Frankenstein: Stitching Malware from Benign Binaries

From Usenix site; Vishwath Mohan en Kevin Hamlen, from University of Texas, will give a presentation this month at Usenix woot/workshop on offensive technologies;

This paper proposes a new self-camouflaging malware propagation system, Frankenstein, that overcomes shortcomings in the current generation of metamorphic malware.
Specifically, although mutants produced by current state-of-theart metamorphic engines are diverse, they still contain many characteristic binary features that reliably distinguish them from benign software.
Frankenstein forgoes the concept of a metamorphic engine and instead creates mutants by stitching together instructions from non-malicious programs that have been classified as benign by local defenses.
This makes it more difficult for featurebased malware detectors to reliably use those byte sequences as a signature to detect the malware.
The instruction sequence harvesting process leverages recent advances in gadget discovery for return-oriented programming. Preliminary tests show that mining just a few local programs is sufficient to provide enough gadgets to implement arbitrary functionality. link / paper PDF link

I'm curious, malware raking your progs for extended functionalities...