[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] New Scientist 11.7.01: Chameleon code gives hackers advantage
Infowar.de - http://userpage.fu-berlin.de/~bendrath/liste.html
--------------------------- ListBot Sponsor --------------------------
Have you visited eBayTM lately? The Worlds Marketplace where you can
buy and sell practically anything keeps getting better. From
consumer electronics to movies, find it all on eBay. What are you
waiting for? Try eBay today.
http://www.bcentral.com/listbot/ebay
----------------------------------------------------------------------
http://www.newscientist.com/news/news.jsp?id=ns99991000
Chameleon code gives hackers advantage
19:00 11 July 01
Duncan Graham-Rowe
The arms race between malicious hackers and the guardians of computer networks looks set to intensify with the development of "chameleon code". The new weapon could leave networks defenceless as malicious hackers gain access undetected.
Hackers routinely break into networks using "scripts", instructions they send to the network to allow them to issue commands remotely. The hackers' new tool, known as polymorphic code, camouflages scripts so they can evade detection.
Computer network managers install software packages known as intruder detection systems to spot hackers. IDSs use a number of tricks to detect trespassers, such as scanning network activity to spot known characteristics, or signatures, of hacking scripts.
IDS software is regularly updated to recognise the signatures of new scripts as they are developed. But according to K2, the Vancouver-based hacker who developed a version of polymorphic code to highlight the weaknesses of networks, there is no way to defend against camouflaged script. "Not the way current systems are designed," he says.
Dummy code
K2's camouflaging software can take the same script and make it look different every time it is used. This makes it impossible for network managers to build up a signature profile of the script.
"Every execution will be unique," says K2. "It doesn't quite change the script because each line of code will equate to the same function." It's the equivalent of changing 4+1 to 2+3. They both equal 5 but look completely different to a signature-recognising program, he says.
Another technique used by the camouflaging software is to add lines of dummy code that don't affect the function of the script but change its appearance. "I have tried it out on lots of systems," K2 says. All the major IDS software was unable to detect it.
Detecting the undetectable
Presenting his polymorphic code at DEFCON, the annual hackers' convention in Las Vegas this week, K2 told New Scientist there is a good chance that hackers are already using similar techniques to gain access to company networks. One saving grace is that most hackers won't have the skills needed to cause serious damage using such code.
Network sentinels may have to change tack and look for behaviour profiles rather than individual types of script, says Peter Sommer, a computer security expert at the London School of Economics.
He has never heard of polymorphic code being used, but the idea is familiar in computer security circles. It's just been a question of when it would arrive, he says. "But then how do you know about something that isn't detectable?" he says.
______________________________________________________________________
To unsubscribe, write to infowar -
de-unsubscribe -!
- listbot -
com