Shachar Shemesh escribió:
But what good is a malware study tool if the malware can trivially detect it's there? What if it doesn't infect the machine, but just run differently?
There are Windows tools that do similar things to what you need (check out the sys-internals web site), where the environment is much more close to the real thing.
Actually, Dan's question is the more interesting here - did the malwares work under wine?
Shachar
I know that in windows we can found similar things, but with wine we can make a first check, make a simple report, and send it to client. Later, we can make a good manual analysis.
At the moment we can report quickly if a malware delete files, change registry...
"did the malwares work under wine?" a lot of, :)
Think... if we dont get results, we must made a manual analysis...