Analysis and replication of Unix malware presented at Virus Bulletin 2006

by Patrick l. Knight (Authentium),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2006/abstracts/Knight.xml

Summary : With the prevalence of Windows-based viruses, trojans and rootkits keeping the AV industry
fully occupied, little attention has been paid to malware for other platforms. However,
recent news of malware affecting Mac OSX brings attention to the fact that the number of
viruses and other malware affecting Unix platforms is increasing.Unix malware comes in several forms: compiled executables (e.g. ELF format viruses such as
Kaiten), rootkits, worms infecting HTTP servers, perl and bash scripts and now PHP scripts.

This paper will discuss various types of threats to Unix machines and explain techniques
to analyse and replicate and analyse malware on Unix platforms. The examples will primarily
be on a Linux platform, but many of the techniques will cross over to other Unix platforms
such as FreeBSD, Sun and Mac OS.Equivalent Unix tools to the common PE executable analysis tools currently used in the
AV industry will be discussed as well as proper security measures to be used when
handling Unix-based malware.