Malware is everywhere you turn right now, but that does at least mean we're conscious of it. But the malicious software of the future might have a new trick up its sleeve: playing friendly for a long time before it goes rogue and messes things up once we're comfortable with its presence.


Speaking at a security conference, Giovanni Vigna, a professor at the University of California in Santa Monica, asked: "What if Notepad behaved just like you would expect it to, but only for the first hour or so that you used it? What if it began to do different things after that?" He was talking about what he sees as the next wave of malware: software that will mimic the behavior of software we use daily in order to last on our computers longer and avoid detection before pouncing.

The problem for most malware is the speed at which it works. Typically, the more advanced pieces of malware that riddle computers spend some time first working out if they're running in an environment being controlled by a real user—that the computer is being controlled via a mouse an keyboard, say, or has a Windows Product ID that makes sense to it.

At some point, though, malware has to make a system call to do whatever particular badness it's seeking to achieve. As soon as it does that, it runs the risk of being spotted by a malware analysis tools that might be watching it. Some of the system calls might make sense coming from a defragger but not from a text editor, though—and its quirks like that the malware of the future will seek to exploit.


While there's nothing new about malware that lurks and waits, Vigna reckons that it will, in fact, intelligently mimic the way other software works, runs and behaves on a computer, and try and recreate that in such a way that its activity flies under the radar. That may mean that, in some cases, it may just be easier for the malware to do useful stuff on our computers—actually cleaning up our hard disks, say—before it later attacks, in order to seem genuine.

Vigna hasn't spotted any such software out in the wild yet —but he thinks it's the logical next step. Malware could soon be a lot nicer; at least, for a little while. [The Stack]

Image by Steve Petrucelli under Creative Commons license.