Adaptive antivirus A3 independently detected and fixed ShellShock vulnerability in 4 minutes

    IT specialists from the University of Utah have created a software package that not only detects and removes previously unknown viruses, but also corrects the consequences of their work. A project called A3 (Advanced Adaptive Applications, and in our opinion - Advanced Adaptive Programs, P3) works with virtual machines running on servers.

    Unlike the usual antivirus, which has a virus catalog by which it tries to find and neutralize malware, A3 monitors the virtual machine and notes when something goes wrong (recognizes suspicious and non-standard system behavior). One of the project programs records the state of the virtual machine and, if necessary, can “rewind” the record for analysis and correction.

    At 'Demonstrations', A3 Recognized Shellshock Attack(the infamous bash bug ) and repaired the consequences on a running server in just 4 minutes.

    The report on the program’s work provides details of working with this vulnerability. After trying to exploit the vulnerability on a test server

    GET /appstore/index.php HTTP/1.1
    User-Agent: () { :;}; /bin/cat /home/mitll/passwd > /tmp/hello.txt
    Host: 155.98.38.76:7701
    Accept: */* 
    

    A3 protection system worked (attempt to gain access to a prohibited directory). In 2 minutes, A3 scanned the operation of the virtual machine, discovered a forbidden call, and it took him another 1.5 minutes to find the problem in the Bash source code. After that, A3 patched bash, disabling the functionality leading to the problem, and the virtual machine continued to work normally.

    Eric Eide, a representative of the institute, said in an interview on the institute’s website : “It's great that the program can quickly and without human intervention find an acceptable solution and fix a serious and very common security problem. It's cool that you can choose the “vulnerability of the week” and the program copes with it. ”

    While the project is in the "proof of concept" stage, and developers are considering the possibility of using it on real cloud services. It is potentially possible to use such software on cloud hosting services such as Amazon: if the virus stops or breaks the execution of the virtual machine, the program can repair it and restart it automatically. The project is not yet considered as software for home use, although in principle this is not excluded.

    Project A3 is part of an extensive program from DARPA called CRASH (the abbreviation for “developing reliable, adaptive, secure servers from scratch”), in which they are trying to come up with a more secure global network.

    The project has open source code - anyone can read the details on the project page.

    Also popular now: