Jump to content
Tuts 4 You

An Approach Towards Disassembly of Malicious Binary Executables

Teddy Rogers

About This File

In the recent past computer security has become an issue of foremost importance for individuals, businesses, and governments. Hostile programmers, who write programs with malicious intents of collecting private information, spread spam, etc. breach the existing security measures. Whenever these hostile programmers, specifically virus/worm writers, succeed in spreading a virus or a worm, there is a significant loss to businesses. For example, mi2g website [6] quotes that within one quarter the NetSky worm and all its A - Q variants put together, had already caused between $35.8 billion and $43.8 billion of estimated economic damages worldwide. The website also quotes that, in March, combined losses due to the three worms Beagle, MyDoom, and NetSky crossed the $100 billion mark within a week.

The war between hostile programmers and antivirus writers resembles any classic arms escalation. The first step in countering the malicious attacks is to identify the malicious programs. Antivirus companies use several dynamic and static analysis techniques to identify malware [25]. Most of the Anti-Virus (AV) tools depend upon knowledge of what are called "virus signatures" which are nothing but patterns of system calls. If these AV tools can find a particular signature in their database of currently known patterns, they raise an alarm. To identify signatures from a malicious program or to understand and counteract the malicious behaviour, we need to analyse the executable. This typically requires converting the byte sequence of an executable to an intermediate representation.

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...