Researchers at the University of Texas at Dallas are developing Frankenstein, a new way to create malware that can essentially build itself and is nearly invisible to antivirus software. Frankenstein takes bits of code from common apps and processes — like Windows Explorer and Microsoft Calculator — and compiles them using a set of blueprints to create any type of program. In Windows Explorer alone, Frankenstein found nearly 90,000 gadgets (snippets of code that perform specific actions) in just over 40 seconds, which means that malware created by the system would have a huge number of possible variations, work quickly, and be very difficult to detect.
The research was presented at the USENIX Workshop on Offensive Technologies earlier this month and highlights the need for a new approach for virus detection software, one that is able to find malware that morphs and is disguised in the trappings of legitimate code. The US Air Force partially funded the project, the findings of which may be used to influence future state-sponsored cyber attacks.