• silicon.com
• Technology
• Security

By Nick Heath, 9 October 2008 17:02

Photo 1 of 7

Next » « Previous

With hundreds of new pieces of malware being discovered every month, virus hunters are at the front line of the war on malicious software.

Symantec threat researcher Candid Wüest's job is to rip apart the malware that the company discovers each day, look into its guts and pass on its telltale signatures to protect machines worldwide.

Wüest laid bare the process of picking through the viruses and spyware that lands at the door of Symantec's 100-strong team of malware hunters in Europe.

One of the first things that Symantec does is to peer inside the malware using a Hex editor, as seen here, allowing the researchers to start piecing together how it works.

Here, for example, in the right-hand column the text strings show "MZ" indicating the malware is a Windows binary file.

Further down the screen you can see PEC2, indicating it has been packed into a runtime packer, a method of compressing an executable program.

Wüest and his team have to decrypt everything inside the malware and contend with the anti-reverse engineering techniques used by the malware writers, aimed at stopping the hunters in their tracks.

Photo credit: Symantec