Breakthrough paper shows hackers could evade anti-virus protection by hiding malicious code in sentences that read like English language spam

Written by Robert Blincoe

A team of US security researchers has engineered a way of hiding malware in sentences that read like English language spam.

The work is a breakthrough because current network security techniques work on the assumption that the code used in code-injection attacks, where it is delivered and run on victims’ computers, has a different structure to non-executable plain data, such as English prose.

One of the researchers, Dr Josh Mason of John Hopkins University, Baltimore, said the team wanted to broaden its understanding of how malicious code could be deployed, and highlight the need to design more efficient techniques for preventing this kind of attack altogether.

Dr Nicolas T Courtois, an expert in security and cryptology at University College London, said the work was an important paper in virusology, challenging an assumption that code has a different structure to non-executable plain data. He said malware deployed in this way would be “hard, if not impossible, to detect reliably.”

The research is a proof of concept, but Mason doubts any hackers are currently using the English language disguise technique for their code. “I'd be astounded if anyone is using this method in the real world owing to the amount of engineering it took to pull off,” he said. “A lot of people didn't think it could be done.”

»www.computing.co.uk/computing/ne···language