Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Software IT Technology

Frankenstein Code Stitches Code Bodies Together To Hide Malware 111

Posted by timothy from the vould-have-an-enormous-schwangstucker dept.
mikejuk writes "A recent research technique manages to hide malware by stitching together bits of program that are already installed in the system to create the functionality required. Although the Frankenstein system is only a proof of concept, and the code created just did some simple tasks, sorting and XORing, without having the ability to replicate, computer scientists from University of Texas, Dallas, have proved that the method is viable. What it does is to scan the machine's disk for fragments of code, gadgets, that do simple standard tasks. Each task can have multiple gadgets that can be used to implement it and each gadget does a lot of irrelevant things as well as the main task. The code that you get when you stitch a collection of gadgets together is never the same and this makes it difficult to detect the malware using a signature. Compared to the existing techniques of hiding malware the Frankenstein approach has lots of advantages — the question is, is it already in use?" Except for the malware part, this has a certain familiar ring.
This discussion has been archived. No new comments can be posted.

Frankenstein Code Stitches Code Bodies Together To Hide Malware More

Frankenstein Code Stitches Code Bodies Together To Hide Malware

Comments Filter:

  • Not possible in my system (Score:5, Funny)

    by mykepredko ( 40154 ) on Saturday September 01, 2012 @11:21PM (#41203495) Homepage

    Seriously, I would expect the pieces of the Frankenstein code to be fairly readily identifiable and

    Erectile Dysfunction? Need to please more than one woman. Have we got the pills for you - legal and over the counter just click here: getitup.com

    highly unlikely that a well protected system like mine would EVER have to worry about it.

    myke

  • Re:In the wild ... (Score:5, Funny)

    by jd2112 ( 1535857 ) on Saturday September 01, 2012 @11:36PM (#41203567)

    From TFA:

    Although the Frankenstein system is only a proof of concept, and the code created just did some simple tasks, sorting and XORing, without having the ability to replicate, computer scientists from University of Texas, Dallas, have certainly proved that the method is viable. And who knows, it might even be out there in the wild. After all, one of the main advantages of the method is that it hides malware more effectively.

    While I have to profess that I do not know of any existing Frankenstein-code in operation, I can't discount the possibility that, buried in thousands and thousands closed-source software fragments there are things that we have absolutely no idea what they are Even in a totally open source environment, hiding code fragments isn't that hard to accomplish either And who knows? Maybe TPTB already got the Frankenstein codes installed in all our machines

    Let me check...

    Directory of C:\
    ...
    08/28/2012 11:37 PM 904,704 abbynormal.exe
    ...
    I think you might have a point.

  • Re:Is this actually hard to detect? (Score:5, Funny)

    by Opportunist ( 166417 ) on Sunday September 02, 2012 @02:25AM (#41204101)

    If Symantec did it, you were infected with Symantec.

Slashdot Top Deals

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis

Close