Malware Examination on Gnu/Linux: Wirenet Case Study
Primary Investigator:
Marcus Thompson
Adolfo Montironi
Abstract
Although the general perception may be GNU/Linux is a malware free environment, it is not immune to malicious programs. In fact, malware developers constantly increase their ability, creativity, and effort to target this operating system. Wirenet is a password-stealing trojan able to affect GNU/Linux systems, looking for user’s sensitive data and uploading it to a command and control (C&C) server. This study will examine a GNU/Linux system infected by Wirenet using basic static and dynamic analysis as well as memory forensic techniques. In addition, a practical procedure will be developed to perform general malware examinations on a GNU/Linux environment.