Malware Detection May Turn Out Ruthless

Erez Metula, software security engineer at 2BSecure, has discovered a new tool that can help a big deal in simplifying the location of malicious software, in .Net framework of Microsoft on Windows systems, which are difficult to detect.

The tool .Net-Sploit 1.0 modifies .Net, a string of software which is installed in majority of Windows systems and that enables computers to run certain applications.

Security experts stated that Microsoft creates a collection of developer equipments for the programmers to develop applications well-suited to the framework. It gives developers the benefit of writing programs in various high-level languages, all of which can be executed on a system.

Though, .Net-Sploit permits an attacker to alter the .Net framework on the PCs on target, and to implant malware, having the features of a rootkit, at a location which is safe from the reach of security applications or the places that are rarely suspected by anyone, added Erez Metula, as reported by Infoworld on April 17, 2009.

While giving a presentation in Amsterdam, at the Black Hat security conference, Metula said that it will be surprising to know how conveniently an attack can be launched in a device.

Moreover, as some applications rely on certain components of .Net structure for being executed, it clearly indicates that malware may disrupt the functioning of several applications. For instance, an application having an authentication system could be assaulted in case the compromised .Net framework is intercepting the passwords and usernames; thereby forwarding them to a distant server.

.Net-Sploit automates certain difficult coding tasks required to corrupt the framework, imparting more speed to the development of assaults.

Metula also added that an attacker should have control of the system before using his newly released tool. By infecting the .Net framework, an attacker can secretly access the computer system for a longer time period.

Researchers noted that to indentify the tampering of .Net framework, security vendors need to upgrade their software. However, .Net is not the sole application framework which is susceptible to cyber attack, as other frameworks, like Java Virtual Machine used to execute Java programs, may also be targeted in other forms.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 4/23/2009