Research team creates undetectable malware bound to legitimate software downloads

[Justin Kahn]

Most cyber attacks from your typical home hacker, come by way of techniques used 10 years ago or more like phishing scams, poor password management, and things of that nature. But now it seems as though a research team from Germany has developed on all new strain of malware.

The team from Ruhr University in Bochum, Germany has developed a new kind of malware that is able to tuck itself secretly beside legitimate software downloads. The malware isn't in the the trusted software, but rather bound to it, enabling it to bypass many of the security measures in place for this kind of malicious software. 

Since the original application is not modified in anyway, not only does it allow the malware to sneak through, but it can also be a much larger file than usual, allowing for a much deeper feature set. The researchers explain, "upon starting the infected application the binder is started. It parses its own file for additional embedded executable files, reconstructs and executes them, optionally invisible for the user."

With some simple network redirecting, anyone making use of tactics like this only needs to man a single network point between the download server and the client to complete the process. While the team has suggested VPNs and HTTPs could be altered to catch bound malware like this, it doesn't require any buffering while downloading and can easily pass through current malware fail-safe mechanisms undetected.

While this is a research project and you are likely in no immediate danger of bound malware at this point, lets just hope it stays that way.

Image via Shutterstock

Permalink to story.

https://www.techspot.com/news/57810-research-team-creates-undetectable-malware-bound-to-legitimate-software-downloads.html

 

[captaincranky]

It's stories like this that make you ask yourself, "is having internet really worth the aggravation"....

 

[dividebyzero]

Presumably the internal discussion ended with the realization you had no viable Plan B for having Russian art models come visit?

 

[captaincranky]

Presumably the internal discussion ended with the realization you had no viable Plan B for having Russian art models come visit?

Well, "Plan B", is an old XP box, with no stored passwords, no passwords ever entered, and presumably no active or executable content downloaded.

I'm a simple man, with simple needs. My quest for free programs ended back at DVDFab 8... point something.

 

[tonylukac]

They've had this for 20 years. Why would download.com say they have tested malware free downloads?

 

[psycros]

"The researchers explain, "upon starting the infected application the binder is started."

From the sound of it there's nothing new about this at all. Its just a man-in-the-middle attack that infects a redirector applet. Externally streamed pop-up malware has been doing that since forever.

 

[captaincranky]

They've had this for 20 years. Why would download.com say they have tested malware free downloads?

Because you wouldn't download anything from them if they told you it did have malware in it.

And BTW "Open Candy" isn't malware....er is it...?

 

[RzmmDX]

Wouldn't a crc check fix this problem...

 

[VitalyT]

A good-intended research, I'd wager...

 

[SalaSSin]

Does anyone still remember the "silk thread", wasn't that a similar way used back in 2000 to bind viruses to legitimate files?

 

[Guest]

Back in 1989 there was the 4096 virus. All .exe and .com files where 4096 bytes bigger when viewed on a clean system. On the infected system, the files listed with the same size & passed CRC integrity checks.
That's why it was a Stealth virus...