Thread: Dynamic File Analyser for Hostile Code
View Single Post
  #4  
Old 05-17-2004, 11:07
TQN TQN is offline
VIP
  
Join Date: Apr 2003
Location: Vietnam
Posts: 358
Rept. Given: 143
Rept. Rcvd 24 Times in 13 Posts
Thanks Given: 196
Thanks Rcvd at 168 Times in 51 Posts
TQN Reputation: 24
Thank for your informations, Polaris.
I known and have read some articles on Universitas Virtualis Bibliotheca Server (hxxp://bib.universitas-virtualis.org/) about Reverse Engineering the virus and hostile code. Some titles are:
- Reverse Engineering Hostile Code (pdf file)
- Reverse Engineering Malware (pdf file)
- Alien Autopsy: Reverse Engineering Win32 Trojans on Linux (pdf file)
However, all methods request to run the virus or hostile code on a machine or virtual machine (VMWare...), and if we have some mistake or carelessness ???
I am wonder, how some AntiVirus softwares know the virus? Do they statically scan the signature in the virus code or simulating run the virus code. Almost virus uses PE packing programs to pack them.
Regards
Reply With Quote