"Bugs in Malware Creating Backdoors for Security Researchers"

Malware authors often leverage vulnerabilities contained by software. However, malware could also have bugs and coding errors that cause it to crash or serve as backdoors for white hat hackers. Zscaler researchers studied the types of vulnerabilities that exist in some of the most prevalent malware families. They explored the use of these bugs or vulnerabilities to prevent malware infection, and to find out whether they are real vulnerabilities and coding errors or escape mechanisms. The researchers analyzed a dataset of malicious samples collected from 2019 to March 2021. Using behavioral similarities, they clustered the samples. They also used MITRE's Common Weakness Enumeration (CWE) system to classify malware. By looking at multiple examples of malware consisting of different types of vulnerabilities, the researchers were able to observe that malware sometimes does not validate the output of a queried Application Programming Interface (API) or cannot handle different types of command-and-control (C&C) responses. Malware is often developed based on the author's local environment. Oftentimes, malware authors also do not consider other techniques such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) that are needed to load modules in malware, which causes them to crash. Sean Nikkel, Senior Cyber Threat Intel Analyst at Digital Shadows, points out that these bugs may be the result of rushing, inexperience in using development best practices, or other resource constraints. Security vendors could use these bugs to write different types of signatures for the identification and blocking of such malware attacks. This article continues to discuss key findings from Zscaler's study on the types of vulnerabilities in malware and how security researchers can use these bugs. 

Security Magazine reports "Bugs in Malware Creating Backdoors for Security Researchers"