Malware dissection 101


Iím lucky enough to be sent interesting new malware examples and hacker exploits to examine and figure out. For the most part, senders look to me for clues about how the program works and what it does or is capable of doing after it has successfully compromised a host.

Because my disassembly skills arenít what they used to be, I often send the malware examples to my professional friends at anti-virus companies, Dshield, and other submission locations. They are better at it and are better equipped. But occasionally they donít have the same sense of urgency or interest that I do.

This was recently reinforced twice: I sent two malware examples to my normal analysts, but they didnít respond quickly enough. Gee, maybe they have real lives and jobs besides being my personal malware analysts? Malware dissection 101 | InfoWorld | Column | 2006-02-24 | By Roger A. Grimes

Linked by shanmuga Monday, 27th February 2006 6:08AM