$kernel->infect(): Creating a cryptovirus for Symfony2 apps

Raul Fraile

Cryptovirology studies how to use cryptography to design malicious software, given that public-key cryptography can be used to break the symmetry between what an antivirus analyst sees regarding a virus and what the virus writer sees. In this workshop we will create a simple cryptovirus in PHP - for educational purposes - able to infect a Symfony2 app and encrypt data such as database records or user uploaded files using public key cryptography with OpenSSL.
To create the virus we will study how Symfony works internally, especially what kernel events are dispatched and how to use them to attach our virus. Several strategies to hide the virus will be discussed. Simple ones like using different encodings and more advanced strategies such as polymorphic code. Finally, we will see how we can defend ourselves from this kind of attacks.