Secure Computing warns that artificial intelligence (AI) software used in testing by a small number of software developers is now being widely used by hackers to find formerly undiscovered vulnerabilities.
These AI tools use a methodology referred to as “Fuzzing.” This is an automated methodology for testing applications for bugs by checking allowed input for a given application and trying to force abnormal responses to see if unexpected results (bugs) can be generated. Once a bug is found, further research can determine if the bug can be exploited as a vulnerability and then be packaged as an exploit. Hackers are sharing their Fuzzing results in a collaborative effort in IRC chat rooms and in news groups to rapidly develop new threats. The large increase in application vulnerabilities that have recently been reported are thought to be a direct result of the use of Fuzzing tools. To further demonstrate the power of Fuzzing the vulnerability researchers at the Metaspolit Project are releasing a new vulnerability for MS Internet Explorer every day for the month of July.
“Fuzzing will clearly accelerate the ability for hackers to discover new vulnerabilities in software applications,” said Paul Henry, vice president of Strategic Accounts for Secure Computing. “Software vendors were already struggling to keep up with patches for software bugs; the use of Fuzzing tools by hackers and the flood of newly discovered vulnerabilities may overwhelm software vendors’ ability to respond with patches.”
Google Searches for Malware
The previously hidden malware search capabilities within Google were heralded as a tool reserved only for Anti Virus and Security Research firms just weeks ago. Unfortunately, these previously hidden search capabilities have already fallen into the hands of hackers. The key to finding malware in Google lies in having the signature for the specific malware program. Hackers are now sharing these signatures openly on the Internet, making it easy to search Google for the signature of a specific piece of malware. Web sites now catalog these signatures and allow users to simply enter the malware program name and they return the signature for the malware from their database. Users of these signature catalogs are encouraged to submit new malware so the site owners can quickly generate a signature for the malware for their community of users.