Reverse engineering and Java viral analysis

Daniel Reynaud-Plantey Army Signals Academy, Virology and Cryptology Laboratory, Rennes, France & Ecoles de Coëtquidan, Ecole Spéciale Militaire, Guer, France

  Technical stream: Thursday 6 October 2005, 11:20 - 12:00.

Reverse engineering of Java class files is quite different from traditional reverse engineering and some of its particularities are very likely to be used by Java virus developers in order to make hostile code harder to analyse.

After a brief introduction to the bytecode format, the paper will show to what extent the Java reverse engineering differs from native code analysis. The second part deals with the way the bytecode can be protected from decompilers with a hands-on approach. The examples of code mangling and the generation of errors in decompilers could be used by virus developers to armour their malicious code, this is why these protections need to be studied as well as the possible ways to defeat them. The last part covers the ways to analyse the behaviour of Java viruses indirectly, by examining the code attached to their targets.

Reverse engineering is often used by crackers in order to bypass software security. But here it is considered as a powerful tool, which must be mastered in order to prevent Java viruses from spreading in a possibly near future.

Poll

Will taking client-side security 'into the cloud' provide better security for the end user?
Yes
No
I don't know

Leave a comment
View 1 comment
Jobs Recruit Sidebar

VB100 certification

VB100 VB's testing team put 24 anti-malware products to the test on the server version of Microsoft's latest iteration of the Windows platform: Windows Server 2008. John Hawes has all the details on which products managed to secure a VB100 award and which need have a little more work to do.
See full results.
Virus Bulletin currently has 142,696 registered users.