Title :
Assembly Reverse Analysis on Malicious Code of Web Rootkit Trojan
Author :
Wang, Yong ; Gu, Dawu ; Xu, Janping ; Zen, Fenyu
Author_Institution :
Dept. of Comput. Sci. & Eng., Shanghai Jiao Tong Univ., Shanghai, China
Abstract :
Web rootkits Trojan, which can download virus from remote control server and hide in BIOS, is very harmful to web security. Reverse assembly analysis on web rootkit Trojan can help virus analyzer to trace malicious code and find some immunization methods. The paper presents deeply reverse analysis methods of web rootkit Trojan according to malicious assembly codes. The MASM assembly instructions in malicious code are compared with turbo ASM to find the difference. Some famous Trojan, such as web downloader machine dog Trojan and BIOS Trojan, are assembly reverse analyzed. Finally, the paper proposed some detection and immunization methods of web rootkit Trojan using assembly language.
Keywords :
Internet; assembly language; computer network security; computer viruses; reverse engineering; BIOS trojan; MASM assembly instructions; Malicious Code; Web downloader machine dog trojan; Web rootkit trojan; Web security; assembly reverse analysis; immunization methods; remote control server; virus analyzer; Assembly systems; Computer hacking; Computer science; File systems; Immune system; Information analysis; Kernel; Management information systems; Power generation economics; Power system economics; assembly language; malicious code; reverse analysis; trojan;
Conference_Titel :
Web Information Systems and Mining, 2009. WISM 2009. International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3817-4
DOI :
10.1109/WISM.2009.107
