Can Reverse Engineering Help In Stopping Worms?

[Konstantin Rozinov <krozinov () gmail com>]

I thought I'd announce a paper I wrote a few months ago which may
interest some of you. You may have seen it elsewhere.  If so, my
apologies.

The paper is available here:
http://rozinov.sfs.poly.edu/papers/bagle_analysis_v.1.0.pdf

The goal of this paper is to try to answer the following three questions: 
1. How do you reverse engineer a virus?
2. Can reverse engineering a virus lead to better ways of detecting,
preventing, and recovering from a virus and its future variants?
3. Can reverse engineering be done more efficiently? 

The paper is organized into five sections and two appendixes. Section
1 is the introduction. Section 2 reviews basic x86 concepts, including
registers, assembly, runtime data structures, and the stack. Section 3
gives a brief introduction to viruses, their history, and their types.
Section 4 delves into the Bagle virus disassembly, including
describing the techniques and resources used in this process as well
as presenting a high level functional flow of the virus. Section 5
presents the conclusions of this research. Appendix A provides a
detailed disassembly of the Bagle virus, while Appendix B presents the
derived source code of the Bagle virus, as a result of this research.

The paper is available here:
http://rozinov.sfs.poly.edu/papers/bagle_analysis_v.1.0.pdf

I appreciate all feedback.

Thanks,
Konstantin Rozinov