Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Malware of the Future May Come Bearing Real Gifts

Posted by samzenpus on from the not-so-bad dept.

An anonymous reader writes "Research by Prof. Giovanni Vigna of the University of California leads him to believe that the malware of the future will come in a friendly form, be genuinely useful and may not reveal its intentions for a protracted period of time. Prof. Vigna, speaking at IP Expo in London, outlined a fearful future of 'mimicry' in evolved strains of malware. In the current stage of the war between malware and security researchers, the emphasis is almost entirely on the attempt to convince increasingly intelligent — and increasingly suspicious — malware that it is operating in a bare-metal environment when it is in fact in a sandbox or VM environment. For the malware, the stakes are tremendously high — if it has reached the point of OS-level execution without its hash being indexed and red-flagged by online security databases, it cannot afford to reveal its intentions in a test environment. This article outlines the extraordinary game of cat-and-mouse being played between researchers and hackers, and how future malware exploits are likely to abandon a rush for the buffer overflow in favor of 'the long game' — and to make themselves useful in the process.

21 of 103 comments (clear)

  1. Malware by j127 · · Score: 5, Insightful

    It's already here. They're called smartphone apps.

    1. Re:Malware by namgge · · Score: 2

      Not really. The nice/nasty thing about Apple's walled garden, depending on your point of view, is that if just one user notices and reports your malware doing something it shouldn't Apple can revoke the relevant certificates and it's game over within a matter of hours.

      Since one also has to provide proof of identity and pay a subscription to get the certificates in the first place unless the author took a lot of trouble to create a false identity they could be tracked down and prosecuted.

      Now, I am sure there are flaws in this system, but it raises the bar to the point that there are easier ways for a hard-working computer-savvy crook to earn a living.

      Namgge.

  2. Oblig. xkcd by Nemyst · · Score: 4, Funny

    xkcd 810.

    1. Re:Oblig. xkcd by dargaud · · Score: 2

      I can't stand the Family Circus. I don't go around posting about how much it sucks. Get a life and let others enjoy what they want.

      --
      Non-Linux Penguins ?
  3. Adobe Digital Editions 4 by Bob9113 · · Score: 4, Informative

    Research by Prof. Giovanni Vigna of the University of California leads him to believe that the malware of the future will come in a friendly form, be genuinely useful and may not reveal its intentions for a protracted period of time.

    Some of it will even turn the American public library system into an infectious host. Adobe Digital Editions 4 scans your hard drive and sends some of the data it finds, in the clear, back to Adobe.

    --
    Stop-Prism.org: Opt Out of Surveillance
  4. Adobe market leader! by MrGrey1 · · Score: 2

    Adobes already doing this! They're such an awesome company, leading the way into our Brave New World!

  5. The anti-malware of the future by skirmish666 · · Score: 4, Insightful

    Reports your system as a VM to everything

    --
    Sigger than your average
  6. STDs have been doing this since "forever" by dltaylor · · Score: 2

    There's a gift, which may be ongoing, but it has a nasty payload.

    Never had either an STD or computer malware.

    Paranoia is your friend, 'cause they ARE out to get you.

    1. Re:STDs have been doing this since "forever" by dltaylor · · Score: 2

      It's not that you don't take chances, but that you recognise the dangers and take a few precautions. Not "going down" on the woman you just picked up at the bar might save you a case of HIV (Magic Johnson, for example). Doesn't mean you can't have some fun together, but use condoms, for pity's sake.

      Don't download "cute" crapware. Don't visit sites Firefox and its plugins warn you are attack sites. Don't blindly give away your bank account info (at least in the Corporate States of America, where you have no protection). For example, I have a bank account specifically for PayPal (no credit card for them), and I keep in it just enough to cover my purchases/donations. No glitch, stolen credentials, ... are going to clean out my bank account (no debit card, either). I keep a very low credit limit card for Internet purchases. The theater tickets someone tried to purchase in London cost more than that and triggered a block.

  7. Re:Pirated software by tlhIngan · · Score: 4, Interesting

    I bet that software pirates already have injected malware in many warez, mainly heavy graphics games. Doing so they could discreetly control a lot of powerful machines.

    No, the software itself isn't infected with malware, actually. What happens is they infect the keygens or cracks. This is because most software applications are actually signed, as are installers, so they don't bother infecting that - they distribute the original installers with all the original signatures intact.

    But since to use it requires running the crack executable to get the key, well, the user will just double-click it, get their machine infected, and the key to unlock the program they just installed.

    And it's been happening a long time - it's why cracks and keygens are long tagged by AV apps - because while there are a few clean cracks and keygens, you can bet most you find on torrent sites and elsewhere are infected.

  8. "Evolved strains?" by geminidomino · · Score: 2

    Is this guy new here or what? Ostensibly useful ("friendly", since TFS apparently wants to anthropomorphize software) programs that carry a nasty payload that doesn't trigger immediately? How's that any different from 20 years ago, when they were called "trojans?"

  9. Re:but useful software is not cheap to make by Cenan · · Score: 4, Informative

    AC? Meet download.cnet.com. All the crap you could ever want, nicely bundled with more spyware than you care to imagine. If you're ever in the market for some free software, and dumb enough to use Google to find it, chances are you'll be presented with a forest of hits all directing you there.

    Quality has nothing to do with it. These guys have made a business out of bundling mediocre with bad or downright malicious, and have put in a lot of effort to appear high enough on search engines to catch eyes. Malware authors don't need to produce anything useful at all.

    --
    ... whatever ...
  10. Don't most trojans already work kinda like this? by mmell · · Score: 3, Informative

    Malware authors need only take their existing freeware "products" and put a timer in to delay payload delivery. I can conceive of several ways to do this with only minimal effort.

  11. Re:What if... by dgatwood · · Score: 4, Interesting

    Or just run each app in its own VM so that when it turns rogue, you can cleanly shoot it in the head without any widespread damage.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  12. Old Story by bickerdyke · · Score: 3, Interesting

    Reminds me of the late 90s/early 2000s when millions of accounts for a german online service (T-Online) have been stolen - by 3rd party tool for that service that offered additional services including up/downing your connection (which was essential for those high, minute based rates back then. Butso it had your password, of course)

    It was a PITA to convince people to stop using that tool because it was so usefull.

    --
    bickerdyke
  13. They are called trojans by ruir · · Score: 2

    You mean, like trojans inside apps since the 60s? This is a new low even for slashdot.

  14. Well this makes it easy then.... by Rainwulf · · Score: 2

    To protect yourself from malware, litter your system with artefacts that mimic sandboxes and virtual machines :)

  15. Numbers by DrYak · · Score: 2

    Some citations:
    Transmission rates based on infected partner's progression stage
    Risk based on type of sexual act

    It is difficult to get HIV from a woman. Not impossible, but the odds are very low.

    Well, not that low, only half the odds, according to study 2.

    Now getting HIV from taking it on the butt, it is much more dangerous

    Yup. 0.08/0.04 (vaginal) vs 1.4 (annal receptive). About 20x more odds.

    And then black woman have a much higher rate of HIV.

    Technically, its "women in poorer communities". It happens that in the US black ethnic are often at the bottom of the social scale due to past racial discriminations, etc. but even there they are not alone at the bottom of the scale.

    On all this counts, Magic Johnson is not exactly the best example.

    He might happen to also be ethnically black, but given his economical situation and popularity, I doubt that he spends his time banging crack-whores. So the fact that HIV is more prevalent among the poorest section of the population has probably rather little impact.
    Also, for what I know, he was only interested in women, which lack the proper biological appendage to being a risk for insertive annal (though not properly clean sex-toys might still be a potential danger).

    The main reason he caught AIDS are probably due to a high number of partners combined with lack of proper protection.

    In fact Magic Johnson helped bring awareness that HIV isn't exclusively targeting drug-addicts and homosexuals.

    To transpose that to malware:
    the fact that malware are more often found at warez sites ridden with keygen containing hidden malware, and dubious porn site running ads used by hacker to corrupt your system, DOES NOT MEAN that these are the only way a random internet user might get the computer infected by malware.
    on the other hand, proper precaution will ALWAYS be a good solution to protect and diminish the risks. (virus scanner, filters, malware blocker, ad-blocker, VMs, etc.)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  16. Re:Don't most trojans already work kinda like this by guru42101 · · Score: 2

    My mother had a few of those. Some coupon app on her desktop that was actually advertised by her local news station for getting an aggregated searchable list of coupons available and where to acquire them. It did what it was supposed to. It also downloaded and installed additional applications and hijacked your browser (eg: toolbar search goes to their stuff no matter which option you select, added adverts to websites, and displayed popup ads with fake warnings)

  17. Re:but useful software is not cheap to make by ihtoit · · Score: 2

    http://botcrawl.com/cnet-downl...

    From 2013:

    "It’s now verified that CNET bundles malware with their downloads in order to monetize free products and services. To add more, CNET has been sued by numerous software manufacturers for bundling malware with installments of their distributed software, even without notifying the developers. This often causes victims of CNET malware to report the legitimate software they downloaded from the distributor as unethical."

    I stopped using cnet in 2011, the first time I ever came across Webget which nearly bricked my system.

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  18. Re:Pirated software by ihtoit · · Score: 2

    which is one reason I don't use Steam (sorry to burst your "everyone" bubble, even my KSP is standalone) - when I buy software, I own that particular instance; fuck clickthru license terms, try Doctrine of Sale.

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel