A Quick and Efficient Method For Locating the main () function of Linux ELF Malware Variants


Linux is a family of open source operating systems (OS) commonly used to run internet of things (IoT) devices and web servers. The prevalence of the OS, as expected, has turned it into a valuable target for cybercriminals casting wide nets to reach more potential victims.

In the past few years, Linux systems have been susceptible to attacks involving ransomwarecryptocurrency miners, botnetsand other types of malware. The successful deployment of the said attacks refutes an old notion that machines and devices that run Linux are less likely to be affected by malware.

To come up with effective countermeasures, we constantly work on developing methods to address concerns pertaining to attacks against Linux systems, for example, by looking for ways to conduct quick and efficient analysis of malware samples that leads to their eventual detection and blocking. One of these methods involves reverse engineering files to locate the address of the main()function, which usually contains code that malware authors craft to start malicious routines.

Read more…
Source: Trend Micro