Get Firefox Please Upgrade Your Browser: Find out why (Netscape). You are using a browser which does not support the minimal standards required to get the full experience of this website. We are committed to supporting any user agent which supports standards and are not discriminating against anyone. It is advisable to upgrade your browser so that security flaws are fixed and any limitations of sites aiming for accessability (a legal requirement) are available to you. You may want to consider downloading a cross platform a browser complying with web standards.

Monday 8th November 2004; 13:30-17:30

Virus Analysis - Techniques, Tools, and Research Issues

Arun Lakhotia and Michael P. Venable
University of Louisiana at Lafayette, USA

The tutorial will cover techniques, tools, and research issues in analyzing computer viruses. It will provide participants the background needed to initiate research in reverse engineering computer viruses.

Anti-virus companies receive over 100,000 suspect documents and programs every month. The time it takes to determine whether a suspect is malicious, crafting antidote, and distributing the anti-dote is crucial to the success of an anti-virus technology. Reverse engineering plays a crucial role in determining whether a program is malicious. It is also used to determine what a malicious program does in order to undo its effect. In spite of its significance, there has not been any significant research in developing tools and techniques to aid in analysis of malicious programs. Most research on the subject has taken place in the laboratories of anti-virus companies.

The objective of this tutorial is to:

  1. provide background needed for a participant to initiate research in analysis of malicious programs, and
  2. initiate discussions on a distributed, collaborative, university-based virus reverse-engineering team.

The tutorial will provide the following:

  1. An overview of methods and procedures for setting up a clean-room (isolated) environment for studying malicious programs.
  2. Hands-on experience in analyzing a sample virus, Beagle.J.
  3. A survey of research in virus analysis.
  4. A framework for distributed, collaborative reverse engineering of contagious code.

More information is available at

NOTE: To perform hands-on exercises, participants are expected to bring their own laptop which needs to be pre-configured with the software to create a safe experimentation environment. There will be no time for installing this software during the tutorial. Further details about setting up the experimentation environment can be found at