Web rootkits Trojan, which can download virus from remote control server and hide in BIOS, is very harmful to web security. Reverse assembly analysis on web rootkit Trojan can help virus analyzer to trace malicious code and find some immunization methods. The paper presents deeply reverse analysis methods of web rootkit Trojan according to malicious assembly codes. The MASM assembly instructions in malicious code are compared with turbo ASM to find the difference. Some famous Trojan, such as web downloader machine dog Trojan and BIOS Trojan, are assembly reverse analyzed. Finally, the paper proposed some detection and immunization methods of web rootkit Trojan using assembly language.
展开▼
