Title :
Reverse code engineering: an in-depth analysis of the Bagle virus
Author :
Rozinov, Konstantin
Author_Institution :
Dept. of Comput. & Inf. Sci., Polytech. Univ., Brooklyn, New York, USA
Abstract :
This paper is the result of work done in the field of reverse code engineering and how it could be applied to better detecting viruses and worms. The goal of this paper is to try to answer the following two questions: How do you reverse engineer a virus and can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? In addition, the paper describes the Bagle virus, the resources and environment used for analysis, the approach and techniques used to completely reverse engineer the Bagle virus, and some of the analysis problems encountered and their solutions. It also presents some best practices to use while reverse code engineering.
Keywords :
computer viruses; program diagnostics; reverse engineering; system recovery; Bagle virus; FFSig; RCE; attack prevention; computer virus detection; functional flow; reverse code engineering; system recovery; worm detection; Assembly; Best practices; Computer viruses; Computer worms; Cryptography; Information analysis; Information science; Protection; Reverse engineering; Viruses (medical);
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495977
