Q

Can malware source code be used to stop a virus or worm?

Source code is a valuable tool to stop malware, and it can make malicious code analysis more effective and successful.

Although 10% of malware is now open source, can malware source code actually be valuable to a security professional as a way to stop a worm or virus?
Source code is a valuable tool to stop malware, and it can make malicious code analysis more effective and successful. Source code benefits outweigh the potential aid source code might give to a criminal.

Having malware source code will reduce the educated guesswork necessary to determine what the malware does to a system. This is especially true for malware that doesn't write to the disk or malware that could potentially be a rootkit. Since both of these types of malware may be difficult to analyze on a system, having source code available for an investigator speeds up analysis and gives him or her an outline of what is happening to...

the system. The source code can be used to determine if, what, where and how malware is sending data off a compromised target.

Having source code available also makes analysis faster because there is no need to reverse-engineer a binary. Reverse engineering complex algorithms used by malware can be done, but if an investigator could instead read the code to determine where to find updated malware peers or the encryption keys used, analysis efforts could easily be reduced.

Source code also provides educational value for investigators. If an investigator can practice reverse engineering malware where he/she has the source code, that person can use the source code to validate his or her findings from the reverse engineering. Reverse engineering will still be necessary, after all, since not all malware will have source code available.

This was first published in October 2009

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close