2005-05-12

Malware analysis and the long days of May

The long period without an update is not without a good cause; I am currently finishing a paper on an XML Framework for intrusion detection signatures. The paper is technically finished, but not polished to where I would feel comfortable for the world+dog to read it. So, for anyone concerned I had been redirected to /dev/null, fear not.

The Internet Storm Center handler's diary for today has an excellent write-up on malware analysis by Tom Liston, one of information security's more colorful personalities. I first became familiar with Tom's work during the CodeRed outbreak in 2001, when he developed a little piece of bandwidth-saving code that later grew into the LaBrea Tarpit. If you have ever wondered what sort of work and insight go into basic (yes, I said basic) malware analysis, this article offers a peek into the field. As you might expect, the work done here is merely the tip of the iceberg when it comes to analyzing malicious code. Tom doesn't even go into the details of shellcode used to overwrite stack pointers, assembly code tracing, and packet captures often analyzed in reverse engineering malware.

No comments: