Sign in with
Sign up | Sign in

GPU-Assisted Malware Can Be Difficult to Detect

By - Source: Tom's Guide US | B 32 comments

A proof-of-concept code shows that malware may get really nasty in the near future.

While GPUs bring parallel processing and superior graphics to the PC, they can also be tools for malicious purposes.

According to a research paper entitled GPU-Assisted Malware, a team of scientists from Greece and the U.S. has developed proof-of-concept code that dumps malware components onto the GPU during the "unpacking" process of an executed malicious file, evading traditional security defenses.

Typically self-unpacking methods are used to evade signature-based anti-virus scanning, as they allow the hacker to make changes to the compression or encryption when needed without altering the entire package, making the hidden payload hard to detect. However these methods required access to the PC's CPU which in turn presents limitations. Now hackers can conceivably use the GPU to create even more complex encryption schemes that wouldn't be possible solely on a CPU.

"Implementing the self-unpacking functionality of a malware binary using GPU code can pose significant obstacles to current malware detection and analysis systems,” the scientists wrote in the research paper. "A malware author can take advantage of the computational power of modern graphics processors and pack the malware with extremely complex encryption schemes that ... can be efficiently computed due to the massively parallel architecture of GPUs."

The paper explains that the malicious code--once its unpacked by the GPU--is placed into a memory location accessible by the CPU, and then executed by the CPU. This process calls for the majority of the code to be written for the GPU, leaving little to be used on Intel's x86 chip architecture, and leaving a rather small footprint in the system memory. This means that current security solutions will have an even harder time detecting malicious activity.

To make matters worse, GPU-assisted malware will make it even more difficult for security researchers to reverse-engineer and analyze thanks to the GPU's ability to decode and re-encode segments of the virus more quickly. "Although complete extraction of the original code is still possible by a determined malware analyst, when combined with existing anti-debugging techniques, this form of GPU-assisted polymorphism makes the whole reverse engineering process a challenging and time-consuming task,” the paper states.

To learn more about the proof-of-concept code, read the PDF file here. The team plans to fully disclose its findings next month at the IEEE's International Conference on Malicious and Unwanted Software.

Discuss
Display all 32 comments.
This thread is closed for comments
Top Comments
  • 15 Hide
    duzcizgi , September 30, 2010 10:09 AM
    mayankleoboy1assholes just gave an idea to the hackers


    Considering there are about 6 billion people in the world and also considering that the hackers have all above average education and intelligence, this paper is not giving them any new ideas but just warning the rest of the community on this possiblitiy.

    As the paper states, it is nearly impossible to detect such a malware with the conventional methots that we all use in our current "security suites" that we pay subscription for security of our computer.

    In short, there's no guarantee that someone already exploited this (if I was a malware author, I'd have silently used it and shut my mouth) but none of our antivirus/antimalware programs were able to even detect its presence!
  • 13 Hide
    alikum , September 30, 2010 7:45 AM
    should I dump my graphics card and stick to 800x600 instead?
  • 11 Hide
    Anonymous , October 1, 2010 2:31 AM
    "This malware requires DX11 to run. Please upgrade your graphics card."
Other Comments
  • 10 Hide
    Parsian , September 30, 2010 7:19 AM
    fascinating and "oh crap"
  • 13 Hide
    alikum , September 30, 2010 7:45 AM
    should I dump my graphics card and stick to 800x600 instead?
  • 6 Hide
    yyk71200 , September 30, 2010 7:58 AM
    So, will NVidia and ATI will have to incorporate an antivirus into their drivers?
  • 2 Hide
    Anonymous , September 30, 2010 9:04 AM
    interesting stuff, this will makes us more scared?
  • 6 Hide
    mayankleoboy1 , September 30, 2010 9:47 AM
    assholes just gave an idea to the hackers
  • 15 Hide
    duzcizgi , September 30, 2010 10:09 AM
    mayankleoboy1assholes just gave an idea to the hackers


    Considering there are about 6 billion people in the world and also considering that the hackers have all above average education and intelligence, this paper is not giving them any new ideas but just warning the rest of the community on this possiblitiy.

    As the paper states, it is nearly impossible to detect such a malware with the conventional methots that we all use in our current "security suites" that we pay subscription for security of our computer.

    In short, there's no guarantee that someone already exploited this (if I was a malware author, I'd have silently used it and shut my mouth) but none of our antivirus/antimalware programs were able to even detect its presence!
  • 2 Hide
    Rancifer7 , September 30, 2010 11:42 AM
    I wonder how well it will unpack on the massively parallel integrated Intel graphics?

    Maybe now the malware can play Crysis..
  • 0 Hide
    rhino13 , September 30, 2010 12:21 PM
    Here we go!
    One more feature of my system Norton will kneecap.

    :Anger:
  • 4 Hide
    g00fysmiley , September 30, 2010 2:00 PM
    rhino13Here we go!One more feature of my system Norton will kneecap.



    somebody on tom's uses norton? >_< move past the bloatware. avg free or something.. really almost anything (short of macafee) will be less full of bloatware
  • 4 Hide
    bear_jesus , September 30, 2010 2:37 PM
    would gpu load not give it away, for one would the gpu not go from idle clock speeds to loaded speeds and also from 0% load to anything above it?
  • 3 Hide
    megabuster , September 30, 2010 3:00 PM
    what's with spam bot on tom's?
  • 1 Hide
    g-thor , September 30, 2010 3:19 PM
    People who develop malware and viruses and trojans make the computing world a "dangerous" place. Yet now we really need to have computers to carry on business. Maybe it's time for governments to make developing malware, etc. a very dangerous profession.
  • 7 Hide
    fusion_gtx , September 30, 2010 3:26 PM
    yyk71200So, will NVidia and ATI will have to incorporate an antivirus into their drivers?


    Yup, just wait till your video cards come with 60 day trials of Norton and McAfee!
  • 0 Hide
    wild9 , September 30, 2010 4:09 PM
    bear_jesuswould gpu load not give it away, for one would the gpu not go from idle clock speeds to loaded speeds and also from 0% load to anything above it?


    I don't think it would fully give it away; the data being manipulated would still be untraceable using conventional methods.

    To draw an analogy, it would be like seeing the number counter on a shopping mall entrance go up and up very quickly, without knowing anything about the people going through..all you'd know was that someone was there.
  • -1 Hide
    wild9 , September 30, 2010 4:14 PM
    g-thorPeople who develop malware and viruses and trojans make the computing world a "dangerous" place. Yet now we really need to have computers to carry on business. Maybe it's time for governments to make developing malware, etc. a very dangerous profession.


    Yes, let's trust them..after all, we have the likes of Obama. Let's also remember that governments have never lied to people in the past. Let's put all our faith in them implicitly, for they know best and doesn't this country look better off for it.
  • 0 Hide
    CircusMusic , September 30, 2010 4:24 PM
    mayankleoboy1assholes just gave an idea to the hackers

    Not exactly a new vector... Heard about the rootkits that could be flashed onto the GPU's internal memory?
  • 0 Hide
    Gin Fushicho , September 30, 2010 4:40 PM
    Great.... now I'm worried about malware again.
  • 7 Hide
    kezix_69 , September 30, 2010 4:44 PM
    g00fysmileysomebody on tom's uses norton? >_< move past the bloatware. avg free or something.. really almost anything (short of macafee) will be less full of bloatware



    AVG free is HORRIBLE. Don't use it!!! Go with something else like Avira... it's free too and it works.
  • -1 Hide
    weefatbob , September 30, 2010 5:07 PM
    g00fysmileysomebody on tom's uses norton? >_< move past the bloatware. avg free or something.. really almost anything (short of macafee) will be less full of bloatware


    Obvious you have not used Norton Products in past year and half, otherwise you may actually have given some decent knowledge based argument rather than the old winded 'Norton bad' overused quote. This tag was well earned in the past, for several years they were horrendous and a real PITA on system resources and not really much use with all the crap they installed.

    But in the past year and a half that has changed dramatically.

    Next time, make sure you know what you are talking about before you go and blast someone for using something that you have ZERO current knowledge on, then and only then give an informed opinion rather than an arrogant I know better because in nineteen umpteen blah blah blah....I give up, I am so bored talking to you now, seriously, you have no idea what you are talking about!!!
  • 5 Hide
    jwl3 , September 30, 2010 5:42 PM
    Here's an idea: Drag out and shoot out these dweebs who create viruses and spam. Have they any idea how many man-hours of productivity are lost to formatting and re-installing Windows, drivers, your programs, files...?
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter