News

AI Tools, Previously Restricted Google Malware Search Pose Serious Security Threat

Secure Computing Corp. has warned that artificial intelligence (AI) software used in testing by a small number of software developers is now being widely used by hackers to find formerly undiscovered vulnerabilities.

These AI tools use a methodology referred to as ‘Fuzzing’. This is an automated methodology for testing applications for bugs by checking allowed input for a given application and trying to force abnormal responses to see if unexpected results (bugs) can be generated. Once a bug is found, further research can determine if the bug can be exploited as a vulnerability and then be packaged as an exploit.

Hackers are sharing their Fuzzing results in a collaborative effort in IRC chat rooms and in news groups to rapidly develop new threats. The large increase in application vulnerabilities that have recently been reported are thought to be a direct result of the use of Fuzzing tools. To further demonstrate the power of Fuzzing the vulnerability researchers at the Metaspolit Project are releasing a new vulnerability for MS Internet Explorer every day for the month of July.

"Fuzzing will clearly accelerate the ability for hackers to discover new vulnerabilities in software applications," said Paul Henry, vice president of Strategic Accounts for Secure Computing. "Software vendors were already struggling to keep up with patches for software bugs; the use of Fuzzing tools by hackers and the flood of newly discovered vulnerabilities may overwhelm software vendors' ability to respond with patches."

The previously hidden malware search capabilities within Google were heralded as a tool reserved only for Anti Virus and Security Research firms. Unfortunately, these previously hidden search capabilities have already fallen into the hands of hackers. The key to finding malware in Google lies in having the signature for the specific malware program.


print	save	email	comment