“Civilian” Use of Malware Technology?
Posted by Dennis Kuntz on October 8, 2009 · 2 Comments 
Print This Post
by Dennis Kuntz
The government spends billions in research every year. Quite often the goal of that research is to create more effective fighting machines and mechanisms, better survival techniques, better gear for soldiers, etc. The array of researched technologies is huge, and wartime in particulate can spur a ton of research.
Also quite often, the results of that technology end up being used for civilian purposes. Researchers and scientists in World War II alone created and/or had significant impact in the areas of radar, jet engines, computers, synthetic rubber – the list goes on and on. It’s obvious today how those technologies, invested in by the military and the government primarily for the sake of the war, have been applied to our civilian lives.
Another thing to note about all of this is that the benefits of those government/military technologies have not been limited to the countries in which they were created. As peacetime would creep in, and alliances form where hostility once reigned, technology would be shared. Not to mention that even when those alliances didn’t form, the opposing sides would still have access to enemy technology (captured vehicles, interrogation, etc.) to get a foothold in implementing those technologies themselves.
This brings me to a question about malware. Malware is bad – hence its name. The folks who create it and apply it (as opposed to security researchers that create it for purposes of research) are at the very least not the most scrupulous bunch. There are legions of anti-malware researchers and malware analysts digging into these rogue pieces of software, poking and prodding at them, and figuring out how they work.
This piqued my curiosity: What technology (or use thereof) resulting from malware/anti-malware research has hit the “mainstream civilian” computing world? And no, I don’t mean Sony’s rootkit. I mean application of what has been learned – in obfuscation, more efficient coding techniques, remote distribution applications, etc. – in a way that is useful, but not necessarily matching its intended “wartime” purpose (you cannot make me say the “c—-war” word).
The closest thing I could find – yes, aside from Sony’s blunder – was a paper by Microsoft researchers discussing a “friendly worm” in terms of patch delivery. This is generalized by Bruce Schneier as “benevolent worms”, and which he calls a “stupid idea”.
Despite their ethics, the malware writers are very, very smart. The anti-malware researchers and the malware analysts are also very, very smart. So I pose the question to all of you – what useful applications of what has been learned in the battle against malware are waiting to be used?
Dennis Kuntz, CEH, has been in technology for 15 years in various roles. While starting life a programmer, more recently he has spent his time in managerial and technical roles dealing with architecture and security. These includes such responsibilities as web application penetration testing, making and assisting with strategic security decisions, and providing technological guidance, education, and prototyping/PoC projects for IT and business units. Currently he holds the title of Senior Director of Architecture and Security for Market America, in Greensboro, NC.
this is a very interesting question.
off the top of my head, obfuscation similar to that used in malware has also be used to ‘protect’ the intellectual property present in legitimate programs. as i recall the MtE mutation engine (from back in the days of dark avenger) was used in a ‘legitimate’ obfuscation product.
stealth technology has been used to protect ‘protected’ recycle bins and other files and resources that developers don’t want users messing with (not just by sony but by lots of folks).
i’m tempted to say full disk encryption as well but i don’t know for sure because i don’t know where the KOH virus fits into the timeline of full disk encryption products.
OCR technology.
Ever wonder how spammers can consistently post spam comments on blogs advertising the latest and greatest chemical whatchamacallit, despite the CAPTCHAs? It’s because they’ve spent some serious manhours developing some very smart algorithms to get around just that, picking out the most likely letters despite the image being warped, noisy, and otherwise computer-unfriendly. Because of this, we now have highly advanced OCR programs capable of picking words out of the most illegible of documents.