C&B Notes

The Evolution of (Computer) Viruses

Much like it is with performance enhancing drugs and search engine optimization, ‘black hat’ perpetrators generally remain ahead of ‘white hat’ defenders when it comes to computer viruses.  A recent paper describes how the next innovation that may destroy your hard drive (dubbed ‘Frankenstein’ in this case) could be a virus that is compiled from code already on your computer within legitimate programs.

Like their biological counterparts, computer viruses are locked in an evolutionary arms race.  These programs, whose crucial characteristic is that they reproduce by copying themselves onto new machines, began as a curiosity in the early 1980s.  Now, however, they — and other, similar types of malicious software — support a multibillion-dollar industry in which those who use them to steal information and subvert computers struggle with those who devise and sell digital protection.  With so much at stake, malware, as it is known, gets ever sneakier, while the programs designed to detect it must get cleverer and cleverer just to keep up.

* * * * *

The digital version of Frankenstein works by scanning innocuous programs — word processors, say, or the calculator that is part of Microsoft’s Windows operating system — for small chunks of code dubbed “gadgets”. Such snippets encode handfuls of the most basic operations that computers perform: loading a number into memory, for instance, and then adding two numbers together.  Harvest enough of these, and arrange them in the right order, and it is possible to knock together a piece of software that can perform any task you like.  Frankenstein starts with a “semantic blueprint”:  an abstract description of what the program is designed to do.  It then sifts through all the gadgets on its host machine until it has put together the required list of instructions.

* * * * *

Who might be interested in such a thing?  Malware writers and antivirus firms are two obvious audiences.  But Wei Ming Khoo, a security researcher at Cambridge University who is not affiliated with the paper’s authors, reckons that Frankenstein’s reliance on code harvested from pre-installed software may slow its ability to spread between computers.  That would lessen its appeal for cybercriminals.  Mr. Khoo does, on the other hand, think the new approach would be good for precisely aimed, short-lived attacks.  In this context it is, perhaps, no surprise that the work was paid for in part by America’s air force and that the authors note delicately that their program might come in useful for “active defense” — or, as one of Britain’s rugby coaches once put it, “getting your retaliations in first.” The world of cyber-warfare, always a murky place, may thus be about to get murkier still.