Reverse engineering at the present days is a vital skill that not only programmers but also businessmen and ordinary computer users should have. You may ask how reverse engineering refers to you. Well, let me show. Nowadays the number of hackers is growing from day to day and unlike previous years their programs are aimed at causing harm. They penetrate your computer or network and cause any errors or read your passwords and personal data. It is not pleasant, is it? That is malicious software reverse engineering is applied for. Several years ago the only kind of malware was computer viruses but today malware has been considerably improved. Hackers do not waste time and create new, sophisticated malicious software types such as worms, Trojans, spyware, adware, bots and so on and so forth.

So every computer user may come up with a worm or a virus surfing the Internet. I do not even talk about companies the network of which is constantly attacked by malicious software. Sure, the part of malicious stream is stopped by anti-virus programs or such tools as spyware removal. But it is worth admitting that there are cases when these so called friendly programs are not able to protect your machine. So what should we do in this case?

From the very beginning, it is essential to detect whether a penetrated binary is malicious or not. But while an ordinary computer user may do only with this step, a representative of a company need this binary to be reverse engineered. That is called malware reverse engineering for business purposes. It is necessary to mention as well that a small number of malware reverse engineering tools are available for public access.

The work of specialized tools can be divided into code analyzing and behavior analyzing. Let’s consider the first one now. Thanks to this technique we can examine malicious software by means of understanding the way it operates. If a program is written in binary codes debuggers and disassemblers can be used for that as well. However, how complicated a code is, it can be completely reverse engineered thanks to code analyzing.

The second technique is called behavior analyzing as I have already mentioned above. Thanks to this you can examine how a binary “behaves” in your computer: how it communicates with other programs and devices. Then the collected information is analyzed, which makes it possible to reconstruct the whole image from these pieces of information. But keep it in mind that this category does not mean malicious software engineering but only analyzing. So before you start think it over what goals do you have.

Well, if you are ready to start, I propose you the structure of your works that can be divided into six steps. The first step is called a controlled environment. Analyzing malicious software it is essential to set up a controlled environment. There may be created even a so called test lab. But there are some conditions to be followed. First of all, you should create a network using two computers. One of them is a victim computer and the other is a sniffer one. The thing is they should work so that to sniffer each other’s network traffic. But remember keep them apart from the main network. The relevant computer should have binary and necessary tools and the attacked one should not contain any applications but those needed for analyzing.

The second and the most vital stage in malware reverse engineering is the environment baselining, which is taking a snapshot of current environment. Why is it so vital? The reason is if this stage in not carried out well, it will affect seriously the next stages. Each snapshot is supposed to imprint a current state of environment before any change is made, after which one more snapshot should be taken.

Going on to another stage, it is worth mentioning that the previous ones are only preparations and now, in the third stage, we set to information collection. This stage has two steps to be made among which there are static and dynamic analyses. Thanks to them we can understand the nature of malicious software. Static analyzing means information collection without executing a program. In the result we get its scripts, passwords, commands and so on and so forth. Meanwhile dynamic analyzing means executing a program for binary examining.

And the last but not the least, having all the information collected, now we can reverse engineer the binary. Remember that sometimes some of the stages above should be carried out several times. And that is all. I hope that this review will help you to cope with malicious software.