0 evaluări0% au considerat acest document util (0 voturi)
38 vizualizări3 pagini
This paper highlights about RECONRUS, which is a reconnaissance virus which can be embedded with any document file or other file type. Once the victim opens the file the virus gets activated by which the it will start collecting the vital information of the system into a text file. The same text file will be sent back to the attacker when the victim’s system is connected to the internet there by attacker having all the valuable information which can help in future attacks.
This paper highlights about RECONRUS, which is a reconnaissance virus which can be embedded with any document file or other file type. Once the victim opens the file the virus gets activated by which the it will start collecting the vital information of the system into a text file. The same text file will be sent back to the attacker when the victim’s system is connected to the internet there by attacker having all the valuable information which can help in future attacks.
This paper highlights about RECONRUS, which is a reconnaissance virus which can be embedded with any document file or other file type. Once the victim opens the file the virus gets activated by which the it will start collecting the vital information of the system into a text file. The same text file will be sent back to the attacker when the victim’s system is connected to the internet there by attacker having all the valuable information which can help in future attacks.
INTERNATIONAL JOURNAL OF RESEARCH IN TECHNOLOGY (IJRT) ISSN No.
2394-9007 Vol. V, No. II, April 2018 www.ijrtonline.org
RECONRUS Reconnaissance Virus
Uday Naik SN, Subarna Panda
Abstract— This paper highlights about RECONRUS, which is B. Background:
a reconnaissance virus which can be embedded with any There had been many tools in market which can extract document file or other file type. Once the victim opens the file the sensitive information about victim’s computer system but virus gets activated by which it will start collecting the vital never had been a piece of code which does a set of instruction information of the system into a text file. The same text file will which will get all the information needed for an attack and be sent back to the attacker when the victim’s system is connected to the internet there by attacker having all the compromise the system. Hence developing a code with Python valuable information which can help in future attacks. which can collect very important and sensitive data.
I. INTRODUCTION III. DESCRIPTION
Right from internet ages security was a concern and had been This project aims to collect some important information out of talk of the town since couple of years. Taking as an a system which gets infected such as Open ports, Public IP, opportunity to showcase the knowledge on Virus, this project running processes, Snapshot of current screen, a webcam was titled. Reconnaissance is a type of computer attack in capture, System architecture and version and Operating system which an intruder engages with the targeted system to gather which runs on it. information about vulnerabilities. Virus is a piece of code It not only collects the data but compresses it and sends it which is capable of copying itself and typically has a to the attacker’s email id and clears the tracks by deleting the detrimental effect, such as corrupting the system or destroying compressed files and other collected data. data. It had always been a point of fascination about how a As the virus is activated by the victim and mostly running virus is developed and how it attacks a computer system and with administrative privileges it would be able to collect starts replicating itself with one click of a button. critical data which a normal user cannot. Development of reconnaissance virus to deploy in a A. Port Scanning: virtualized environment and do statistical analysis on it which Port scanning is the method of probing the host or system in in turn will help to develop an antivirus for possible intrusion order to find the available open ports. This in turn will help detections. Also, in advanced or future prospect of this project the attacker to script the code with the open port to exploit an can be introduction of some root kit to it so that it acts as an vulnerability. APT. B. Public Internet Protocol Address: II. SIGNIFICANCE Public internet protocol address plays an important role in an A. Role of Reconrus: attack when the victim is outside the attacker’s network. A Research in the field of information security is growing public IP is an address given by the Internet Service Provider nowadays. A proper research on a virus in turn gives us in- (ISP) to connect with external network. depth view on how a virus works. A reconnaissance virus in C. System OS and Architecture: advance stage can be used as an Advanced Persistent Threat Operating system information is critical information which (APT). Even though there is APT in internet world it’s always enables the attacker to forge the code and use vulnerabilities difficult to detect and analyze as it is mostly used by defense. which it has. Each architecture is different (x86 or x64) and Hence this project will be useful to understand APT in better hence information on it is relatively important as OS way. information. D. Webcam Capture: Webcam is a common gadget which comes inbuilt nowadays Manuscript received on April, 2018. with any laptop. Except for desktop where its an accessory. Uday Naik SN, Research Scholar, Information Security Management System, With the help of specific module and coding an image capture Department of Computer Science & Engineering, Jain University, Bangalore, of the person who is the owner of the system or one who uses it Karnataka, India. at that very moment. Prof. Subarna Panda, Asst. Professor, Department of Computer Science & Engineering, Jain University, Bangalore, Karnataka, India.
Impact Factor: 4.012 26
Published under Asian Research & Training Publication ISO 9001:2015 Certified INTERNATIONAL JOURNAL OF RESEARCH IN TECHNOLOGY (IJRT) ISSN No. 2394-9007 Vol. V, No. II, April 2018 www.ijrtonline.org E. Capturing Running Processes: This is one of the major functions of this virus. As once gaining access to the system over a reverse TCP connection, to maintain that access such that the connection will remain it’s necessary to migrate to a running process. Hence it’s really critical to know what all process is currently running in the victim’s system. It also gives a glimpse of any software that’s running. With this it’s possible to find any vulnerability with respect to the software and it can be used wisely for further attacks. IV. WORKING Once the virus is coded it’s converted as an executable file by using MSF venom and encodes it with a word file. This word file will be either sent by the mail or shared using a removable device to the victim. Now once the victim opens the file, the virus program runs on background. At first it will collect the system platform details and its architecture which will be written as a text file. Next step would be completing a port scanning which will run with multiple threading codes to make the scanning much faster. Once the list is generated it will be saved as a text file. Further the virus will move ahead by capturing the screenshot and Webcam shot by using very innovative and specific module in python. And save it in temp folder. Once it captures all the above a process will run to compress all the collected files and remove the individual files from temp folder. Well as the last step the virus will email the compressed file generated and delete the compressed file from temp folder there by clearing all the tracks. V. ANALYSIS Viruses are mostly used as an attack method where the host is being compromised and valuable data is stolen, destroyed or manipulated in order for a monetary gain or for pure fun Hence this project even though is named as reconnaissance virus it just collects information without knowledge of the user, doesn’t destroy any data. Rather than stealing victim’s data, it concentrates on the Host details. As per the analysis this virus can be used in the field of cyber forensics where installing different software and collecting data this piece of code can be utilised. VI. FLOW DIAGRAM Flowchart explanation: The image in Fig. 1 is the flow diagram of the intended virus. Above are the steps involved from start to the end as explained in the working section of this script.
Fig. 1: Flow Diagram
Impact Factor: 4.012 27
Published under Asian Research & Training Publication ISO 9001:2015 Certified INTERNATIONAL JOURNAL OF RESEARCH IN TECHNOLOGY (IJRT) ISSN No. 2394-9007 Vol. V, No. II, April 2018 www.ijrtonline.org VII. LIMITATIONS information and also when used in computer forensics it’s a Even though this project is successful in completing its duties boon as it automates many steps. Also, in advanced mode it there are some limitations or scenarios where this can fail. A can act like an advanced persistent threat. few have been listed below. REFERENCES 1) If user doesn’t double click on the infected file. 2) If the user uses it as in restricted mode in Microsoft 1. https://github.com/ word. 2. https://docs.python.org/2/library/ 3) If user is not connected to internet. 3. https://pypi.python.org/pypi/ 4) If User’s computer uses Linux or MAC. 4. https://code.tutsplus.com/tutorials/ 5) If user is working in Least Privileged Mode. 5. https://www.geeksforgeeks.org/socket-programming- python 6) Camera capture is limited to Laptop or Desktop with web 6. http://www.pythonforbeginners.com/os/pythons-os-module camera only 7. https://stackoverflow.com/ 7) Supports windows operating system XP and above only. 8. https://www.us-cert.gov/publications/virus-basics VIII. CONCLUSION 9. http://ieeexplore.ieee.org/document/7979312/ 10. http://ieeexplore.ieee.org/abstract/document/1407486/ In right kind of computer environment with proper connection facilities this virus is quite effective in collecting sensitive
Impact Factor: 4.012 28
Published under Asian Research & Training Publication ISO 9001:2015 Certified