Hackers are back with scripts that looks different every time
THE arms race between hackers and the guardians of computer networks looks set to intensify with the development of "chameleon code". The new weapon could leave networks defenceless as malicious hackers gain access undetected. Hackers routinely break into networks using "scripts", instructions they send to the network to allow them to issue commands remotely. The hackers' new tool, known as polymorphic code, camouflages scripts so they can evade detection.
Computer network managers install software packages known as intruder detection systems to spot hackers. IDSs use a number of tricks to detect trespassers, such as scanning network activity to spot known characteristics, or signatures, of hacking scripts. IDS software is regularly updated to recognise the signatures of new scripts as they are developed. But according to K2, the Vancouver-based hacker who developed a version of polymorphic code to highlight the weaknesses of networks, there is no way to defend against camouflaged script. "Not the way current systems are designed," he says......
Copyright 2001 New Scientist, Reed Business Information
SECTION: This Week, Pg. 7
LENGTH: 441 words
HEADLINE: Masters of disguise
BYLINE: Duncan Graham-Rowe
HIGHLIGHT: The hackers are back with code that looks different every time
K2's camouflaging software can take the same script and make it look different every time it is used. This makes it impossible for network managers to build up a signature profile of the script. "Every execution will be unique," says K2. "It doesn't quite change the script because each line of code will equate to the same function." It's the equivalent of changing 4+1 to 2+3. They both equal 5 but look completely different to a signature-recognising program, he says.
Another technique used by the camouflaging software is to add lines of dummy code that don't affect the function of the script but change its appearance. "I have tried it out on lots of systems," K2 says. All the major IDS software was unable to detect it.
Presenting his polymorphic code at DEFCON, the annual hackers' convention in Las Vegas this week, K2 told New Scientist there is a good chance that hackers are already using similar techniques to gain access to company networks. One saving grace is that most hackers won't have the skills needed to cause serious damage using such code.
Network sentinels may have to change tack and look for behaviour profiles rather than individual types of script, says Peter Sommer, a computer security expert at the London School of Economics. He has never heard of polymorphic code being used, but the idea is familiar in computer security circles. It's just been a question of when it would arrive, he says. "But then how do you know about something that isn't detectable ?" he says.
For more science news see http://www.newscientist.com
- Tue, 2013-05-21 12:01
- Tue, 2013-05-21 11:43
- Tue, 2013-05-21 00:25