Title :
Automating uncompressing and static analysis of Conficker worm
Author :
Chuan, Lee Ling ; Lee Yee, Chan ; Ismail, Mahamod ; Jumari, Kasmiran
Author_Institution :
Fac. of Eng. & Built Environ., Univ. Kebangsaan Malaysia, Bangi, Malaysia
Abstract :
The infamous computer worm, Conficker, which targeting the Microsoft Windows operating system, was literally over the media. This malicious worm used modern malware technique, where it hide its malicious portion of the program code with a runtime generation and execution of program code and transforming it back into executable code at run time. This obfuscation technique poses obstacles to security researcher who want to understand the malicious features of new or unknown malware especially for those who want to create program of detection and methods of recovery. Our approach is based on observation that sequences of packed or hidden code in two different version of Conficker worm. Self-identifying when its runtime execution is checked against its static code mode and an automating uncompressing code is executed to unpack the packer. Following the extraction of the malicious worm, we focus our analysis on the features of Conficker worm.
Keywords :
data compression; invasive software; operating systems (computers); program debugging; program diagnostics; Microsoft Windows operating system; automating uncompressing code; computer worm; conficker worm static analyis; malicious worm extraction; malware technique; obfuscation technique; program code; static code mode; Computer security; Computer worms; Debugging; IP networks; Network servers; Operating systems; Reverse engineering; Runtime; Web and internet services; Web server; computer security; debugging; malware; packing; reverse engineering; unpacking;
Conference_Titel :
Communications (MICC), 2009 IEEE 9th Malaysia International Conference on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4244-5531-7
DOI :
10.1109/MICC.2009.5431495
