Analysis and replication of Unix malware

Patrick L. Knight Authentium

Technical stream: Friday 13 October 2006, 10:40 - 11:20.

With the prevalence of Windows-based viruses, trojans and rootkits keeping the AV industry fully occupied, little attention has been paid to malware for other platforms. However, recent news of malware affecting Mac OSX brings attention to the fact that the number of viruses and other malware affecting Unix platforms is increasing.

Unix malware comes in several forms: compiled executables (e.g. ELF format viruses such as Kaiten), rootkits, worms infecting HTTP servers, perl and bash scripts and now PHP scripts.

This paper will discuss various types of threats to Unix machines and explain techniques to analyse and replicate and analyse malware on Unix platforms. The examples will primarily be on a Linux platform, but many of the techniques will cross over to other Unix platforms such as FreeBSD, Sun and Mac OS.

Equivalent Unix tools to the common PE executable analysis tools currently used in the AV industry will be discussed as well as proper security measures to be used when handling Unix-based malware.

VB Conferences

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘VB is an excellent conference for networking.’

Poll

Will new browsers like Firefox 3, Internet Explorer 8 and Opera 9.5 help fight web-based malware?

Leave a comment
View 15 comments

VB2008

VB2008 will take place 1-3 October 2008 at the Westin Ottawa, Canada. Registration has opened; please check the call for papers.

Virus Bulletin currently has 127,159 registered users.

Fighting malware and spam