Security Bytes

Jan 26 2010   2:16PM GMT

Malware in Google attacks uses spaghetti code

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


Coding technique designed to tie up reverse engineers has been used in the past, Symantec says.

Researchers reverse engineering the malware used in a string of attacks against Google and at least 30 other firms and government agencies, has found the cybercriminals behind the attack using spaghetti code.

The obfuscation technique is not new. It is designed to make reverse engineering more difficult, but today it usually doesn’t give researchers much trouble. There are a variety of convoluted “pasta coding” techniques. Lasagna code is favored in structured programming, ravioli code is likened to object-oriented programming (OOP).

Symantec calls the Trojan attempting to exploit a now patched zero-day vulnerability in Internet Explorer Trojan.Hydraq. The coding was first discovered in 2006 and today it can be deployed using a variety of automated tools.

Symantec researcher Patrick Fitzgerald compared the Trojan to two more complex malware samples.

While many threats are simpler than Hydraq in not using any obfuscation or using well-known packers, the obfuscation method utilized by Hydraq is fortunately not novel and is easily reversible, unlike other prevalent malware samples in today’s threat landscape.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: