You should be grateful that the following publication only shows a proof-of-concept of a hack: German researchers have shown that software distribution tools on the Internet can be transformed into players Malware, without modifying the original code.
Felix Gröbert, Ahmad-Reza Sadeghi and Marcel Winandy of the University of Ruhr were able to develop an on-the-fly mechanism for infusing code into a download. As they write in their work (PDF) hosted on PacketStorm:
"THE algorithm he uses us virus infection routines and network redirection attacks, without having to modify the application itself. This allows her contamination of executable files downloaded with an embedded digital signature, since the signature is not automatically verified before the file is executed. "
Χρησιμοποιούν αυτό που αποκαλούν ένα συνδετικό (binder) για να ενώσουν στην αρχική εφαρμογή, τον malicious κώδικα. “Κατά την εκκίνηση της μολυσμένης εφαρμογής το binder ξεκινάει επίσης. Αναλύει το δικό του αρχείο για πρόσθετα ενσωματωμένα εκτελέσιμα αρχεία, τα αναδομεί και τα εκτελεί. Όλα αυτά είναι εντελώς αόρατα στον χρήστη.”
A successful one attack it is highly dependent on the ability to redirect traffic, as shown above.
Governments, researchers say, could be able to exploit the network hubs between the sender and the receiver to overshadow the traffic. The same can be done with vulnerable routers.
To mitigate such attacks, the researchers say, software distributors need to step up their distribution mechanisms to block traffic hijacks. Technologies like OpenVPN, IPSec or HTTPS would be helpful enough.
Digital signatures do not seem to help this hack and the user or operating system should be able to control the hashes. "Reference values should be obtained through reliable channels."
Anti-virus on the other hand they should be modified to check for the behavior of the binder. "Trusted virtualization" architectures could also help.
The Register
