News

Hackers take covert action on malware

Hackers working for organised crime are getting more sophisticated in their attempts to cover their tracks and ensure that the malware they write is hard to detect and remove.

According to security specialists at the Computer Security Institute (CSI) in the US, the most popular techniques involve code mutation methods to evade detection by signature-based malware blocking tools; code fragmentation that makes removal harder; and code concealment using rootkits.

The intention is to keep the malware as covert as possible to allow it to work ‘under the covers’, perhaps logging keystrokes or stealing passwords. Such code is completely different to the mass-mailing worms such as MS Blaster and SQL Slammer, which have caused havoc in the past.

An increasingly popular way of implementation is the use of polymorphic code that constantly mutates. Many malicious hackers use so-called "packers" to encrypt malware to evade detection; and then use different routines for decrypting the code to create a virtually unlimited number of mutations.

Swizzor, for example, which is a Trojan download program discovered earlier this year, repacked itself once a minute to get past signature-based tools that work only if they know precisely what to block. It then recompiled itself once an hour.

Given the complexity and sophistication of these methods, the ‘good guys’ face an uphill task in countering the threats – unless they start to act like hackers themselves.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy