{"title":"反向代码工程:对Bagle病毒的深入分析","authors":"K. Rozinov","doi":"10.1109/IAW.2005.1495977","DOIUrl":null,"url":null,"abstract":"This paper is the result of work done in the field of reverse code engineering and how it could be applied to better detecting viruses and worms. The goal of this paper is to try to answer the following two questions: How do you reverse engineer a virus and can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? In addition, the paper describes the Bagle virus, the resources and environment used for analysis, the approach and techniques used to completely reverse engineer the Bagle virus, and some of the analysis problems encountered and their solutions. It also presents some best practices to use while reverse code engineering.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Reverse code engineering: an in-depth analysis of the Bagle virus\",\"authors\":\"K. Rozinov\",\"doi\":\"10.1109/IAW.2005.1495977\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper is the result of work done in the field of reverse code engineering and how it could be applied to better detecting viruses and worms. The goal of this paper is to try to answer the following two questions: How do you reverse engineer a virus and can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? In addition, the paper describes the Bagle virus, the resources and environment used for analysis, the approach and techniques used to completely reverse engineer the Bagle virus, and some of the analysis problems encountered and their solutions. It also presents some best practices to use while reverse code engineering.\",\"PeriodicalId\":252208,\"journal\":{\"name\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2005.1495977\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495977","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Reverse code engineering: an in-depth analysis of the Bagle virus
This paper is the result of work done in the field of reverse code engineering and how it could be applied to better detecting viruses and worms. The goal of this paper is to try to answer the following two questions: How do you reverse engineer a virus and can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? In addition, the paper describes the Bagle virus, the resources and environment used for analysis, the approach and techniques used to completely reverse engineer the Bagle virus, and some of the analysis problems encountered and their solutions. It also presents some best practices to use while reverse code engineering.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
