• DocumentCode
    1707638
  • Title

    Reverse code engineering: an in-depth analysis of the Bagle virus

  • Author

    Rozinov, Konstantin

  • Author_Institution
    Dept. of Comput. & Inf. Sci., Polytech. Univ., Brooklyn, New York, USA
  • fYear
    2005
  • Firstpage
    380
  • Lastpage
    387
  • Abstract
    This paper is the result of work done in the field of reverse code engineering and how it could be applied to better detecting viruses and worms. The goal of this paper is to try to answer the following two questions: How do you reverse engineer a virus and can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? In addition, the paper describes the Bagle virus, the resources and environment used for analysis, the approach and techniques used to completely reverse engineer the Bagle virus, and some of the analysis problems encountered and their solutions. It also presents some best practices to use while reverse code engineering.
  • Keywords
    computer viruses; program diagnostics; reverse engineering; system recovery; Bagle virus; FFSig; RCE; attack prevention; computer virus detection; functional flow; reverse code engineering; system recovery; worm detection; Assembly; Best practices; Computer viruses; Computer worms; Cryptography; Information analysis; Information science; Protection; Reverse engineering; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
  • Print_ISBN
    0-7803-9290-6
  • Type

    conf

  • DOI
    10.1109/IAW.2005.1495977
  • Filename
    1495977
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1707638