Reverse Engineering Win32 Trojans on Linux

slackrootcyc writes "A post (and previous article) give a detailed examination of the reversing process, using a trojan found in the wild. Later on in the story it discusses some techniques for reversing Windows-native code entirely under Linux."

Win32 Trojans...

[JessLeah]

...the condoms that bluescreen.

Where do you want to Put It Today?(TM)

Violation of the DMCA!!

[SuperDuG]

hehehehe wonder if Symantec and Network Associates will sue for having their code reverse engineered ...

wait a minute anti-virus software makers don't make virii, what was I thinking

Uh Oh...

[nothing safe]

*GASP* Does this mean that the cat is out of the bag with that top secret trojan known as 'Sub7'?

Make Win32 Trojans Open Source

[Slashdotess]

This is why we should be coding everything in Open Source. The fact being is, in this highly dynamic internet society today Trojans can hide their code to prevent security professionals from doing their job. When we finally open source these trojans, our software will become more secure because programmers from around the world can work on making the trojans and the programs the effect faster, better, and more secure.

Currently, trojans are badly written because of their inherent proprietary nature. Using something like sourceforge a multitude of coders can be simultaneously working on different parts of a trojan while the open source community can review, debug and test the code for infectioness effectiveness.

Only when we make Trojans open source will we realize that our computer controlled Oil tankers accross the world will be safe from Da Vinci.

Trojan Writers

[Dakisha]

And in further news, trojan writers worldwide file a DMCA suit against linux users for circumventing there security and reverse compiling there intelectual property ;)

Coming soon!

[Anonymous Coward]

With any luck, the anti-virus companies will soon start to figure out how to write linux viri...

They've done a darn good job on win32! Just imagine the amount of work they've put in... Especially when all you need is the following options:

o Remove .Exe attachments
o Remove .Com attachments
o Remove embedded (inline) e-mail files.

But wait, that'd be too easy!

Re:Violation of the DMCA!!

[Istealmymusic]

Even something as benign as VNC or Radmin can be turned to the "dark side."

As well as a benign utility such as SubSeven or NetBus.

Re:Violation of the DMCA!!

[Anonymous Coward]

and several cows (that is plural of cow) roamed the farms.