快猫短视频

Masters of disguise

The hackers are back with code that looks different every time

THE arms race between hackers and the guardians of computer networks looks
set to intensify with the development of 鈥渃hameleon code鈥. The new weapon could
leave networks defenceless as malicious hackers gain access undetected.

Hackers routinely break into networks using 鈥渟cripts鈥, instructions they send
to the network to allow them to issue commands remotely. The hackers鈥 new tool,
known as polymorphic code, camouflages scripts so they can evade detection.

Computer network managers install software packages known as intruder
detection systems to spot hackers. IDSs use a number of tricks to detect
trespassers, such as scanning network activity to spot known characteristics, or
signatures, of hacking scripts.

IDS software is regularly updated to recognise the signatures of new scripts
as they are developed. But according to K2, the Vancouver-based hacker who
developed a version of polymorphic code to highlight the weaknesses of networks,
there is no way to defend against camouflaged script. 鈥淣ot the way current
systems are designed,鈥 he says.

K2鈥檚 camouflaging software can take the same script and make it look
different every time it is used. This makes it impossible for network managers
to build up a signature profile of the script. 鈥淓very execution will be unique,鈥
says K2. 鈥淚t doesn鈥檛 quite change the script because each line of code will
equate to the same function.鈥 It鈥檚 the equivalent of changing 4+1 to 2+3. They
both equal 5 but look completely different to a signature-recognising program,
he says.

Another technique used by the camouflaging software is to add lines of dummy
code that don鈥檛 affect the function of the script but change its appearance. 鈥淚
have tried it out on lots of systems,鈥 K2 says. All the major IDS software was
unable to detect it.

Presenting his polymorphic code at DEFCON, the annual hackers鈥 convention in
Las Vegas this week, K2 told 快猫短视频 there is a good chance that hackers
are already using similar techniques to gain access to company networks. One
saving grace is that most hackers won鈥檛 have the skills needed to cause serious
damage using such code.

Network sentinels may have to change tack and look for behaviour profiles
rather than individual types of script, says Peter Sommer, a computer security
expert at the London School of Economics. He has never heard of polymorphic code
being used, but the idea is familiar in computer security circles. It鈥檚 just
been a question of when it would arrive, he says. 鈥淏ut then how do you know
about something that isn鈥檛 detectable?鈥 he says.

More from 快猫短视频

Explore the latest news, articles and features