How the Stuxnet virus inspired Cameyo’s next version

Writing viruses & malware is among the less honorable activities a developer can do. Not only because it blindly targets random users (=vandalism), but also because 99% of virus writers just modify existing samples, without truly being the “genius geeks” that some people think they are.
Yet from time to time some virus creations stand out from the rest, and actually do bring innovation. Sometimes their inventions are even admirable. Such was the case for the Stealth.Frodo.4096 virus. Back in the old days of DOS, this virus gave a false (clean) view of infected files when they were opened. When users (or antivirus programs) opened an infected file, all they saw was a clean copy of the file, without the virus in it. This trick was perhaps the forefather of file-system virtualization, back in 1989!

But how is any of this relevant to us? Cameyo’s next version will allow executing virtual applications directly from memory, without pre-extracting their EXEs/DLLs/files to disk. This feature is currently code-named Cameyo Stealth mode. As it turns out, one of its mechanisms was inspired by no less than… the Stuxnet virus!

In November 2010, Iran has officially admitted that a stealth virus had infected their nuclear facilities. How long has it been sitting there unnoticed? Few people know; probably years. This was accomplished by the Stuxnet’s stealth abilities.

While working on Cameyo’s Stealth mode, I was impressed by some of the Stuxnet virus’ stealth mechanisms: particularly its ability to execute code without first writing it to disk. The virus writers knew they had to avoid leaving traces on disk to keep their malware invisible, and have thus implemented some execute-from-RAM mechanisms. And since this is exactly what Cameyo users have been requesting for some time, well… hey! Nice match.
About Cameyo Stealth mode

By not leaving traces on the computer, Cameyo virtual apps bring several new advantages:
* Portability & mobility: less files need to be taken / synchronized along with your Cameyo app. Hence your virtual apps are even easier and quicker to transport via the cloud, USB disk-on-keys, DropBox and LAN.
* Disk space: less temporary space used by Cameyo apps.
* Privacy & security: by not leaving traces on the machine, stealth virtual apps provide better privacy even if you forget to erase the application at the end.

* Copyright & security: Cameyo expiration features will become even stronger, for software makers who choose the package their applications with Cameyo.

So when you’ll be using the next Cameyo version, know that some of it was inspired by the Stuxnet virus. Ironically, the virus helped make Cameyo apps more secure and mobile. Of course, the mechanism described here is just one little piece out of the entire Cameyo Stealth mechanism (which is rather huge), but those virus’ anonymous writers deserve that credit.

For those interested in learning more about the technical aspects of Stuxnet, there is a detailed article here.

Leave a Reply

Your email address will not be published. Required fields are marked *