I tagged this post Security but it might just as well have been tagged Humor. ZDNet is reporting that malware authors are using “exotic” languages to avoid detection by the antivirus folks. If, like the majority of the technical press, you don’t know anything about software engineering or programming languages and their compilation that might seem reasonable. If you actually know how these things work, a bunch of questions are no doubt popping into your head.
For one thing, you might wonder how changing the source language is going to make the binary more difficult to detect. Sure, a given algorithm will compile down to slightly different binary code but how is this any different from day-to-day changes to the code or purposefully rearranging it? A large part of the antivirus engineers work is keeping up with new versions of malware binaries as they appear.
The report the story is based on requires registration to download so I didn’t bother but I’d be surprised if its conclusions match the story’s. Judging from what the story says, the real change is in implementing small loaders and droppers to install the malware but these could just as well be written in C like most of the malware probably is.
The really amusing part of the story, though, is what constitutes “exotic languages.” These include Go, D, and Rust, the language just voted most popular and loved by developers. I’d be very surprised if the reason malware authors are trying these languages isn’t for the same reason that the rest of us do: they wanted to try out new stuff and see if maybe these new languages made their development easier.