Assembly Reverse Analysis on Malicious Code of Web Rootkit Trojan

Author

Wang, Yong ; Gu, Dawu ; Xu, Janping ; Zen, Fenyu

Author_Institution

Dept. of Comput. Sci. & Eng., Shanghai Jiao Tong Univ., Shanghai, China

fYear

2009

fDate

7-8 Nov. 2009

Firstpage

501

Lastpage

504

Abstract

Web rootkits Trojan, which can download virus from remote control server and hide in BIOS, is very harmful to web security. Reverse assembly analysis on web rootkit Trojan can help virus analyzer to trace malicious code and find some immunization methods. The paper presents deeply reverse analysis methods of web rootkit Trojan according to malicious assembly codes. The MASM assembly instructions in malicious code are compared with turbo ASM to find the difference. Some famous Trojan, such as web downloader machine dog Trojan and BIOS Trojan, are assembly reverse analyzed. Finally, the paper proposed some detection and immunization methods of web rootkit Trojan using assembly language.

Keywords

Internet; assembly language; computer network security; computer viruses; reverse engineering; BIOS trojan; MASM assembly instructions; Malicious Code; Web downloader machine dog trojan; Web rootkit trojan; Web security; assembly reverse analysis; immunization methods; remote control server; virus analyzer; Assembly systems; Computer hacking; Computer science; File systems; Immune system; Information analysis; Kernel; Management information systems; Power generation economics; Power system economics; assembly language; malicious code; reverse analysis; trojan;

fLanguage

English

Publisher

ieee

Conference_Titel

Web Information Systems and Mining, 2009. WISM 2009. International Conference on

Conference_Location

Shanghai

Print_ISBN

978-0-7695-3817-4

Type

conf

DOI

10.1109/WISM.2009.107

Filename

5368278