Two UC San Diego students have demonstrated a way to turn good computer code into malicious instructions using a technique called "return-oriented programming."

This differs from traditional malware, which typically relies on the injection of malicious code.

In a newly published research paper, "When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC," Buchanan and Roemer, along with U.C. San Diego computer science professors Stefan Savage and Hovav Shacham, describe how return-oriented programming resists current malware detection methods.