A new virus that’s been created by computer scientists from the University of Texas, is able to combine elements from other software to copy itself with minor variations in order to avoid detection. While the creators dubbed it Frankenstein, this writer couldn’t help thinking of John Carpenter’s The Thing.
The two men behind the new bit of conceptual malware, Vishwath Mohan and Kevin Hamlen, designed the virus to see how stealthy a piece of malware they could create. Because the nefarious bit of code targets programs that have previously been classified as safe by anti-viral software, copying elements from them presents a very simple and effective way of hiding in plain site. When Frankenstein infects a new system, it searches out software that has code within it for copying and other features. It then uses elements from these different programs, to recreate a version of itself that works the same way, but at the base level is different enough to technically be a new species of malware.
In other words, it’s a virus that reproduces in a fashion other than asexually.
The authors said “We apply the idea of harvesting instructions to obfuscate malicious code. Rather than using a metamorphic engine to mutate, we stitch together harvested code sequences from benign ﬁles on the infected system to create a semantically equivalent binary. By composing the new binary entirely out of byte sequences common to benign-classiﬁed binaries, the resulting mutants are less likely to match signatures that include both whitelisting and blacklisting of binary features.”
All of this is written up in the official report, discussing the creation of the Frankenstein. The authors explain that with its abilities, the conceptual malware has the ability to become a strong tool for infiltrating networks and shows a glaring weakness in current defensive software that needs to be plugged up.
Anyone that’s read Michael Chrichton’s novel, Prey, will also be noticing similarities here. While Frankenstein may have the ability to stealth itself based on an ever changing semantics, there’s also the potential here for an evolutionary code system. If the priorities of Frankenstein are merely to change and become stealth like, its current iteration works very well. However if the goal of the software were changed, for example to increase its number of functions, what would Frankenstein look like a few generations down the road?