During a seminar last week at the CanSecWest conference, a hacker named "K2" revealed a program he created that can camouflage the tiny programs that malicious hackers generally use to crack through system security.
The cloaking technique is aimed at foiling the pattern-recognition intelligence used by many intrusion detection systems, or IDSes--the burglar alarms of the Internet.
"Trust me, this will blow away any pattern matching," said K2. The hacker would not reveal his real name because he also works as a security consultant.
When a security hole is found on a corporate network, hackers usually will find several ways to exploit it. To manage the onslaught, the makers of intrusion-detection systems continually update their own software to keep track of new variants of an already familiar theme.
Now the balance has changed, K2 said. With a technique called polymorphic coding, attackers could potentially change the code structure enough to fool many intrusion-detection systems--but not enough to break the initial malicious program.
"This is a way to keep the exploits brand-new, all the time," he said.
Reaction to the program among security consultants was mixed. Some downplayed the significance as a typical scenario in the battle between attackers and defenders.
