Posted by: Robert Westervelt
malware, reverse engineering
Coding technique designed to tie up reverse engineers has been used in the past, Symantec says.
Researchers reverse engineering the malware used in a string of attacks against Google and at least 30 other firms and government agencies, has found the cybercriminals behind the attack using spaghetti code.
The obfuscation technique is not new. It is designed to make reverse engineering more difficult, but today it usually doesn’t give researchers much trouble. There are a variety of convoluted “pasta coding” techniques. Lasagna code is favored in structured programming, ravioli code is likened to object-oriented programming (OOP).
Symantec calls the Trojan attempting to exploit a now patched zero-day vulnerability in Internet Explorer Trojan.Hydraq. The coding was first discovered in 2006 and today it can be deployed using a variety of automated tools.
Symantec researcher Patrick Fitzgerald compared the Trojan to two more complex malware samples.
While many threats are simpler than Hydraq in not using any obfuscation or using well-known packers, the obfuscation method utilized by Hydraq is fortunately not novel and is easily reversible, unlike other prevalent malware samples in today’s threat landscape.