Proper English could help future viruses spread
Monday, November 30, 2009
Security researchers at Johns Hopkins University have revealed that, instead of complicated machine code impenetrable to the eye of the layperson, the next big advancement in computer virus programming could use grammatically correct English sentences to spread their malicious payload.
The Johns Hopkins team, headed by Josh Mason, used text formatting instructions in combination with a sophisticated computer virus to execute remote commands which appear to be innocent English sentences. The idea is to allow for the formatting instructions to be written in plain text, but surrounded by other English words - for example, instructing the program to pay attention only to bolded or italicized text.
While the idea for this type of exploit is not new, most researchers thought that English vocabulary and restrictive grammar would make any such effort to use the vulnerability far too labor-intensive for general use. However, Mason's use of text found through the Gutenberg Project should give new urgency to researchers trying to study the subject.
Still, Mason admitted to NewScientist, the amount of engineering involved in creating a functioning exploit of this type means that it is still prohibitively time-consuming, and unlikely to see widespread use in the near future.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
