We have created a framework document that will provide a guide for future malware-related Capstone projects. Creating this document also gave us a comprehensive understanding of malware. The framework will provide an overview of how to implement a malware-related Capstone project. This was done by going through information our group learned through inductive research of different types of malware. Firstly, it goes over how to set up a virtual machine environment, which a group will need to do if they want to run malware without risk to their actual machine. Secondly, it goes over what we learned about the malware we researched. This will go over pitfalls to avoid, malware functionality, source code, and demonstrations of them running. The framework will display a malware chart and how they relate to each other, as well as real life examples. Lastly, the framework will go over how to build upon the project in order to create brand new security capstone projects.
To research malware we created a simple fork bomb, rootkit, spyware and ransomware on windows XP for the purpose of educating people more about malware. We implemented the Fork Bomb by using a windows builtin to start a completely new process. The fork bomb reaches critical mass when the system runs out of PIDs it can assign. We also made the fork bomb persist across reboot and open an image to show that the fork bomb was run. The end result is a lot of system shutter and lag making the operating system virtually unusable. The Rootkit does an Administrator to System privilege escalation. The rootkit uses a task scheduler exploit that kills the user kernel and then opens explorer so the operating system opens explorer as a system which results in our user credentials being changed to system. The Spyware is relatively simplistic and it just logs keystrokes from an open application. The Ransomware finds files in the user's home directory and encrypts them using AES. Then it decrypts the files when requested.
