Security Basics mailing list archives
Can Reverse Engineering Help In Stopping Worms?
From: Konstantin Rozinov <krozinov () gmail com>
Date: Wed, 5 Jan 2005 17:03:40 -0500
I thought I'd announce a paper I wrote a few months ago which may interest some of you. You may have seen it elsewhere. If so, my apologies. The paper is available here: http://rozinov.sfs.poly.edu/papers/bagle_analysis_v.1.0.pdf The goal of this paper is to try to answer the following three questions: 1. How do you reverse engineer a virus? 2. Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? 3. Can reverse engineering be done more efficiently? The paper is organized into five sections and two appendixes. Section 1 is the introduction. Section 2 reviews basic x86 concepts, including registers, assembly, runtime data structures, and the stack. Section 3 gives a brief introduction to viruses, their history, and their types. Section 4 delves into the Bagle virus disassembly, including describing the techniques and resources used in this process as well as presenting a high level functional flow of the virus. Section 5 presents the conclusions of this research. Appendix A provides a detailed disassembly of the Bagle virus, while Appendix B presents the derived source code of the Bagle virus, as a result of this research. The paper is available here: http://rozinov.sfs.poly.edu/papers/bagle_analysis_v.1.0.pdf I appreciate all feedback. Thanks, Konstantin Rozinov
Current thread:
- Can Reverse Engineering Help In Stopping Worms? Konstantin Rozinov (Jan 05)
- <Possible follow-ups>
- Re: Can Reverse Engineering Help In Stopping Worms? Don Parker (Jan 06)