Linux Malware Obfuscation

Author

Brian RodenFollow

Date of Graduation

5-2023

Document Type

Thesis

Degree Name

Bachelor of Science

Department

Computer Science and Computer Engineering

Advisor/Mentor

Thompson, Dale

Committee Member/Reader

Panda, Brajendra

Committee Member/Second Reader

Pan, Yanjun

Abstract

Many forms of malicious software use techniques and tools that make it harder for their functionality to be parsed, both by antivirus software and reverse-engineering methods. Historically, the vast majority of malware has been written for the Windows operating system due to its large user base. As such, most efforts made for malware detection and analysis have been performed on that platform. However, in recent years, we have seen an increase in malware targeting servers running Linux and other Unix-like operating systems resulting in more emphasis of malware research on these platforms. In this work, several obfuscation techniques for Linux malware were analyzed. The goal of this thesis is to examine how they operate, how they differ from Windows obfuscation techniques, and their effectiveness in obstructing analysis, including some methods for analysts to circumvent them.

Keywords

Linux, malware, malware obfuscation, Mirai, CronRAT

Citation

Roden, B. (2023). Linux Malware Obfuscation. Computer Science and Computer Engineering Undergraduate Honors Theses Retrieved from https://scholarworks.uark.edu/csceuht/112