.edu
To: cypherpunks@toad.com
Message Hash: f34abcc4adbe4112f7c9955adb64e1716596d111d657362c26dcd7374c11d602
Message ID: <9308132350.AA07169@toad.com>
Reply To: N/A
UTC Datetime: 1993-08-13 23:53:04 UTC
Raw Date: Fri, 13 Aug 93 16:53:04 PDT

Raw message

From: nobody@rosebud.ee.uh.edu
Date: Fri, 13 Aug 93 16:53:04 PDT
To: cypherpunks@toad.com
Subject: encrypting viruses
Message-ID: <9308132350.AA07169@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Fellow cypherpunks,

Speaking of cryptostacker and beneficial viruses that encrypt files for you
in the background, I just got a copy of one in the mail!  I think this may
be of interest to the group, so I am posting.

Here's a section from the documentation:

- ---begin excerpt
Wouldn't it make sense to have a virus that encrypts your system for you?
It can work in the background, and just encrypt every floppy you make,
and put a copy of itself on that disk too, if there's room, so when you
take it somewhere, you can still decrypt.  And best of all, the encryption
is public domain and free.

Well, now you have just the virus you need.  The Potassium Hydroxide Virus
is a friendly virus, desinged specifically to solve the problems of the
average computer user who attaches some value to the privacy of what he
has on his computer - either because he doesn't agree with the strictest
interpretation of copyright law, or for any other reason.  I say it is
"friendly" because it doesn't just go in and infect your system without
your knowledge, and use some unknown key for encryption so you can't
recover.  Rather, the Potassium Hydroxide politely asks if you want to 
infect (yes, it even uses the word "please"), and it asks you for a 
password to use for encrypting.

As far as encryption goes, the Potassium Hydroxide uses two different
algorithms.  One is slow-but-good, the other fast-but-easy to break.
And it allows you to choose which one will be used on your hard disk.
That way you can choose the level of security and performance you like.
Floppy disks are always encrypted with the slow-but-good algorithm, 
since they are already slow.
 
The slow-but-good algorithm used is state-of-the-art.  It is the
International Data Encryption Algorithm (known as IDEA), which was
developed by someone besides the government , (for those of you who do
not trust the government to keep you data safe) and has been the subject
of intense public scrutiny for several years.  Although cryptographers
admit that IDEA is fairly new, and someone may find a way to crack it in
the future, no one has done so yet.

[skipping a few sentences]

Using the Potassium Hydroxide

Installing the Potassium Hydroxide on your computer is fairly easy.  
However, as with installing any cryptographic system, I'd highly recommend
you back up everything on your hard disk first.  After all, if the power
fails after your FAT has been encrypted, but nothing else, it's going
to be tought to recover without a backup

Step 1: Format a floppy and put the system files on it so it can boot
to the DOS prompt.  Pull the disk out and put it back in.  (You must do
this or the virus won't infect it)

Step 2: Execute the KOH.COM file included on the disk with this issue.
This will encrypt the diskette in the A: drive and install the Potassium
Hydroxide on it live.  Enter a password when it requests one.  This
password is only temporary.  Do a directory on this disk, and you will
see only gibberish.  That will prove to you it has been properly encrypted.

Step 3: Boot from the disk you just infected.  The virus will then request
permission to infect your hard disk.  Tell it yes.

Step 4: Reboot your computer from the hard disk.  Now the virus will ask you
if you want to encrypt your hard disk.  If you do, enter "Y".  If you don't,
all floppies will still be encrypted, and you must enter the floppy
encryption password at boot-up.  I recommend you attempt to boot at least
once without encrypting just to make sure the virus installed properly
on the hard disk.

Step 5: After booting once without encrypting, reboot and encrypt this time.
You will be asked if you want casual (fast) encryption or strong (slow)
encryption.  Make your choice.  Next you'll be asked for a password for
floppies and for the hard disk.  The floppy password is stored on your
hard disk in (strong) encrypted form, and the hard disk password must be
entered every time you boot.  Enter them both at this time.  The initial
encryption process then begins.  It is admittedly very slow.  Just allocate
and hour or so for strong encryption and be patient.  The virus does not use
a very large buffer for encrypting because it doesn't want to take up too
much memory.

Step 6: After the encryption is done, you should reboot your computer and
test it.  With any luck it will work just fine.  A good test to make sure
everything worked OK is to run CHKDSK, and test out some of your favorite
programs.  If you experience problems, you may have to use your backup
to restore everything.  That's no different than any encryption program,
though.

Compatibility

  [been tested with DOS 4,5,6 and Windows 3.1.  So far, the only problem
is with the 32-bit disk driver for Windows 3.1]

Incidentally, the Potassium Hydroxide has been donated to the PUBLIC DOMAIN.

- ---end excerpt

I can't seem to find mention of what the fast/casual encryption algorithm
is.  Instead of source code, a hex listing is provided.  According to
further notes, there is a hot-key for toggling floppy encrypt, and another
hot key to uninstall from the hard drive.

All the same, if I get a chance this weekend I'll probably try it
out!





-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLGwl24OA7OpLWtYzAQExMwQAv2d/CJA+qq/1CcRWR/IH2kDPlqqMMw2J
W5WWLz1ngaNSWYddY1c29mrRlgKKdLdt+ijLNo6iP2/YbFzS3x66Y7c14dvmtfZP
J1S0yvc70eWu/gZPNQLpyYwvYJjYL8jWMtdLWROlXk9UYQSolxTETRugRo02eApt
tO5ZPIs+iYw=
=beMR
-----END PGP SIGNATURE-----





Thread