Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Crime Programming

High Level Coding Language Used To Create New POS Malware (isightpartners.com) 94

An anonymous reader writes: A new malware framework called ModPOS is reported to pose a threat to U.S. retailers, and has some of the highest-quality coding work ever put into a ill-intentioned software of this nature. Security researchers iSight say of the ModPOS platform that it is 'much more complex than average malware'. The researchers believe that the binary output they have been studying for three years was written in a high-level language such as C, and that the software took 'a significant amount of time and resources to create and debug'.
This discussion has been archived. No new comments can be posted.

High Level Coding Language Used To Create New POS Malware

Comments Filter:
  • High level? (Score:5, Insightful)

    by Anonymous Coward on Tuesday November 24, 2015 @01:46PM (#50995469)

    C is a high level coding language now?

    I guess contrasted with the way that one guy in last week's Q&A asked Brian Kernighan about "low level languages like Haskell" ?

    • Re:High level? (Score:4, Informative)

      by GrumpySteen ( 1250194 ) on Tuesday November 24, 2015 @02:10PM (#50995711)

      C is a high level coding language now?

      Depends on how old you are [wikipedia.org].

      • I'm guessing it depends on how much inline assembly you have mixed into it as to whether it's really abstracted.

      • Re:High level? (Score:5, Insightful)

        by hey! ( 33014 ) on Tuesday November 24, 2015 @02:52PM (#50996047) Homepage Journal

        Speaking as someone who learned C in 1980, C was originally thought of as a low-level language -- a suitable replacement in most cases for assembly language that, while abstracting underlying details like the CPU instruction set and registers, remained relatively small and "close to the hardware". Then later 80s I was asked to take over a course on C, and when I looked at the course description I was surprised to see it described as a "high level language". I asked the person who wrote the description what he meant by "high level language", and he really had no idea. He said he meant it was "powerful", which of course is just as vague when comparing any two Turing equivalent languages.

        Of course "high level" vs. "low level" is relative. C is "high level" in comparison to assembly, or "B", in which the only datatype was a computer word. On the other hand C "low level" in comparison to most other languages that hide away the details of the hardware like instruction set and registers and such. So it depends on what you're comparing to; but in general I think people who describe C as "low level" know more about what they're talking about than those who call it a "high level" language.

        The important thing isn't whether C is "high" or "low" level; it is what makes C work, which is largely about what was left out. It didn't have all the bells and whistles of something like PL/1, which made the language easy to implement, even on a tiny 8 bit microcomputer, and easy to learn, in the form of a slim, almost pamphlet-like book (The C Programming Language, 1st edition was 228 paperback-sized pages long).

        Even so, C has become very slightly more "higher level" over the years. The original K&R C was more weakly typed than the later ANSI C. Particularly when you were dealing with pointers, the declared type of a pointer in K&R C was more of a mnemonic aid to the programmer than anything else.

    • C is a high level language, like a 9 mm handgun round is high velocity ammunition.

    • C is a high level coding language now?

      I write all my malware in assembly, you insensitive clod!

    • Yeah I stick to my low level Visual Basic... It's so complicated at this level, I wonder what a higher level language feels like?
    • I thought up to now we were relatively safe from hackers because they were all just mucking around with assembler and stuff. But now it turns out these guys have evolved and taken things to a whole new level by using the high level programming language C! That's totally unheard of, that kind of cutting edge technology was always thought to be beyond the abilities of malware programmers, all bets are off now!

    • Somebody coded another piece of shit malware?
  • C is high level? (Score:5, Interesting)

    by Dutch Gun ( 899105 ) on Tuesday November 24, 2015 @02:01PM (#50995631)

    I think they're misusing the term "high level" when it comes to programming languages. I suspect what they're trying to get at is that it's sophisticated and competently coded.

    I wonder why they assume it's C and not C++, incidentally, since they're presumably looking at decompiled assembly? I haven't done much C vs C++ side-by-side analysis of the two... is there an obvious difference in the generated assembly? I guess maybe v-table structures would point to C++, where C programmers likely wouldn't invent such constructs.

    • Re:C is high level? (Score:5, Interesting)

      by vux984 ( 928602 ) on Tuesday November 24, 2015 @02:13PM (#50995733)

      is there an obvious difference in the generated assembly?

      There would be in most projects that were not outright trying to obscure they were using C++.

      Its been a while since I looked at disassembled code, but you used to be able to easily tell what compiler and even version of that compiler was used just from the boilerplate setup code; the way things were 'arranged', exception handlers etc, and obviously library usage was frequently a dead giveaway. Your not going to see a either an iostream or an STL container in a C program.

    • by Anonymous Coward

      Nah, "high level programming language" just means it's not machine specific. x86 machine code and assembly are low level languages. C is high level. Python and Java are even higher level. At the binary level, the most obvious sign it's C and not C++ is that function names get mangled in C++ but not in C. Linkage for class methods are different from regular functions as well.

      • I've always heard C referred to as "mid-level".

        Also, good point about the name mangling differences. Totally forgot about that. I have little reason to dip down into assembly these days - and in fact, I've never really studied C-generated assembly at all.

    • C and C++ look radically different when reverse engineering their assembly. Like, it's easy to reverse engineer C and much harder to do C++ without symbols. The allocators they call are different. Folk seem to use more heap allocation in C++. More calls in C++.

      At least, that's what I assume is going on. Some things I reverse engineer easily in hours. Other things it takes me days before I give up. I believe this difference comes from C vs X++

    • I haven't done much C vs C++ side-by-side analysis of the two... is there an obvious difference in the generated assembly

      Huge differences.....the most obvious are the function names (which are compiled into a binary) being mangled. The C++ name mangling will turn "strcmp" into "__1cGstrcmp6Fpkc1_i_" or something similar (it's not standard by compiler). The parameters types are encoded in the name, so the compiler can know which function to call when the functions are overloaded.

    • by Xenna ( 37238 )

      Exactly. And this is another gem:

        'much more complex than average malware'

      I would never hire a programmer that would pride himself on the complexity of his software. That's probably the reason the poor slob had to turn to malware to make a buck.

      • Exactly. And this is another gem:

        'much more complex than average malware'

        I would never hire a programmer that would pride himself on the complexity of his software. That's probably the reason the poor slob had to turn to malware to make a buck.

        I think you're confusing 'complexity' with '(unnecessary) complication'.

        If something is complex, you can't simplify it without losing information: if something is (unnecessarily) complicated, then you can.

  • that you need to call it out?

    With everything going modular these days, I'm sure there's a lot of hand written assembly exploit code that then pulls down modules likely written in C. Not that it's good or bad, just odd to call it out.

  • by Anonymous Coward

    With paths like this embedded in the binaries, I'd question that statement:

    c:\MyProjects\newplugs\lsass\release\lsass.pdb

  • High Level Editors Used to Create POS Blog Site Called "SlashDot"

    FTFY

  • It would be ironic (Score:5, Insightful)

    by Ukab the Great ( 87152 ) on Tuesday November 24, 2015 @02:21PM (#50995787)

    If the state of software engineering has arrived at the point that so many honest-work programmers are being forced to spend so much time writing quick and dirty garbage to get them past the next sprint that, in order to have a job writing good clean code, they have to go black hat.

    • Regardless of the zeitgeist of how ruthless the IT industry intrinsically is, we're all held accountable to our own actions. If you go black hat, nothing *made* you do it. The correct response would be to find another occupation entirely; even if that means digging ditches.

      • by MarkvW ( 1037596 )

        Good luck trying to project that moral reasoning onto others.

      • Word. I seem to have gotten better than most "front-end" developers I meet that are gainfully employed, but I look like shit on paper. Luckily, I can dig a mean ditch.

  • by sconeu ( 64226 ) on Tuesday November 24, 2015 @02:52PM (#50996045) Homepage Journal

    By definition, if it's malware, it's a POS. Even if it's written well.

  • What Operating system does this sophisticated malware platform run on?
    • by AHuxley ( 892839 )
      The idea seems to be hinted at in https://thestack.com/security/... [thestack.com]
      "even EMV/Chip-and-pin are unlikely to protect affected systems. In such cases, the report says ‘ModPOS and other malware with RAM scraping techniques can still gain access to card data. Criminals can then reuse card data, even from EMV cards, to make online (card-not-present) transactions.’"
    • Given the use of .pdb files they mentioned, which is an MS-specific debug symbol format (as far as I know), it suggests the use of Visual Studio, and that in turn suggests the code is possibly targeting embedded Windows.

      Just a guess, of course.

      • You most probably guessed right, if it was OS X, Android or Linux it would be in the headline, instead of the weazly sounding POS malware.
  • Just shows that if you don't have the skills, code you write even in C# will still be a POS. Oh wait.

If you can't understand it, it is intuitively obvious.

Working...