Malware Concealed Inside English Sentences
According to security researchers, antivirus techniques have a fundamental flaw which may enable computer hackers to conceal malicious software inside sentences written in grammatically correct English.
A very popular method of taking control of other users' PCs is to inject malicious code into them and then run that code on those systems. When modern security products work, they assume that the structure of such a code is different from normal English text like a prose.
Josh Mason at the John Hopkins University in Baltimore, Maryland, along with his colleagues has recently conducted a research named "English Shellcode." The research discovered that the competition among antivirus defenses could become worse via a huge English text whose word combinations got utilized in a malicious code, as reported by DNA on 28 November, 2009.
Mason added that due to the limited commands of the code, not much could be suggested while numerous people did not expect that it could happen. Because of this payload, attackers are able to randomly regulate users' computer resources, software and data. Thereafter, attackers decide the way in which they would carry on with their attacks.
Commenting on the research's findings, Nicolas Courtois, Cryptology and Security Researcher at University College London, stated that malware through English text could prove extremely difficult to spot, as reported by Trak on November 28, 2009.
Indeed, Courtois indicated that the research revealed considerable implications for technology firms as well as contended that companies like Intel should modify their instructions in such a way that detection of above type of attack could become easier.
In addition to Courtois and Mason, Managing Director of forensics consultancy Secure-Bastion, John Walker, remarks that the research draws attention to faults inherent to the approach that anti-virus players employ to deal with security exploits, as reported by computing.co on November 30, 2009.
Walker added that he was certain that antivirus programs which people knew in the way they existed currently had fallen much behind their expected capability, and hackers were sure to cash in on the situation.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 09-12-2009