Malicious Code Defuser
Small Business Information
301 East Carrillo Street 2FL, P. O. Box 519, Santa Barbara, CA, 93102
AbstractMalicious software is an alarming threat - recent studies show: 80% of corporate computers are infected; 23% of surveyed companies reported deliberate malware downloads by employees; and 75% of the top 50 Internet worms were designed for identity theft. We identify three threat scenarios in defusing malware: (a) actual source code is available; (b) binary code is available but not source code; and (c) the payload has executed. In the first two cases, the objective is to defuse prior to any damage. In the latter case, defusing is a diagnostic "post-mortem", to interdict future damage. This proposal analyzes the technical issues surrounding the problem; describes the requirements for an effective solution; and identifies the technical challenges to reaching the solution. In and of itself, this proposal provides original research. We then lay out specific steps to create and demonstrate: (a) a program verifier to analyze source code for payloads and vulnerabilities; (b) a static analysis tool to analyze binary executables for payloads and vulnerabilities; (c) a virtual environment to safely run executables, allowing payloads to execute harmlessly; and (d) an analysis tool that examines system logs and disk images to automate post mortem analysis when payloads are executed on other systems.
* information listed above is at the time of submission.