Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Malware of the Future May Come Bearing Real Gifts

Posted by samzenpus on from the not-so-bad dept.

An anonymous reader writes "Research by Prof. Giovanni Vigna of the University of California leads him to believe that the malware of the future will come in a friendly form, be genuinely useful and may not reveal its intentions for a protracted period of time. Prof. Vigna, speaking at IP Expo in London, outlined a fearful future of 'mimicry' in evolved strains of malware. In the current stage of the war between malware and security researchers, the emphasis is almost entirely on the attempt to convince increasingly intelligent — and increasingly suspicious — malware that it is operating in a bare-metal environment when it is in fact in a sandbox or VM environment. For the malware, the stakes are tremendously high — if it has reached the point of OS-level execution without its hash being indexed and red-flagged by online security databases, it cannot afford to reveal its intentions in a test environment. This article outlines the extraordinary game of cat-and-mouse being played between researchers and hackers, and how future malware exploits are likely to abandon a rush for the buffer overflow in favor of 'the long game' — and to make themselves useful in the process.

3 of 103 comments (clear)

  1. Re:Pirated software by tlhIngan · · Score: 4, Interesting

    I bet that software pirates already have injected malware in many warez, mainly heavy graphics games. Doing so they could discreetly control a lot of powerful machines.

    No, the software itself isn't infected with malware, actually. What happens is they infect the keygens or cracks. This is because most software applications are actually signed, as are installers, so they don't bother infecting that - they distribute the original installers with all the original signatures intact.

    But since to use it requires running the crack executable to get the key, well, the user will just double-click it, get their machine infected, and the key to unlock the program they just installed.

    And it's been happening a long time - it's why cracks and keygens are long tagged by AV apps - because while there are a few clean cracks and keygens, you can bet most you find on torrent sites and elsewhere are infected.

  2. Re:What if... by dgatwood · · Score: 4, Interesting

    Or just run each app in its own VM so that when it turns rogue, you can cleanly shoot it in the head without any widespread damage.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  3. Old Story by bickerdyke · · Score: 3, Interesting

    Reminds me of the late 90s/early 2000s when millions of accounts for a german online service (T-Online) have been stolen - by 3rd party tool for that service that offered additional services including up/downing your connection (which was essential for those high, minute based rates back then. Butso it had your password, of course)

    It was a PITA to convince people to stop using that tool because it was so usefull.

    --
    bickerdyke