General discussion


How to Detect Malware Implementation in .Net Code

By ziggy981 ·

I have been given the source code of a large tailor made .Net Windows Application and im required to scan through it and certify that it is safe and Malware-free. Are there any tools out there that actually scan .Net source code to detect possible embedded/hidden Malware code?

A logical strategy may be to look for code that sends sensitive data outside the application (such as by email, WCF, web services...etc), correct? If not, what else should i look for?

Any advice would be greatly appreciated...



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by seanferd In reply to How to Detect Malware Imp ...

How legally binding is this certification?

Collapse -

Pretty much

by ziggy981 In reply to seriously?
Collapse -

Can't see an easy way to do that myself

by Tony Hopkinson In reply to How to Detect Malware Imp ...

Malware after all is simply code that we wouldn't volunteer to run.
Set up a registry entry, twiddle with an existsing one, dial home etc, can all be perfectly valid features.
You can use something like FXCop to check for mistakes that would lead to to potential securithy threats.
But after that it's basically reverse engineering. Install it see if say a locked down browser or the better malware scanners think it's a bad guy.

Related Discussions

Related Forums