Problem solve Get help with specific problems with your technologies, process and projects.

Can malware source code be used to stop a virus or worm?

Source code is a valuable tool to stop malware, and it can make malicious code analysis more effective and successful.

Although 10% of malware is now open source, can malware source code actually be valuable to a security professional as a way to stop a worm or virus?
Source code is a valuable tool to stop malware, and it can make malicious code analysis more effective and successful. Source code benefits outweigh the potential aid source code might give to a criminal.

Having malware source code will reduce the educated guesswork necessary to determine what the malware does to a...

system. This is especially true for malware that doesn't write to the disk or malware that could potentially be a rootkit. Since both of these types of malware may be difficult to analyze on a system, having source code available for an investigator speeds up analysis and gives him or her an outline of what is happening to the system. The source code can be used to determine if, what, where and how malware is sending data off a compromised target.

Having source code available also makes analysis faster because there is no need to reverse-engineer a binary. Reverse engineering complex algorithms used by malware can be done, but if an investigator could instead read the code to determine where to find updated malware peers or the encryption keys used, analysis efforts could easily be reduced.

Source code also provides educational value for investigators. If an investigator can practice reverse engineering malware where he/she has the source code, that person can use the source code to validate his or her findings from the reverse engineering. Reverse engineering will still be necessary, after all, since not all malware will have source code available.

This was last published in October 2009

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.