Hackers are turning the tools used by software developers to test for bugs against them, according to experts.
Search engine Google and artificial intelligence (AI) tools are being used by those with ill intent to find previously undetected vulnerabilities and exploit them, according to experts at security vendor Secure Computing.
"Why bother creating a new virus, worm or Trojan when you can simply find one and download it using Google," said Paul Henry, vice president of Strategic Accounts, Secure Computing.
"Unskilled hackers can use this previously unknown capability of Google to download malware and release it on the Internet in targeted attacks as if they wrote it themselves to try to impress their peers with their skills,"
Malware search capabilities within Google were previously the privilege of anti-virus vendors and research companies who had program-specific signatures. Now, however, hacking communities are sharing these signatures on the Internet, making them - once catalogued - widely accessible through a simple Google search.
Similarly, AI is currently used by some developers in an automated technique called fuzzing to test applications and fix bugs. But now hackers are turning these prevention aides into vulnerability problems that need curing.
Hackers are then sharing their fuzzing results with their peers through online chat rooms and news groups, rapidly accelerating the threat, according to Secure Computing's findings.
"Fuzzing will clearly accelerate the ability for hackers to discover new vulnerabilities in software applications," said Henry.
"Software vendors were already struggling to keep up with patches for software bugs; the use of Fuzzing tools by hackers and the flood of newly discovered vulnerabilities may overwhelm software vendors' ability to respond with patches."
