Patrick L. Knight Authentium
download slides (PDF)
With the prevalence of Windows-based viruses, trojans and rootkits keeping the AV industry fully occupied, little attention has been paid to malware for other platforms. However, recent news of malware affecting Mac OSX brings attention to the fact that the number of viruses and other malware affecting Unix platforms is increasing.
Unix malware comes in several forms: compiled executables (e.g. ELF format viruses such as Kaiten), rootkits, worms infecting HTTP servers, perl and bash scripts and now PHP scripts.
This paper will discuss various types of threats to Unix machines and explain techniques to analyse and replicate and analyse malware on Unix platforms. The examples will primarily be on a Linux platform, but many of the techniques will cross over to other Unix platforms such as FreeBSD, Sun and Mac OS.
Equivalent Unix tools to the common PE executable analysis tools currently used in the AV industry will be discussed as well as proper security measures to be used when handling Unix-based malware.