In my technothriller, A.I. Apocalypse, I wrote about a teenage computer hacker who writes an evolutionary computer virus. Among other things, the virus hunts for bits of useful computer functions in existing legitimate applications, such as a library for copying files, sending data, or encrypting data.
This morning I read about the Frankenstein Virus, which is a real-world virus that does the same thing:
Having infected a computer, it searches the bits and bytes of common software such as Internet Explorer and Notepad for snippets of code called gadgets – short instructions that perform a particular kind of small task.
Previous research has shown that it is theoretically possible, given enough gadgets, to construct any computer program. Mohan and Hamlen set out to show that Frankenstein could build working malware code by having it create two simple algorithms purely from gadgets. “The two test algorithms we chose are simpler than full malware, but they are representative of the sort of core logic that real malware uses to unpack itself,” says Hamlen. “We consider this a strong indication that this could be scaled up to full malware.”
Frankenstein follows pre-written blueprints that specify certain tasks – such as copying pieces of data – and swaps in gadgets capable of performing those tasks. Such swaps repeat each time Frankenstein infects a new computer, but with different gadgets, meaning that the malware always looks different to antivirus software, even if its ultimate effects are the same.
This is a huge leap forward in virus writing, because it makes it substantially more difficult to detect such self-creating viruses:
Existing malware already attempts to randomly mutate its code to some extent, but antivirus software can still recognise them as something nasty.
Frankenstein is different because all of its code, including the blueprints and gadget-finder, can adapt to look like parts of regular software, making it harder to detect.