Spotting Malicious Code Hidden in Plain Sight
I decided that it would be good practice for me to try to get inside the head of a malicious coder, so that I could get better at watching out for it since I frequently experiment with obscure open source projects by authors of unknown repute.
For my entry, I decided to try to disguise assignments within the evaluation portions of if statements as comparisons.
should actually be
Simple, but easily overlooked, and a common enough error to pass off as an “honest mistake”.
Although many of the contest entries were far more advanced than my own, I found the competition to be an engaging exercise. Check out the winning submission and Peter Jaric’s analysis of the competition.