Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Malware Stego With Proper English

with one comment

Hackers could evade most existing antivirus protection by hiding malicious code within ordinary text, according to security researchers.

One of the most common ways of hijacking other people’s computers is to use “code-injection” attacks, in which malicious computer code is delivered to and then run on victims’ machines. Current security measures work on the assumption that the code used has a different structure to plain text such as English prose.

Now a team of researchers has highlighted a potential future theatre in the virus-security arms race by working out how to hide malware within English-language sentences.

Though this is a hard exploit to pull off because of all the groundwork that needs to go into it, it is a novel approach for say, a nation state actor such as China to try huh? Of course they would have to work a bit harder at using English properly and not go for the pidgin English that they are known for now in coding sites and malware at times. Imagine just getting infected from a grammatically correct http page on the internet eh?

This exploit would be classic steganography though. Lets see if this exploit shows up somewhere in the future….

“English Shell Code”

Written by Krypt3ia

2009/11/28 at 12:48

One Response

Subscribe to comments with RSS.

  1. It’s the ‘pidgin’ english that helps me to spot the malware when I’m trying to figure out if it’s ‘friend or foe’.

    it nails them every time.

    sunfell

    2009/11/28 at 14:42


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: