How about a program that keeps itself in the system, and injects itself into the source code of the programs written on the infected computer, before they are compiled?
As a result, you could compile your program as you normally do, but somewhere in the background, someone adds a call to doEvil() right there, in the first line after main, or before main returns.
Since different people use different compilers, and different compiler settings - the resulting binary will always be different. This is better than attaching a predefined binary file to an existing application (tools like Joiner do that, Sub7 does that too), because antiviruses can't use a signature to detect the malware.
The malware could be smart enough not to add itself to a "debug version" of the code, which would make it less likely to be detected. One could spot it by reverse engineering their own binaries, naturally they'll see some weird instructions in the disassembled code, if they are advanced enough to tell their code from someone else's. Otherwise, the malicious code is likely to survive without being spotted.
Of course, such an intruder may have a noble goal too. How about showing a "tell the person you love that you love them" message box on August the 8th 2008, on all the displays of the world?
Remember, you heard it here first! (-:
Comment from: qwe [Visitor]
there IS such a thing already. right from the vendor of your compiler suite. typically, under the conspirative name of RTL (Runtime Library). ;)
Different compilers mean the “tool” has to be rewritten for / ported to each of them. Otherwise (if it’s in some hijacked library or API), I suppose antivirus makers won’t sweat too much before coming up with a way to detect the piece of code…
I think AI will take over malware creation sometime in the future… And then we’ll be in real trouble :-/
Form is loading...