Tuesday, 11 November 2014

virustotal += Detailed ELF information

In computing, the Executable and Linkable Format (ELF, formerly called Extensible Linking Format) is a common standard file format for executables, object code, shared libraries, and core dumps. It was chosen as the standard binary file format for Unix and Unix-like systems [Wikipedia].

Even though the popularity of the Windows OS among average end-user systems has meant that attackers have mostly focused on developing malware for Windows systems, ELF badness is a growing concern. The colleagues over at Malware Must Die are making a huge effort to put some focus on ELF malware, their article entitled China ELF botnet malware infection & distribution scheme unleashed is just an example.

Today we are rolling out a tool to generate detailed structural information regarding ELFs. This information includes: file header specifics (ABI version, required architecture, etc.), sections, segments, shared libraries used, imported symbols, exported symbols, packers used, etc. You may take a look at this new information in the File Details tab of the following report:

Hopefully all this new information will bring some attention to malware targeting linux systems and will lead to better world-wide defenses against these threats.

No comments:

Post a Comment