Analysis and replication of Unix malware

Patrick L. Knight Authentium

  download slides (PDF)

With the prevalence of Windows-based viruses, trojans and rootkits keeping the AV industry fully occupied, little attention has been paid to malware for other platforms. However, recent news of malware affecting Mac OSX brings attention to the fact that the number of viruses and other malware affecting Unix platforms is increasing.

Unix malware comes in several forms: compiled executables (e.g. ELF format viruses such as Kaiten), rootkits, worms infecting HTTP servers, perl and bash scripts and now PHP scripts.

This paper will discuss various types of threats to Unix machines and explain techniques to analyse and replicate and analyse malware on Unix platforms. The examples will primarily be on a Linux platform, but many of the techniques will cross over to other Unix platforms such as FreeBSD, Sun and Mac OS.

Equivalent Unix tools to the common PE executable analysis tools currently used in the AV industry will be discussed as well as proper security measures to be used when handling Unix-based malware.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.