Virt-ICE: Next-Generation Debugger for Malware Analysis

Date Added: May 2010
Format: PDF

Dynamic malware analysis is an important method to analyze malware. The most important tool for dynamic malware analysis is debugger. However, because debuggers are originally built by software developers to debug legitimate software, they have some significant flaws against malware. First of all, malware can easily detect the presence of debugger with various tricks. Another fundamental problem is that because malware run in the same security domain with debugger, they can potentially tamper with the debugger, and prevent it from functioning correctly. Unfortunately, all of the above drawbacks are unfixable in the current architecture.