Frankenstein Virus Could Build Itself From Safe Computer Code

Frankenstein Virus Could Build Itself From Safe Computer Code

A new form of computer virus which can build itself out of discarded pieces of benign computer code has been resented at a conference in Texas.

The 'Frankenstein' virus (their word, not ours) would be nearly impossible to detect using current software, because it is made out of code that would otherwise have no effect on a computer.

Instead the virus literally constructs itself out of many pieces, until the final form is finished (and attacks its host machine).

Vishwath Mohan and Kevin Hamlen from the University of Texas demonstrated their work at the USENIX Workshop on Offensive Technologies, and is now available online to read and terrify yourself with at leisure.

Using 'gadgets', which are really just small pieces of code which perform small, specific functions and build up to make larger applications, the virus would build itself from software as widespread as Internet Explorer or Notepad. So if a benign program can copy and paste data, the virus would take that function while leaving the rest of the app untouched.

The aim of the research is to identify how such a virus could be made, so as to better defend against it in future.

The researchers said:

"Frankenstein forgoes the concept of a metamorphic engine and instead creates mutants by stitching together instructions from non-malicious programs that have been classified as benign by local defenses.

"This makes it more difficult for featurebased malware detectors to reliably use those byte sequences as a signature to detect the malware."

Close

What's Hot