It’s good to know that there is a positive aspect to
malware. But it takes a lot of hard work to make it
so.
The pictures here are the product of the creative artistry of
Romanian artist and now member of MIT’s social media research group
Alex Dragulescu,
and the malware hunters at
MessageLabs.
Paul Wood, senior security analyst at MessageLabs and linkman
between the labs and Dragulescu, said the two parties got in touch
after discovering that Dragulescu was using information from spam
e-mail to develop computer-generated images.
“We thought it might be a good idea to see if Alex’s technique
could work with malware,” said Wood.
Dragulescu had developed algorithms that took pieces of code
from messages and reiterated them, much the way fractal images are
created, to build images.
“Obviously we didn’t want to give Alex live malware code to work
on, so we deconstructed the code to see how it worked, what calls
it made, what files it opened,” Wood said.
He said the process is analogous to genetic engineering, where
the malware’s DNA is sliced and diced and reassembled under control
to produce something new and interesting.
In addition to supplying the deactivated code, MessageLabs
suggested that Dragulescu use different colour codes for each type
of malware.
“What we didn’t expect to see was how the images from a blended
threat would reveal code elements belonging to each individual
threat,” Wood said.
Wood said his bug hunters were sceptical to start with, but once
they could see how code patterns could produce instantly
recognisable malware signatures they got excited.
“With our present equipment is takes about an hour to get a
picture, so it’s not practical to use this technique in production
to identify malware, Wood said. “But with Alex at MIT, he’s got
access to some serious computer power. Who knows where this might
lead?” he said.