Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher's Tool Maps Malware In Elegant 3D Model

Posted by samzenpus on from the making-bad-pretty dept.

Sparrowvsrevolution writes "At the Shmoocon security conference later this month, Danny Quist plans to demo a new three-dimensional version of a tool he's created called Visualization of Executables for Reversing and Analysis, or VERA, that maps viruses' and worms' code into intuitively visible models. Quist, who teaches government and corporate students the art of reverse engineering at Los Alamos National Labs, says he hopes VERA will make the process of taking apart and understanding malware's functionality far easier. VERA observes malware running in a virtual sandbox and identifies the basic blocks of commands it executes. Then those chunks of instructions are color-coded by their function and linked by the order of the malware's operations, like a giant, 3D flow chart. Quist provides a sample video showing a model of a section of the Koobface worm."

4 of 36 comments (clear)

  1. 3D visualisation by Mannfred · · Score: 4, Insightful

    We rolled our eyes at Jurassic Park's representation of a "Unix system" back in 1993 (the directory hierarchy was basically a bunch of 3D boxes you could fly around), but here we are 20 years later looking at a code analyser which represents the information as.. a bunch of 3D boxes you can fly around :-)

    1. Re:3D visualisation by Rizimar · · Score: 5, Informative

      Only that "representation" in Jurassic Park was an actual application called File System Navigator.

  2. More general tool? by bughunter · · Score: 3, Insightful

    Interesting idea. It also looks like a potentially useful method for reverse engineering any code... not just trojans and worms.

    --
    I can see the fnords!
  3. Obligatory XKCD by Anonymous Coward · · Score: 3, Informative

    Here you go, as always xkcd is relevant: http://xkcd.com/350/