Skip navigation.
Home

For consideration

I suppose this is a question to everyone reading this blog. If you were to have a tool that could locate similar instruction sequences in some large database, say all of the binaries on an installation, what would you like to see it do?

Based on the work/analysis of valsmith and others, I'm going to start by seeing if Win32.Klez has anything in common with Ubuntu, SuSE, and Mandrake.*

As I don't expect that to return any results, does anyone have any good Linux malware w/ analysis?

* Yes, I do realize that I'm doing a cross-platform analysis. Unfortunately, the people funding my research will not let me assume the risk for analysis of Windows. I might in the near future.

sorry i didnt see this

Somehow this blog didn't get promoted to the front page. In any case I doubt youll get much in common cross platform. Use the search and search for linux and you will find some stuff. Also check out the post named Pedro's malware quiz because I did some linux analysis there.

Good luck

V>

Linux Malware Analysis

I've done some analysis of some old Linux worms (like Ramen). Quite a bit deeper into parts it, than Max Vision's analysis. (Mostly the wu-ftp 2.6.0 format string exploit, with how to correct the return address to make it actually work.) When I have some time (like that will ever happen...) when I have some time I will need to write-up my notes into something intelligible to humans.
(Otherwise all of my analysies to date have been for windoze, ugh.)

--
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*