Malware Analysis / Análisis de SW malicioso

Whitepapers Tools Web AV (Online) AV (Free)

This Web page focuses on how to analize and reverse engineer malware (Malicious Software) specimens, IMHO, one of the most interesting topics in the security field, typically associated to virus, worms, trojans, spyware, adware... that is, malware.
Esta página Web contiene información sobre en análisis de software maliciosos (malware).

Whitepapers / Artículos

The Evolution of Malicious Agents Lenny Zeltser May, 2000

Reverse Engineering Malware Lenny Zeltser May, 2001

Reverse Engineering Hostile Code Joe Stewart October 23, 2002

Alien Autopsy: Reverse Engineering Win32 Trojans on Linux Joe Stewart November 14, 2002

Trojan Horses Ed Skoudis December 12, 2003

Malware Analysis for Administrators S. G. Masood May 20, 2004

Spyware explained Joanthan Read May 28, 2004

Attacking Obfuscated Code with IDA Pro Chris Eagle. Black Hat USA 2004 Summer 2004

Reverse Code Engineering: An In-Depth Analysis of the Bagle Virus Konstantin Rozinov August 2004

Honeynet Project "Scan of the Month" challenges, SotM 32 David Pérez, Jorge Ortiz y Raúl Siles September 2004

Anti-spyware Test (Guide) Eric L. Howes October, 2004

Honeynet Project "Scan of the Month" challenges, SotM 33 Nicolas Brulez December 2004

MS AntiSpyware vs Ad-Aware vs SpyBot Team Flexbeta January 2005

Red Pill... or how to detect VMM using (almost) one CPU instruction Joanna Rutkowska

Introduction to Reverse Engineering Win32 Applications trew May 2005

Malicious Malware: attacking the attackers, part 1 T. Holz, F. Raynal January 2006

Malicious Malware: attacking the attackers, part 2 T. Holz, F. Raynal February 2006

Tools / Herramientas

mwcollect Georg Wicherski Solution to collect worms and other autonomous spreading malware in FreeBSD or Linux

Sysinternals Mark Russinovich Advanced Windows tools: File/TDI/P/Disk/Port/RegMON, PSTools, TCPView...

IDA Pro Disassembler Data Rescue The "commercial" debugger/disassembler (Eval for Windows)

LordPE Yoda PE (Portable Executable) files editor and manager

Web

LURQ Malware technical analysis

Spywarewarrior Rogue/Suspect Anti-Spyware Products & Web Sites, comparisons, testing...

Malware.com Windows vulnerabilities and exploits

Sophos virus info Material about viruses, hoaxes, trojans, spyware...

McAfee virus info Removal tools, current threads...

Symantec security response Removal tools, current threads...

Trendmicro security information Virus rating and current threads...

F-Secure virus information Virus stats, current threads...

Messagelabs Intelligence Global e-mail security threats

FortiProtectCenter Virus and attacks encyclopedia

AntiVirus (online)

Virustotal Multi-analysis malware engine (using several antivirus)

Norman Sandbox (NSIC) Malware analysis engine (sandbox)

McAfee Free Scan McAfee VirusScan AV

Symantec Security Check Security Scan and Virus Detection

Trendmicro HouseCall Free online Trendmicro virus scanner

Bitdefender scan online Free online Bitdefender virus scan

Parasites Find unsolicited commercial software in your system

Panda ActiveScan Free online Panda antivirus

Free AntiVirus and Malware detection software

AntiVir Personal Edition Classic (for Windows 98/Me and XP (XP&2000&NT), Linux/OpenBSD/FreeBSD/Solaris)

AVG Anti-Virus Windows

F-Prot Windows, Linux, DOS, Solaris, BSD

Avast Home Edition - Windows

Spybot Search & Destroy Windows (Spyware)

Ad-aware SE Personal - Windows (Adware)

MS Windows AntiSpyware (Beta) Windows (Spyware)

The Evolution of Malicious Agents	Lenny Zeltser	May, 2000
Reverse Engineering Malware	Lenny Zeltser	May, 2001
Reverse Engineering Hostile Code	Joe Stewart	October 23, 2002
Alien Autopsy: Reverse Engineering Win32 Trojans on Linux	Joe Stewart	November 14, 2002
Trojan Horses	Ed Skoudis	December 12, 2003
Malware Analysis for Administrators	S. G. Masood	May 20, 2004
Spyware explained	Joanthan Read	May 28, 2004
Attacking Obfuscated Code with IDA Pro	Chris Eagle. Black Hat USA 2004	Summer 2004
Reverse Code Engineering: An In-Depth Analysis of the Bagle Virus	Konstantin Rozinov	August 2004
Honeynet Project "Scan of the Month" challenges, SotM 32	David Pérez, Jorge Ortiz y Raúl Siles	September 2004
Anti-spyware Test (Guide)	Eric L. Howes	October, 2004
Honeynet Project "Scan of the Month" challenges, SotM 33	Nicolas Brulez	December 2004
MS AntiSpyware vs Ad-Aware vs SpyBot	Team Flexbeta	January 2005
Red Pill... or how to detect VMM using (almost) one CPU instruction	Joanna Rutkowska
Introduction to Reverse Engineering Win32 Applications	trew	May 2005
Malicious Malware: attacking the attackers, part 1	T. Holz, F. Raynal	January 2006
Malicious Malware: attacking the attackers, part 2	T. Holz, F. Raynal	February 2006

mwcollect	Georg Wicherski	Solution to collect worms and other autonomous spreading malware in FreeBSD or Linux
Sysinternals	Mark Russinovich	Advanced Windows tools: File/TDI/P/Disk/Port/RegMON, PSTools, TCPView...
IDA Pro Disassembler	Data Rescue	The "commercial" debugger/disassembler (Eval for Windows)
LordPE	Yoda	PE (Portable Executable) files editor and manager

LURQ	Malware technical analysis
Spywarewarrior	Rogue/Suspect Anti-Spyware Products & Web Sites, comparisons, testing...
Malware.com	Windows vulnerabilities and exploits

Sophos virus info	Material about viruses, hoaxes, trojans, spyware...
McAfee virus info	Removal tools, current threads...
Symantec security response	Removal tools, current threads...
Trendmicro security information	Virus rating and current threads...
F-Secure virus information	Virus stats, current threads...
Messagelabs Intelligence	Global e-mail security threats
FortiProtectCenter	Virus and attacks encyclopedia

Virustotal	Multi-analysis malware engine (using several antivirus)
Norman Sandbox (NSIC)	Malware analysis engine (sandbox)
McAfee Free Scan	McAfee VirusScan AV
Symantec Security Check	Security Scan and Virus Detection
Trendmicro HouseCall	Free online Trendmicro virus scanner
Bitdefender scan online	Free online Bitdefender virus scan
Parasites	Find unsolicited commercial software in your system
Panda ActiveScan	Free online Panda antivirus

AntiVir	Personal Edition Classic (for Windows 98/Me and XP (XP&2000&NT), Linux/OpenBSD/FreeBSD/Solaris)
AVG Anti-Virus	Windows
F-Prot	Windows, Linux, DOS, Solaris, BSD
Avast	Home Edition - Windows
Spybot Search & Destroy	Windows (Spyware)
Ad-aware	SE Personal - Windows (Adware)
MS Windows AntiSpyware (Beta)	Windows (Spyware)