Slashdot Mirror


Can Reverse Engineering Help In Stopping Worms?

krozinov writes "The goal of this paper is to try to answer the following three questions: How do you reverse engineer a virus? Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? Can reverse engineering be done more efficiently? The paper is organized into five sections and two appendixes. Section 1 is the introduction. Section 2 reviews basic x86 concepts, including registers, assembly, runtime data structures, and the stack. Section 3 gives a brief introduction to viruses, their history, and their types. Section 4 delves into the Beagle virus disassembly, including describing the techniques and resources used in this process as well as presenting a high level functional flow of the virus. Section 5 presents the conclusions of this research. Appendix A provides a detailed disassembly of the Beagle worm, while Appendix B presents the derived source code of the Beagle virus, as a result of this research."

11 of 187 comments (clear)

  1. Well by omghi2u · · Score: 1, Funny

    Why didn't I think of that:? :P

    1. Re:Well by igny · · Score: 3, Funny
      Why didn't I think of that:? :P

      Because you didn't have time trying to post the first post?

      --
      In theory there is no difference between theory and practice. In practice there is. - Yogi Berra
  2. Pinky are you thinking what I'm thinking? by FerretFrottage · · Score: 4, Funny

    I think so Brain...is the virus protected by the DMCA and the other various software laws that prevent reverse engineering? If so, who is really in the wrong here?

    --
    "Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
    1. Re:Pinky are you thinking what I'm thinking? by Anonymous Coward · · Score: 3, Funny

      It's OK, as long as they are reverse-engineering it to port it to another platform. ;-)

  3. Netcraft confirms it:SOVIET RUSSIA jokes are dying by Anonymous Coward · · Score: 3, Funny

    Yup. Suck it.

  4. Re:Reverse Engineering a virus... by Swedentom · · Score: 2, Funny

    create fixes proactively and don't allow the exploits to be found in the first place. But there's probably a law or two out there that prohibits this kind of stuff, eh?

    Laws against writing secure software? Well yeah, that'd explain quite a lot. ;-)

    --
    Sig Nature
  5. Re:better solution? by Ingolfke · · Score: 2, Funny

    On second thought you really could be on to something here. The reason people expend so much time and energy writing viruses is because they have time and energy to expend. So if we forced everyone to work in the mines for 15 hours a day, they would have no energy, and no time. Problem solved.

    On a side note, I doubt anyone from EA writes viruses.

  6. What about worm EULAs? by G4from128k · · Score: 4, Funny

    Coming in a packet near you, from the EULA of the future:

    By connecting a computer to the internet, you hereby agree to the terms of this agreement (hereafter referred to as "deal with the devil") for this software (hereafter referred to as "CPU sucking nightmare") ......

    Won't surprise me if virus/trojan/worm/spyware writers use IP law against those that would hope to rid the world of their menace.

    --
    Two wrongs don't make a right, but three lefts do.
  7. Re:Understanding The Pathology Is Important But... by Anonymous Coward · · Score: 1, Funny

    Sounds like we need some sort of "anti-virus software" to fight viruses. If only some sort of "anti-virus company" would come forward to produce this "anti-virus software", we'd all be saved.

  8. Re:Waste of time by Anonymous Coward · · Score: 1, Funny

    Speaking for the murders... no forensic science is not needed.

  9. An interesting read by Pinkoir · · Score: 3, Funny

    I would like to thank the author of that paper for making it abundantly clear to me that I am not smart enough to operate independently in today's technological environment. I would like to take this opportunity to bow down before my compsci-savvy overlords swear to just mindlessly accept whatever code they produce.

    -Pinkoir