Hacking the Malware A reverse-engineers analysis

Short Description
network, the primary Windows XP virtual machine, Windows 2000 professional, Fedora ….. Counter hack Malware Template. URL: http://www.counterhack.net/

Website: www.geocities.com | Filesize: 382kb

Content
Hacking the Malware- A reverse-engineer’s analysis
“It’s getting harder to trust your IM buddies: A new worm in the wild purports to
be a warning from one of your buddies about a computer virus.”
- darkreading.com
RAHUL MOHANDAS
http://rahulmohandas.blogspot.com/
This document is a compendium of my research on malicious software and
provides an insight into how the real world exploitation is done. I have also
discussed how effective are the current security products in subverting the
attacks.1
Section 1: Introduction…………………………………………………………………………………………………..2
1.1 Overview………………………………………………………………………………………………………..2
1.2 Background Information……………………………………………………………………………………..2
Section 2: Methodology………………………………………………………………………………………………….3
2.1 Controlled Environment……………………………………………………………………………………..3
2.2 Static and Dynamic Analysis………………………………………………………………………3
2.3 Preparation and Verification…………………………………………………………………………….4
Section 3: Method of Infection………………………………………..7
3.1 Vulnerability Overview…………………………………………………………………………………….7
3.2 Exploit Unleashed - ms06-014 .. …………………………………………………….7
Section 4: Worm Architecture……………………………………………………………………………………10
4.1 Worm Overview………………………………………………………………………………………10
4.2 Static Analysis………………………………………………………………………………………11
4.3 Program Code - Exposed……………………………………………………………………………..13
4.4 Dynamic Analysis……………………………………………………………………………….16
4.5 The Evolution………………………………………………………………….18
Section 5: Defensive Measures……………………………………………………………………………………20
5.1 Trojan Variants……………………………………………………………………………………….20
5.2 Antivirus Signatures…………………………………………………………………………………..20
5.3 IPS Signatures…………………………………………………………………………………………….23
5.4 Infection Statistics…………………………23
Section 6: References…………………………………………………………………………………………25…