Chapter 12: Malware Code Analysis

skip navigation

honeypots for windows
Chapter 12 - Malware Code Analysis
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

Highlights

Real honeypots often end up containing malicious files that the hacker either executed as part of the initial exploit or uploaded later for more maliciousness. Administrators experienced in disassembly can, at their discretion, disassemble the executable and learn exactly what it does, byte by byte. Administrators without these skills are, at best, guessing what the code does.

Without disassembly, the best you can do is to examine the file for embedded ASCII strings, monitor system and file modifications, and look at network communications. But ASCII strings are often encrypted, and malicious code doesn’t always do everything it can do at once. For instance, viruses and worms often wait for a particular circumstance—such as a certain date to occur, the administrator to log in, or a particular command to be typed—before their payload action executes. How can you be sure that you know everything the malware can do? Disassemble it.

This chapter discusses analyzing and disassembling malware code to reveal its functionality and feature set. It will summarize the basic steps, describe the various tools available, and give you an idea of how malware writers work. Along the way, I’ll provide plenty of recommendations for further research on each topic.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net