Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher's Tool Maps Malware In Elegant 3D Model

Posted by samzenpus on from the making-bad-pretty dept.

Sparrowvsrevolution writes "At the Shmoocon security conference later this month, Danny Quist plans to demo a new three-dimensional version of a tool he's created called Visualization of Executables for Reversing and Analysis, or VERA, that maps viruses' and worms' code into intuitively visible models. Quist, who teaches government and corporate students the art of reverse engineering at Los Alamos National Labs, says he hopes VERA will make the process of taking apart and understanding malware's functionality far easier. VERA observes malware running in a virtual sandbox and identifies the basic blocks of commands it executes. Then those chunks of instructions are color-coded by their function and linked by the order of the malware's operations, like a giant, 3D flow chart. Quist provides a sample video showing a model of a section of the Koobface worm."

8 of 36 comments (clear)

  1. 3D visualisation by Mannfred · · Score: 4, Insightful

    We rolled our eyes at Jurassic Park's representation of a "Unix system" back in 1993 (the directory hierarchy was basically a bunch of 3D boxes you could fly around), but here we are 20 years later looking at a code analyser which represents the information as.. a bunch of 3D boxes you can fly around :-)

    1. Re:3D visualisation by Rizimar · · Score: 5, Informative

      Only that "representation" in Jurassic Park was an actual application called File System Navigator.

    2. Re:3D visualisation by dr_blurb · · Score: 2

      There's an open source port called File System Visualizer.
      Here are some (possibly outdated) compilation instructions.

    3. Re:3D visualisation by buchner.johannes · · Score: 2

      We rolled our eyes at Jurassic Park's representation of a "Unix system" back in 1993 (the directory hierarchy was basically a bunch of 3D boxes you could fly around), but here we are 20 years later looking at a code analyser which represents the information as.. a bunch of 3D boxes you can fly around :-)

      I know this!

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
    4. Re:3D visualisation by sourcerror · · Score: 2

      This is the reason why when I first used Unix (Solaris) in a comp sci lab, I was pretty disappointed.

  2. More general tool? by bughunter · · Score: 3, Insightful

    Interesting idea. It also looks like a potentially useful method for reverse engineering any code... not just trojans and worms.

    --
    I can see the fnords!
    1. Re:More general tool? by vikingpower · · Score: 2

      That is what I thought. Underpinning the whole of it by an easy-to-grasp and agreed-upon formalism ( the 3D equivalent of UML ? ) would be a next step, I presume.

      --
      Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  3. Obligatory XKCD by Anonymous Coward · · Score: 3, Informative

    Here you go, as always xkcd is relevant: http://xkcd.com/350/