I suppose this is a question to everyone reading this blog. If you were to have a tool that could locate similar instruction sequences in some large database, say all of the binaries on an installation, what would you like to see it do?
Based on the work/analysis of valsmith and others, I'm going to start by seeing if Win32.Klez has anything in common with Ubuntu, SuSE, and Mandrake.*
As I don't expect that to return any results, does anyone have any good Linux malware w/ analysis?
* Yes, I do realize that I'm doing a cross-platform analysis. Unfortunately, the people funding my research will not let me assume the risk for analysis of Windows. I might in the near future.