Facts and notes

Some statements in this article may be a certain prejudice, by because I want to tell you some facts about myself: 1. Currently I am not a Windows user again, although I still have a Windows partition that I use for purposes such as this (analysis of the virus, try, try and Windows programs). I do not store data in Windows, so a kind of experiment is safe enough for me. Everyday I use Mac OS X on my iBook G4, and GNU / Linux (Fedora Core 4) on AMD64. Because not a Windows user, my little knowledge may be behind in terms of applications in Windows, but low-level technical knowledge of Windows I always update. 2. Currently I do not work in the security business or have business-related security. Any statement on my other business entities are not intended to benefit myself. My job is a teaching assistant at the Department of Information Engineering School of Electrical and Information (first part of the Faculty of Industrial Technology) Bandung Institute of Technology. 3. I am not a cracker, I'm not the people from both groups of virus creators groups outside the country and Indonesia. 4. I only have the older version Brontok (Brontok sample taken from a lab at ITB), and the latest version (Brontok sample taken from the Jakarta State University / UNJ), a version of which I do not have. 5. I do not include the URL various tools that I use, because the URL for the tools that can help the process of cracking usually always shifting, use Google to search tools, tools that I mentioned. 6. I do not make antivirus software for Brontok this, please use your existing antivirus software (I do not want to take pains to update the antivirus Brontok always updated, many antibrontok on the Internet is no longer able to detect, delete, or Brontok handle the new version) . The antivirus software on the market with the latest update should have been enough. However, if this Brontok increasingly difficult diberantas, I will make antivirus software for special Brontok. However, I provide cleaning Brontok step manual for the various generic versions Brontok at this time. Analysis of how the virus made? There are three ways to analyze the virus, the first black box, namely to see the behavior of the virus in a particular environment, analyze the content of the virus with the disassembly, and the third is to see the way the virus with a debugger. Unfortunately, most people can only make analysis of how the first and second how little, but not comprehensively. Black box analysis Some programs are available to see the difference in state computers before and after the program started (including before and after the virus starts). I do not believe with this kind of program, but programs like this can show files what made the virus, and registry changes made by the virus. This is not easy but powerful, because the virus may behave strange every Wednesday while you test in Tuesday. The program may also be used to record the state system is not perfect, so there are changes that are not recorded, and there is the possibility the virus remaining after the analysis process is completed. If the virus is quite sophisticated and can detect the existence of the program pemonitor, the virus can make the situation different from the ordinary. Disassembly and dekompilasi Program in a certain language (usually compiled and diinterpretasi at once, such as Java or C #) can didekompilasi easily, meaning "language engine" that is on the exe files can be returned into the source code, but the program in another language can not be returned into the source code, can only be assembly language. Assembly language are very low level (very close to the engine) so difficult to understand except with patience and a lot of training (usually with the help of a debugger as well). Not many people want and can do it, but it is done every day to make a cracker serial number generator, and mengcrack various programs (programs that would be used by many people now is the paper cracker). Seeing the way the virus with a debugger Debugger can be used to run a virus in the environment that can be monitored. Chronology of execution, including encryption virus can be learned easily. Country should be careful because the virus can only use the technique antidebug, running or not restrained. This analysis technique is usually combined with the disassembly.
Indonesian » English Translate