Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

The Malware of the Future May Come Bearing Real Gifts 103

An anonymous reader writes "Research by Prof. Giovanni Vigna of the University of California leads him to believe that the malware of the future will come in a friendly form, be genuinely useful and may not reveal its intentions for a protracted period of time. Prof. Vigna, speaking at IP Expo in London, outlined a fearful future of 'mimicry' in evolved strains of malware. In the current stage of the war between malware and security researchers, the emphasis is almost entirely on the attempt to convince increasingly intelligent — and increasingly suspicious — malware that it is operating in a bare-metal environment when it is in fact in a sandbox or VM environment. For the malware, the stakes are tremendously high — if it has reached the point of OS-level execution without its hash being indexed and red-flagged by online security databases, it cannot afford to reveal its intentions in a test environment. This article outlines the extraordinary game of cat-and-mouse being played between researchers and hackers, and how future malware exploits are likely to abandon a rush for the buffer overflow in favor of 'the long game' — and to make themselves useful in the process.
This discussion has been archived. No new comments can be posted.

The Malware of the Future May Come Bearing Real Gifts

Comments Filter:
  • Malware (Score:5, Insightful)

    by j127 ( 3658485 ) on Thursday October 09, 2014 @12:21AM (#48099871)
    It's already here. They're called smartphone apps.
    • It's already here. It's called the internet.

      The NSA was established in Nov 4, 1952

      The history of the Internet begins with the development of electronic computers in the 1950s. Initial concepts of packet networking originated in several computer science laboratories in the United States, Great Britain, and France. The US Department of Defense awarded contracts as early as the 1960s for packet network systems, including the development of the ARPANET (which would become the first network to use the Internet Protocol.)

    • It's already here. They're called smartphone apps.

      Actually, that is probably the holy grail for malware. If you can sneak an app past Apple's testing by delaying its activities you would open up a whole lot of phones to infections. Given the readiness of people to d/l and trust smartphone apps you could probably get away with it for quite some times I doubt many people look for suspicious behavior once your inside the walled garden; just look at what today's apps can (somewhat) openly collect. The challenge is to build one that avoids detection and bypasse

      • by namgge ( 777284 )

        Not really. The nice/nasty thing about Apple's walled garden, depending on your point of view, is that if just one user notices and reports your malware doing something it shouldn't Apple can revoke the relevant certificates and it's game over within a matter of hours.

        Since one also has to provide proof of identity and pay a subscription to get the certificates in the first place unless the author took a lot of trouble to create a false identity they could be tracked down and prosecuted.

        Now, I am sure there

        • by j127 ( 3658485 )
          The apps and phones themselves are spyware/adware/malware. I can't use some app unless I send my entire web browsing history to some random, unknown company that monetizes through mining and/or selling data.
    • by Rob Riggs ( 6418 )

      It's already here. They're called smartphone apps.

      Exactly. If the ${INSERT_SPY_ORG_HERE} wants to know what you are doing, you will only be presented with a notice that one of your apps has been updated. The government with the most influence over the companies that control the app stores wins the spy war. There are three majors. They are all multinationals based in the U.S.

      When any one of these companies stops playing ball with the U.S., their IRS tax bill will come due. That's your clue to how well they are protecting your privacy.

    • by gweihir ( 88907 )

      Far older than that. It is called MS Windows and MS office and those were only the first large-scale implementations of the idea. The strategy is called "embrace and extend". Really, has this person been living under a rock?

  • Oblig. xkcd (Score:4, Funny)

    by Nemyst ( 1383049 ) on Thursday October 09, 2014 @12:31AM (#48099939) Homepage
    xkcd 810 [xkcd.com].
    • Sounds like the new malware model is:

      1. Write great software that everyone wants
      2. Profit!
      3. Break everything
      .....
      5. Go to Jail?
  • by Bob9113 ( 14996 ) on Thursday October 09, 2014 @12:38AM (#48099973) Homepage

    Research by Prof. Giovanni Vigna of the University of California leads him to believe that the malware of the future will come in a friendly form, be genuinely useful and may not reveal its intentions for a protracted period of time.

    Some of it will even turn the American public library system into an infectious host. Adobe Digital Editions 4 [slashdot.org] scans your hard drive and sends some of the data it finds, in the clear, back to Adobe.

  • Adobes already doing this! They're such an awesome company, leading the way into our Brave New World!
  • by skirmish666 ( 1287122 ) on Thursday October 09, 2014 @12:47AM (#48100033)
    Reports your system as a VM to everything
    • by Anonymous Coward

      I'm already changing my admin username to "andy"

  • I bet that software pirates already have injected malware in many warez, mainly heavy graphics games. Doing so they could discreetly control a lot of powerful machines.

    • Re:Pirated software (Score:5, Interesting)

      by tlhIngan ( 30335 ) <slashdot.worf@net> on Thursday October 09, 2014 @01:33AM (#48100201)

      I bet that software pirates already have injected malware in many warez, mainly heavy graphics games. Doing so they could discreetly control a lot of powerful machines.

      No, the software itself isn't infected with malware, actually. What happens is they infect the keygens or cracks. This is because most software applications are actually signed, as are installers, so they don't bother infecting that - they distribute the original installers with all the original signatures intact.

      But since to use it requires running the crack executable to get the key, well, the user will just double-click it, get their machine infected, and the key to unlock the program they just installed.

      And it's been happening a long time - it's why cracks and keygens are long tagged by AV apps - because while there are a few clean cracks and keygens, you can bet most you find on torrent sites and elsewhere are infected.

      • by AmiMoJo ( 196126 ) *

        This is because most software applications are actually signed, as are installers, so they don't bother infecting that - they distribute the original installers with all the original signatures intact.

        It's a real shame too. Used to be that you could buy a game and then download a clean installer without the DRM malware in it, and enter your code from the retail packaging. Now you have no choice but to accept the malware, even on a legitimate purchase. Well, you can chose not to play of course.

        • by tlhIngan ( 30335 )

          It's a real shame too. Used to be that you could buy a game and then download a clean installer without the DRM malware in it, and enter your code from the retail packaging. Now you have no choice but to accept the malware, even on a legitimate purchase. Well, you can chose not to play of course.

          I thought this died out now that everyone's using Steam. You could buy a retail box which is just an installer that copies the bulk of the data to your hard drive (saving you a download), but in the end it was just

          • by ihtoit ( 3393327 )

            which is one reason I don't use Steam (sorry to burst your "everyone" bubble, even my KSP is standalone) - when I buy software, I own that particular instance; fuck clickthru license terms, try Doctrine of Sale.

          • by romons ( 2767081 )
            I've had to remove steam. Boot times are incredibly slow when it is installed. It doesn't install malware; it IS the malware.
  • What if I can convince malware that my bare metal is actually a VM? Then will the malware authors work as hard as they can to have their stuff NOT install on my machine?

  • by dltaylor ( 7510 ) on Thursday October 09, 2014 @01:05AM (#48100095)

    There's a gift, which may be ongoing, but it has a nasty payload.

    Never had either an STD or computer malware.

    Paranoia is your friend, 'cause they ARE out to get you.

  • by geminidomino ( 614729 ) on Thursday October 09, 2014 @02:04AM (#48100303) Journal

    Is this guy new here or what? Ostensibly useful ("friendly", since TFS apparently wants to anthropomorphize software) programs that carry a nasty payload that doesn't trigger immediately? How's that any different from 20 years ago, when they were called "trojans?"

  • Wasn't Google set up set up (strike that), transformed to do just this? Along with Facebook and Twitter?
  • The Malware of the Future May Come Bearing Real Gifts

    Malware you can't delete off your machine and that destroys your computer slowly, such as Symantec and MacAfee, have gifted users free trials for years.

  • by Anonymous Coward

    There is a site, www.thebuddyforum.com that sells just such a thing. These are the obnoxious bots you see running around your favorite MMORPG, stealing your kills, farming gold, powerleveling, etc. They have to be sandboxed to hide them the anti-cheating tools, and have to run in environments without virus scanners because... they are malware themselves. (In an attempt to sandbox ones of these to get a hash to report to hackshield, my anti-virus software deleted the bot multiple times. Yes I had to ****ing

  • by mmell ( 832646 ) <mike.mell@gmail.com> on Thursday October 09, 2014 @02:32AM (#48100413)
    Malware authors need only take their existing freeware "products" and put a timer in to delay payload delivery. I can conceive of several ways to do this with only minimal effort.
    • My mother had a few of those. Some coupon app on her desktop that was actually advertised by her local news station for getting an aggregated searchable list of coupons available and where to acquire them. It did what it was supposed to. It also downloaded and installed additional applications and hijacked your browser (eg: toolbar search goes to their stuff no matter which option you select, added adverts to websites, and displayed popup ads with fake warnings)
      • I also just had to remove something like this from a friends PC. This was a Win 7 and what was interesting was that it was installed as a service. Had to disable the service, remove the folder then remove the service. It was quite well hidden and nasty not fun to get rid of.
  • Old Story (Score:4, Interesting)

    by bickerdyke ( 670000 ) on Thursday October 09, 2014 @03:15AM (#48100565)

    Reminds me of the late 90s/early 2000s when millions of accounts for a german online service (T-Online) have been stolen - by 3rd party tool for that service that offered additional services including up/downing your connection (which was essential for those high, minute based rates back then. Butso it had your password, of course)

    It was a PITA to convince people to stop using that tool because it was so usefull.

  • by ruir ( 2709173 ) on Thursday October 09, 2014 @03:45AM (#48100627)
    You mean, like trojans inside apps since the 60s? This is a new low even for slashdot.
  • To protect yourself from malware, litter your system with artefacts that mimic sandboxes and virtual machines :)

  • It's called "Microsoft Windows(tm)(R)(c)"

  • They rape our privacy for their profit. Now they both happen to be extremely useful and this is their real gift. I'm not sure what the point here is, except that there's a fine line between malware and a $100b company.
  • We had the "useful" malware back in the 90's. It was called Bonzi Buddy.

    • by pla ( 258480 )
      Don't forget weatherbug, realplayer, every "coupon" program in existence, Sony rootkits, Diablo 3... I could go on.

      "Malware" has come packaged with semi-useful software right since the beginning. Even the most naive of grandmas don't typically install standalone viruses deliberately.
  • by Anonymous Coward

    The Malware of the Future May Come Bearing Real Gifs

    Any sufficiently modern malware produces it's instant gratification in the form of jpegs. Unisys patented porn is now mostly dead pixels and bears.

  • It started as one of my typical IT service calls: a Windows Vista laptop was clogged with malware and running slowly. I soon discovered that one of the major culprits was Conduit, a virus that wraps itself kudzu-like around browsers, making every Web page it touches into a hijacked slug. But the customer was running Incredimail, a mail client she loved and had been using for years. Apparently not long ago Conduit bought Incredimail and now requires that a certain amount of their malware be running to keep I

  • So black hats are going to spend a bunch of resources making something useful that a lot of people are going to want...and then break their system? Reminds me of when they defrosted Dr. Evil and right after he made his demand for ONE MILLION DOLLARS his minions were telling him their legitimate businesses generated $2billion last year.
  • by Anonymous Coward

    Its called I-tunes.

  • And I mean my subject literally. This is precisely how we ended up with mitochondria and much of the junk DNA in our genome. Some foreign invader played the long game so well that it just became part of the organism.

    It will be interesting to see if we get to a point where the malware is so useful, that instead of cleaning it out we just find a way to keep the good parts.

  • Back in the late 90's following the idea of real pathogens favoring a long life for their hosts, we talked about how eventually computer viruses would do the same. We joked how they would be built to keep the computer up and running and actually have functions to make it do all the maintenance that normal users never do and that tech support (the jobs we were doing then) would actually advise catching certain viruses to solve hardware issues. This has just about played out. There have long been things like

  • Malware of the future is an institutionnal malware :
    https://www.techworm.net/2014/... [techworm.net]

If you can't understand it, it is intuitively obvious.

Working...