securitybreach Posted December 4, 2014 Share Posted December 4, 2014 virustotal += Detailed ELF information In computing, the Executable and Linkable Format (ELF, formerly called Extensible Linking Format) is a common standard file format for executables, object code, shared libraries, and core dumps. It was chosen as the standard binary file format for Unix and Unix-like systems [Wikipedia]. Even though the popularity of the Windows OS among average end-user systems has meant that attackers have mostly focused on developing malware for Windows systems, ELF badness is a growing concern. The colleagues over at Malware Must Die are making a huge effort to put some focus on ELF malware, their article entitled China ELF botnet malware infection & distribution scheme unleashed is just an example. Today we are rolling out a tool to generate detailed structural information regarding ELFs. This information includes: file header specifics (ABI version, required architecture, etc.), sections, segments, shared libraries used, imported symbols, exported symbols, packers used, etc. You may take a look at this new information in the File Details tab of the following report: https://www.virustot...b9602/analysis/ Hopefully all this new information will bring some attention to malware targeting linux systems and will lead to better world-wide defenses against these threats. It is available on Archlinux (AUR) as kvirustotal: https://aur.archlinu...ges/kvirustotal 2 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted December 4, 2014 Share Posted December 4, 2014 Good idea and I wish them well. Could you use it to check packages from the AUR ? Quote Link to comment Share on other sites More sharing options...
securitybreach Posted December 5, 2014 Author Share Posted December 5, 2014 Possibly Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.