Analysis and replication of Unix malware

Patrick L. Knight Authentium

With the prevalence of Windows-based viruses, trojans and rootkits keeping the AV industry fully occupied, little attention has been paid to malware for other platforms. However, recent news of malware affecting Mac OSX brings attention to the fact that the number of viruses and other malware affecting Unix platforms is increasing.

Unix malware comes in several forms: compiled executables (e.g. ELF format viruses such as Kaiten), rootkits, worms infecting HTTP servers, perl and bash scripts and now PHP scripts.

This paper will discuss various types of threats to Unix machines and explain techniques to analyse and replicate and analyse malware on Unix platforms. The examples will primarily be on a Linux platform, but many of the techniques will cross over to other Unix platforms such as FreeBSD, Sun and Mac OS.

Equivalent Unix tools to the common PE executable analysis tools currently used in the AV industry will be discussed as well as proper security measures to be used when handling Unix-based malware.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB100 certification
VB100 This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details.
See full results.

Virus Bulletin currently has 224,240 registered users.