eVade-o-Matic Nearly Evades My Understanding

Metasploit is billed as a benevolent forensic tool to test security. In summary, it's a toolkit that nearly anyone with a modest amount of computer experience can use to exploit vulnerabilities to the maximum extent. Just plug in a module, fill in some parameters, and presto, instant exploitation.

The logo on the Metasploit home page (see URL below) paints a picture that's the complete opposite of benevolence, in my mind anyway. The logo contains the image of an obviously malicious intruder (who reminds me of the Joker from the old "Batman" TV series) sitting at a keyboard with any of a variety of "catchy" phrases emblazoned next to it. The phrase cycles on each page reload and offers such pithiness as "Point. Click. Root.," "The Best a Haxor Can Get," "Always hot exploits. Always.," and "What would you like to Metasploit today?"

http://www.metasploit.com/

About the only beneficial thing I can see about Metasploit is that if it had to be developed at all, at least it's available to the public so that white hats can use it.

Metasploit is about to take on an even more insidious tinge when the eVade-o-Matic Module (VoMM, for short) is released. VoMM makes it possible to completely evade signature-based security systems (including signature-based intrusion detection systems--IDSs--and antivirus platforms) by continually changing a piece of code. If code morphs with each new use, an endless number of detection signatures would be needed, which simply isn't practical. Therefore, VoMM and similar technologies render signature-based security systems useless for the most part.

According to information posted on the Info-Pull.com blog (see the URL below), VoMM uses a number of techniques to morph code, including white space randomization, string obfuscation and encoding, random comments and comment placement, code block randomization, variable name and function name randomization and obfuscation, and function pointer reassignments. You can get a very detailed analysis of exactly what VoMM does.

http://blog.info-pull.com/2006/10/13/vml-exploit-and-idsantivirus-engines-evasion-doom-or-vomm/

While these sorts of evasion techniques are by no means new to the world of malware, what is new is the packaging of such techniques into a tool like Metasploit, which anybody with one firing neuron can download to immediately experience that warm and fuzzy "point, click, root" feeling. Rest assured that VoMM will be used by just about every "bad guy" on the planet. Why anyone would unleash this madness upon the world nearly evades my understanding. Nearly.