Tuesday, May 11, 2010

Envisioning the Cyber Super Attack

Software security researchers at matousec.com announced this week that they'd devised a cyber-attack that would be capable of bypassing just about any existing anti-virus application on the market today. This theoretical cyber-super villain would apparently be able to sneak right past the likes of McAfee, Trend Micro, BitDefender and others.

The proposed method of attack would work by sending a sample of benign code in order to bypass security measures before then switching it with malignant data at the last minute. This nefarious bait and switch is like the computer equivalent of the enemy using a stolen password to infiltrate one's position in battle.

Just as an enemy agent infiltrating a position would take out the guards first, this attack would also be capable of taking our your anti-virus program, leaving you wide open to all manner of attacks.

And just as in a real-world operation of this sort, for this method of attack, it all comes down to timing. The attack must time it's bait and switch perfectly, not switching out for the malignant code too early or too late.

The good news is that only anti-virus applications that use System Service Descriptor Table, or SSDT to interact with Windows would be vulnerable. The bad news is that practically all anti-virus programs use SSDT hooks to interact with Windows.

As the researchers themselves put it, "100% of the tested products were found vulnerable." They went on to list a total of 34 products that would be vulnerable to an attack from this proposed digital super-weapon.

However the researchers also stated that such software would be large, and unwieldly. Meaning it would take a long time to download. Therefore a conventional hit and run cyber-attack would probably not offer enough time for the attack to sneak through.

But what if the attack were to attach itself to a vulnerable version of a commonly downloaded program such as Adobe Reader or Oracle's Java Virtual Machine? It would then be able to sneak right past your AV programs, install itself and take out your security like some kind of malevolent nano-ninja.

Of course at the moment this is mostly theoretical and there is no real world danger of such an attack . . . that we aware of. However it remains to be seen whether anti-virus producers will heed the threat seriously enough to come up with preventative measures before such an attack does arise.

No comments:

Post a Comment