Eric Filiol
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE
ISSN 0249-6399
January 2002
This report presents a new class of techniques which allow either the attack of a computer or to catch the keys of a cryptosystem by using a pair of (or combined) viruses, one of them being hidden by the attacker in ciphertext. These techniques are valid for any operating system and can be effciently implemented in any programming language and for any operating system. In order to avoid detection, the viral infection is very limited and uses polymorphic techniques. Moreover the main virus erases itself after the payload action. The general structure of the two viruses is presented and the problem of protection against such attacks is onally envisaged.