Bow and question
Juan Carlos Montes Senra
jcmontes at cert.inteco.es
Tue Jan 8 03:20:08 CST 2008
Shachar Shemesh escribió:
> But what good is a malware study tool if the malware can trivially
> detect it's there? What if it doesn't infect the machine, but just run
> differently?
>
> There are Windows tools that do similar things to what you need (check
> out the sys-internals web site), where the environment is much more
> close to the real thing.
>
> Actually, Dan's question is the more interesting here - did the malwares
> work under wine?
>
> Shachar
I know that in windows we can found similar things, but with wine we can make a
first check, make a simple report, and send it to client.
Later, we can make a good manual analysis.
At the moment we can report quickly if a malware delete files, change registry...
"did the malwares work under wine?"
a lot of, :)
Think... if we dont get results, we must made a manual analysis...
--
_______________________________________________________________________________
Juan Carlos Montes Senra
INTECO-CERT
Instituto Nacional de Tecnologías de la Comunicación
email: juancarlos.montes at inteco.es | jcmontes at cert.inteco.es
Tlf. 0034 987 877 189 - ext. 532
_______________________________________________________________________________
More information about the wine-devel
mailing list