Latest hacker craze of fuzzing poses big headaches for IT managers and software vendors

Hackers are turning the tools used by software developers to test for bugs against them, according to experts.

Search engine Google and artificial intelligence (AI) tools are being used by those with ill intent to find previously undetected vulnerabilities and exploit them, according to experts at security vendor Secure Computing.

"Why bother creating a new virus, worm or Trojan when you can simply find one and download it using Google," said Paul Henry, vice president of Strategic Accounts, Secure Computing.

"Unskilled hackers can use this previously unknown capability of Google to download malware and release it on the Internet in targeted attacks as if they wrote it themselves to try to impress their peers with their skills,"

Malware search capabilities within Google were previously the privilege of anti-virus vendors and research companies who had program-specific signatures. Now, however, hacking communities are sharing these signatures on the Internet, making them - once catalogued - widely accessible through a simple Google search.

Similarly, AI is currently used by some developers in an automated technique called fuzzing to test applications and fix bugs. But now hackers are turning these prevention aides into vulnerability problems that need curing.

Hackers are then sharing their fuzzing results with their peers through online chat rooms and news groups, rapidly accelerating the threat, according to Secure Computing's findings.

"Fuzzing will clearly accelerate the ability for hackers to discover new vulnerabilities in software applications," said Henry.

"Software vendors were already struggling to keep up with patches for software bugs; the use of Fuzzing tools by hackers and the flood of newly discovered vulnerabilities may overwhelm software vendors' ability to respond with patches."

Maggie Holland

Maggie has been a journalist since 1999, starting her career as an editorial assistant on then-weekly magazine Computing, before working her way up to senior reporter level. In 2006, just weeks before ITPro was launched, Maggie joined Dennis Publishing as a reporter. Having worked her way up to editor of ITPro, she was appointed group editor of CloudPro and ITPro in April 2012. She became the editorial director and took responsibility for ChannelPro, in 2016.

Her areas of particular interest, aside from cloud, include management and C-level issues, the business value of technology, green and environmental issues and careers to name but a few.