Later On

A blog written for those whose interests more or less match mine.

Frankenstein computer virus

leave a comment »

In New Scientist Jacob Aron reports on a new type of computer virus:

ARY SHELLEY’S Victor Frankenstein stitched together the body parts of ordinary individuals and created a monster. Now computer scientists have done the same with software, demonstrating the potential for hard-to-detect viruses that are stitched together from benign code pilfered from ordinary programs.

The monstrous virus software, dubbed Frankenstein, was created by Vishwath Mohan and Kevin Hamlen at the University of Texas at Dallas. Having infected a computer, it searches the bits and bytes of common software such as Internet Explorer and Notepad for snippets of code called gadgets – short instructions that perform a particular kind of small task.

Previous research has shown that it is theoretically possible, given enough gadgets, to construct any computer program. Mohan and Hamlen set out to show that Frankenstein could build working malware code by having it create two simple algorithms purely from gadgets. “The two test algorithms we chose are simpler than full malware, but they are representative of the sort of core logic that real malware uses to unpack itself,” says Hamlen. “We consider this a strong indication that this could be scaled up to full malware.”

Frankenstein follows pre-written blueprints that specify certain tasks – such as copying pieces of data – and swaps in gadgets capable of performing those tasks. Such swaps repeat each time Frankenstein infects a new computer, but with different gadgets, meaning that the malware always looks different to antivirus software, even if its ultimate effects are the same.

The research was part-funded by the US air force, and Hamlen says that Frankenstein could be particularly useful for national security agencies attempting to infiltrate enemy computer systems with unknown antivirus defences. “It essentially infers what the [target computer's] defences deem permissible from the existing files on the system to help it blend in with the crowd,” he says. . .

Continue reading.

The sidebar is chilling:

Defending against malware able to build itself from other bits of code is never easy. Last month, Microsoft released an updated version of its Enhanced Mitigation Experience Toolkit (EMET), which provides extra protection for some PC users. It features a new defence designed to stop malware from executing other software’s code, just as Frankenstein does (see main story). It works by wrapping key software in a layer of code that checks whether parts of the software are being repurposed.

Microsoft paid $50,000 in a recent security prize to the creator of the technique, but just two weeks later an Iranian security researcher called Shahriyar Jalayeri claims to have bypassed EMET’s protective wrapper.

Written by LeisureGuy

21 August 2012 at 2:46 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 1,275 other followers