Join 3,411 readers in helping fund MetaFilter (Hide)


Alex Dragulescu code art
March 5, 2008 8:29 AM   Subscribe

Gee. I think I'll uninstall my firewall and ditch the anti-virus. Malwares is pretty. via bbc.
posted by Kronos_to_Earth (15 comments total) 10 users marked this as a favorite

 
Yes. Yes they is.

That's a neat idea, thanks for the link.
posted by middleclasstool at 8:42 AM on March 5, 2008


So malware is simply a series of thinly disguised rhinoviruses? Awesome!
posted by KevinSkomsvold at 8:42 AM on March 5, 2008


A link that says malware and leads to a .ro site?
posted by slogger at 8:43 AM on March 5, 2008


I wish I knew enough about code to understand what the different pieces mean. It's really a pretty amazing visualization of the little buggers.
posted by shmegegge at 8:47 AM on March 5, 2008


I would like to know more about this algorithm.

Last I heard, virii were discovered based on signatures in the file. I never even thought about traffic analysis/call patterns. The distinctiveness would seem to indicate that you could recognize malware by "shape" in this parameter space in exactly the same way antibodies do it by shape in 3space.
posted by DU at 8:50 AM on March 5, 2008


A link that says malware and leads to a .ro site?

What? No sense of adventure? Kids these days....
posted by KevinSkomsvold at 8:57 AM on March 5, 2008


A link that says malware and leads to a .ro site?

Oooops. Sorry. First post to the front page and I nearly wreck everyone's machine.... I checked this McAfee link and felt the hair on the back of my neck go up. My goodness. I had no idea. I've got the SiteAdvisor extension; it said the Dragulescu site was OK.
posted by Kronos_to_Earth at 10:06 AM on March 5, 2008


I doubt that these images have much to do with the input being computer viruses. I would bet that running notepad.exe through their algorithm would give similar sorts of patterns.
posted by demiurge at 10:11 AM on March 5, 2008


I wish I knew enough about code to understand what the different pieces mean.

Maybe I'm just cynical, but I suspect the answer would be "almost nothing". They're just using the malware's function calls as inputs to their "make a pretty 3d rendering" algorithm, which they don't seem to provide any details about. It's a typical sensationalist trick to show patterns where there aren't any, chances are any patterns you see are coded into the algorithm, not a result of the input. I suspect you would get equivalently pretty pictures from any normal executable, or even pure random numbers.

But again, I could just be cynical. It's a good post, anyway, the pictures are neat, but I think saying they're a result of the malware inputs might be stretching the truth a bit.
posted by cecilkorik at 10:16 AM on March 5, 2008


These are very beautiful, but I suspect the actual viruses are just acting as fancy seeds for a random number generator / hash function and that you could get the same results with nearly any source of randomness. Which is to say that although they're pretty, they aren't particularly informative as visualizations.
posted by Pyry at 10:18 AM on March 5, 2008


These are pretty useless without any information regarding the algorithm used to go from virus to image. I think Pyry nailed it. Some bit of memory occupied by the virus is just seeding a 3d fractal generator. You could probably take some random bit of your OS or web browser or whatever and, using whatever algorithm it is, come up with an equally pretty picture.
posted by noble_rot at 10:32 AM on March 5, 2008 [1 favorite]


heeeey dittoheads!



cool post, regardless
posted by [son] QUAALUDE at 12:36 PM on March 5, 2008


Wow, that's awesome.

I doubt that these images have much to do with the input being computer viruses. I would bet that running notepad.exe through their algorithm would give similar sorts of patterns.

Exactly my thoughts. The distribution in API calls is probably similar enough to generate a relatively homogeneous set of images, regardless of actual function of the program.
posted by spiderskull at 1:52 PM on March 5, 2008


You know what makes me grumpy? When I spend about 30 minutes crafting a post, then realize that I'd forgotten to search for the main URL first, and realize that somebody'd already done it, but that it was in a kinda lazy one-link throwaway post. I hate that.

Definitely check out some of Alex Dragulescu's other projects. His stuff may or may not meet your exacting standards for information visualization, but I reckon he does really interesting work.
posted by stavrosthewonderchicken at 12:22 AM on March 10, 2008


(By the way, I'm not really grumpy about it.)
posted by stavrosthewonderchicken at 12:35 AM on March 10, 2008


« Older How would the military really kill a giant monster...  |  Fake Memoir Exposed:... Newer »


This thread has been archived and is closed to new comments