A team of US security researchers has engineered a way of hiding malware in sentences that read like English language spam.

The work is a breakthrough because current network security techniques work on the assumption that the code used in code-injection attacks, where it is delivered and run on victims' computers, has a different structure to non-executable plain data, such as English prose.

One of the researchers, Dr Josh Mason of Johns Hopkins University, Baltimore, said the team wanted to broaden its understanding of how malicious code could be deployed, and highlight the need to design more efficient techniques for preventing this kind of attack altogether.