Malware Reverse Engineering: part 1 Introduction To Malware Reverse Engineering

Malware is defined as any program that performs undesired functions , a big example for malwares is computer viruses , Trojans and Rootkits, they perform malicious function that are not desired by the user...

Reverse Engineering   is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation. It often involves taking something (e.g., a mechanical device, electronic component, software program, or biological, chemical, or organic matter) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original. [ Wikipedia ].

combining the two words 

Malware Reverse Engineering is the process of discovering how a Malware works , the exact functions it does to the system through analysis of its structure and operation , it usually involves running the malware in a closed monitored Environment and detecting every change it does to the system .

Why Malware Reverse Engineering ?
malware reverse engineering allows us to understand virus behavior  allowing us to develop disinfection techniques or even to upgrade and develop the malicious activities of the malware itself  , like any thing in this world , malware reverse engineering can be used in a good way or in an evil way ...

Types of Malware 

Computer Viruses

A computer virus is small infectious and destructive software that can replicate itself and go on to infect other computers. A computer virus is usually executable software. Computer viruses can be contacted through downloads and various mode of email and instant messaging attachments. A virus then attaches itself to existing programs on the target computer. The main aim is to corrupt the computer system. Computer viruses can be removed by installing and running antivirus or antimalware programs.


Similar to a computer virus, worms are infectious and self-replicating. However, Computer worms work with computer networks. The worm utilizes a computer network to send replicas of itself to connecting computes on that network. Computer worms can replicate in create volume and it poses a great threat to large computer networks. Computer worms can be removed using malware removal tools.

Trojan horse

A Trojan or a Trojan horse is a form of computer malware that can be installed on a computer system through deceptive means. The Trojan is presented to the user as a form of a free useful software or add-on. However, once installed, the Trojan horse gives access to hackers, who can then carry out their criminal operations on the target computer from a remote station. Trojan horses can be removed either manually or by using antivirus software programs.


Spyware is a form of malware program installed secretly on a computer system that collects and sends information about its usage and other confidential and personal data to the developer in an unethical manner. A computer system can get infected with spyware through deceptive ways such as free online scanning, Internet add-ons or plugins, dubious websites and images or even through a search engine. Spyware can be removed using antispyware removal tools.


Adware is short for Advertisement-supported software. The program is designed to display advertisements on a computer system. However, some adware are dishonest and therefore can be classified as spyware - because that is what it does - spy on the computer user and also steal user sensitive information. Adware can also be removed using trusted spyware or malware removal tools.


Crimeware is a form of malware created specifically to perpetrate crime on the Internet. The main aim of crimeware is to steal financial and confidential information such as credit card data and passwords and use this to access private online bank accounts or financial services - identity theft. Crimeware can be installed through social engineering and tricky manipulation of people which leads them to release their confidential information. This malware can also be installed through vulnerabilities in software applications or email attachments.


Keyloggers are created to monitor user keystrokes and the information are logged and reported to the person or organization who installed them. Keyloggers may be used by organizations to monitor workers or employees activities. Keyloggers can also be used as a form of spyware to steal confidential information and commit identity theft.


Hijacker is a form of malware that changes the browser setting of the user's computer and redirected to of the developers choice. The user is usually redirected to start pages and search pages for paid advertising. Hijackers may slow the computer and cause the browser to crash.

Rogue Security Software

Rogue security software is a form of malware that manipulates and scare people into buying a full version of fake application software. The fake software displays bogus scan reports and alerts, which are actually simulated to trick the user. The program takes over the whole computer system to prevent removal and in most cases block other applications including legitimate anti-malware programs from running.

History of Malware 

1947 -The birth of the word bug :
in 1947 Grace Murray Hopper , a researcher at Harvord , noted a system failure and found a moth trapped in relay panels.that is why till today the word bug and debug lives

1971- The creeper virus appears on ARPANET , forerunner of the internet , it replicated itself and displays the message :" I am the creeper catch me if you can " .

1974 - A virus named Rabbit spread accross a network , generating copies of itself , impairing performance till computer crashes

1981 - The first widespread outbreak of a virus on the Apple II platform , Elk Cloner , spread by floppy disk and infects boot sectors , generating messages and impairing performance .

1983 - the term "computer virus " comes into vogue after professer LEn Adleman at Lehigh University demonstrates the concept at a seminar .

1986-  The first global epidemic on the PC platform , the Brain cirus ,shows that people are clueless about protection.

1987 - The Vienna virus outbreak , the first virus to destroy data

1987 - Birth of Antivirus :
one of Vienna's alleged authors created a program to neutralize it , the Predecessor to today's Antivirus software

1989 - IBM introduces Virusscan for MS-Dos , it sold for $35

1990 - The first polymorphic virus that adapts and changes to avoid detection , The Chameleon 

1991 - Many antivirus vendors entered the market , Including Norton (later Symantec )

1996 - Virus writers begin to assault the MS Windows platform , Laroux , the first Excell virus , appears in the vild

2003 - Widespread Internet Attacks , Slammer infects memory and caused networks to be clogged and to shutdown.

2007 - Botnets infects millions world wide , Zombie systems and DOS (Denial if Service ) attacks ,compromise passwords and data.

2010-Today - Malware are now Weapons of war , Cyber Warefare , the became enterprise and even State developed and supported for all benefits of Espionage and Strategic hits , Stuxnet and flame virus are some of the examples of malware directed to hit infrastructural assets of enterprises and rival countries .

Reading :

Confirmed: US and Israel created Stuxnet, lost control of it

Flame , the most powerful computer virus in history

No comments:

Post a Comment