»Malicious Linux Binaries: A Landscape (in English)«
2019-08-03, 17:10–17:50, Radisson Lisboa

Linux applications are finding their role on important computer systems. As their use grow, they become target for malware. Therefore, understanding the security impacts of malware infections on them is essential to allow system hardening and countermeasures development. In this talk, we discuss the challenges and pitfalls of analyzing Linux malware samples. We demonstrate how malware analysis procedures can be conducted leveraging native Linux tools and techniques leveraged by malware samples to bypass them. For instance, we show how code obfuscation bypass objdump-based disassembly, how self-ptrace checks can be used to bypass strace monitoring routines, and an LD_PRELOAD-based rootkit to hide processes from the ps tool. We show analysis results of 4K real ELF malware samples, including ransomware and ssh backdoors, to draw a landscape of current Linux threats.