Security Protection – Harry Waldron MVP Rotating Header Image

Malware Return-Oriented Programming – Detection Method discovered

This recent discovery by researchers could benefit future operating systems and security protection products in future

PC Magazine – New Technique Detects Hidden Exploits http://securitywatch.pcmag.com/malware/289607-new-technique-detects-hidden-exploits

QUOTE: Modern operating systems don’t make life easy for malware coders. Features like Data Execution Prevention and non-executable memory pages ruin schemes that involve injecting malicious code disguised as data. Modern malefactors have turned to a technique called Return-Oriented Programming (ROP) to get around these restrictions. However, researchers Michalis Polychronakis and Angelos D. Keromytis from Columbia University have invented a way to detect this sneaky technique.

Instead of trying to inject malicious code into the system, the malware writers find the CPU instructions they want in existing processes, typically always-loaded Windows processes. They slip in a list that contains the in-memory addresses of these code chunks, called “gadgets“. By forcing execution of the gadgets in a specific order, they build an exploit without ever placing executable code on the system.

Comments are closed.