A team of US security researchers has engineered a way of hiding malware in sentences that read like English language spam.

The work is a breakthrough because current network security techniques work on the assumption that the code used in code-injection attacks, where it is delivered and run on victims’ computers, has a different structure to non-executable plain data, such as English prose.
Advertisement

One of the researchers, Dr Josh Mason of John Hopkins University, Baltimore, said the team wanted to broaden its understanding of how malicious code could be deployed, and highlight the need to design more efficient techniques for preventing this kind of attack altogether.

Dr Nicolas T Courtois, an expert in security and cryptology at University College London, said the work was an important paper in virusology, challenging an assumption that code has a different structure to non-executable plain data. He said malware deployed in this way would be “hard, if not impossible, to detect reliably.”

Read the whole article here.