Research team creates undetectable malware bound to legitimate software downloads

Most cyber attacks from your typical home hacker, come by way of techniques used 10 years ago or more like phishing scams, poor password management, and things of that nature. But now it seems as though a research team from Germany has developed on all new strain of malware.

The team from Ruhr University in Bochum, Germany has developed a new kind of malware that is able to tuck itself secretly beside legitimate software downloads. The malware isn’t in the the trusted software, but rather bound to it, enabling it to bypass many of the security measures in place for this kind of malicious software.

Since the original application is not modified in anyway, not only does it allow the malware to sneak through, but it can also be a much larger file than usual, allowing for a much deeper feature set. The researchers explain, “upon starting the infected application the binder is started. It parses its own file for additional embedded executable files, reconstructs and executes them, optionally invisible for the user.”

With some simple network redirecting, anyone making use of tactics like this only needs to man a single network point between the download server and the client to complete the process. While the team has suggested VPNs and HTTPs could be altered to catch bound malware like this, it doesn’t require any buffering while downloading and can easily pass through current malware fail-safe mechanisms undetected.

While this is a research project and you are likely in no immediate danger of bound malware at this point, lets just hope it stays that way.

via Research team creates undetectable malware bound to legitimate software downloads – TechSpot.