How are cryptovirology and kleptography related?
A kleptographic attack is carried out by building a malicious implementation of a black-box cryptosystem. The malicious implementation is designed to have the same I/O specifications as the correctly implemented cryptosystem, yet securely and subliminally leaks private information to the attacker. Kleptography grew out of the notion of a cryptovirus and the realization that subliminal channels could be used by cryptotrojans to covertly transmit host data to the attacker, data that has been asymmetrically encrypted using the public key of the attacker. The code that carries out a kleptographic attack is therefore malicious software that contains and uses the public key of the attacker. In other words, the code that carries out a kleptographic attack is a cryptotrojan. So, from the perspective of cryptovirology, kleptography can be thought of as the study of cryptotrojans that only infect hosts that are cryptosystems.
