Ask the Expert

Can malware source code be used to stop a virus or worm?

Although 10% of malware is now open source, can malware source code actually be valuable to a security professional as a way to stop a worm or virus?

    Requires Free Membership to View

Source code is a valuable tool to stop malware, and it can make malicious code analysis more effective and successful. Source code benefits outweigh the potential aid source code might give to a criminal.

Having malware source code will reduce the educated guesswork necessary to determine what the malware does to a system. This is especially true for malware that doesn't write to the disk or malware that could potentially be a rootkit. Since both of these types of malware may be difficult to analyze on a system, having source code available for an investigator speeds up analysis and gives him or her an outline of what is happening to the system. The source code can be used to determine if, what, where and how malware is sending data off a compromised target.

Having source code available also makes analysis faster because there is no need to reverse-engineer a binary. Reverse engineering complex algorithms used by malware can be done, but if an investigator could instead read the code to determine where to find updated malware peers or the encryption keys used, analysis efforts could easily be reduced.

Source code also provides educational value for investigators. If an investigator can practice reverse engineering malware where he/she has the source code, that person can use the source code to validate his or her findings from the reverse engineering. Reverse engineering will still be necessary, after all, since not all malware will have source code available.

This was first published in October 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: