Return-Oriented Programming Changes Good Software Malicious

Two graduate scholars Ryan Roemer and Erik Buchanan from California's San Diego University revealed the process of making a known computer virus that has high automated capacity than previously assumed.

Application of what is referred to as "return-oriented programming" could allow even accurately developed software to be compromised, thereby starting to work as the attacker's agent.

Moreover, the scholars explained that if one consider that there are thousands of small functions inside every software, then it would become extremely easy to recognize that software's possible use for developers of computer viruses. And if these virus writers could change the software's return address not to indicate to a function, then the virus writers could compromise the software and move it to any place of their choice.

The scholars also said that given the longstanding knowledge of such a potential virus exploit, it nevertheless required the maximum effort to craft the code in order to exploit it.

According to the researchers, the virus exploits a known bug with which the attacker could instruct the remotely located computer to alter the program's return address. Thus, rather than returning to the actual function, the program would head for a destination that the developer of the virus determines.

Meantime the researchers caution that high protection is not possible against this kind of exploit as the insides of properly written software are simply utilized differently to change the system. Besides, they state that only when the system begins to act differently, it is possible to identify the attack.

Further, the researchers believe these types of exploits could be utilized in forthcoming attacks as the main theme. This arises from the fact that the entire code applied is validated, familiar to the computer, works properly as seen from the outside. And to get free from this type of attack, software should be bug free. In reality, as long as people write codes, such a situation is not likely to happen, implying that all systems everywhere are vulnerable to this type of attack.

Related article: Return of password stealer Trojan

» SPAMfighter News - 11/7/2008