Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can Reverse Engineering Help In Stopping Worms?

Posted by Hemos on from the yes-but-to-what-extent dept.

krozinov writes "The goal of this paper is to try to answer the following three questions: How do you reverse engineer a virus? Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? Can reverse engineering be done more efficiently? The paper is organized into five sections and two appendixes. Section 1 is the introduction. Section 2 reviews basic x86 concepts, including registers, assembly, runtime data structures, and the stack. Section 3 gives a brief introduction to viruses, their history, and their types. Section 4 delves into the Beagle virus disassembly, including describing the techniques and resources used in this process as well as presenting a high level functional flow of the virus. Section 5 presents the conclusions of this research. Appendix A provides a detailed disassembly of the Beagle worm, while Appendix B presents the derived source code of the Beagle virus, as a result of this research."

3 of 187 comments (clear)

  1. Re:Well by narf · · Score: 0, Offtopic

    Because of susie.

  2. Re:Reverse Reverse by zerguy · · Score: 0, Offtopic

    I love your sig!

    --
    **This begins my ever-changing sig
    We need a -1 RTFA moderation option!
    **This concludes my ever-changing sig
  3. Subtle dig at SCO on page 7...? by GojiraDeMonstah · · Score: 0, Offtopic
    From TFA:
    Object files and executables come in several formats. One is ELF (Executable and Linking Format) and another is COFF (Common Object-File Format). ELF is used on SystemVr4 UNIX systems, while COFF is used on Windows systems.

    This article and others detail SCO's failed attempt to support its claim to ownership of Linux with its claim that it (SCO) owned ELF.

    I believe it is the case that SCO is only claiming ownership and suing people over the VR5 Unix source and derivatives (aside: what exactly SCO owns of VR5 and any of its derivatives, or even what those derivatives are is under intense debate, as you may have noticed). Pre-VR5 elements of Unix (IIRC) are not being contested by SCO.

    Yeah yeah yeah it's a long way to go for not much payoff. But maybe the ELF fuss inspired the author to have a little fun by shoving SCO's nose in the fact that ELF was pre-VR5...?
    --
    "Stop throwing the Constitution in my face, it's just a goddamned piece of paper!" - George W. Bush Nov. 2005