In 2006, We applied the Paper called "Collaborative Malicious Code Analysis System" on VB2006, and it was accepted.
We hope to share our experience with other virus researchers. hope to see you at Montreal in Canada.
COLLABORATIVE MALICIOUS CODE ANALYSIS SYSTEM
Kyu-beom Hwang & Deok-young Jung, AhnLab Inc.
Most malicious codes are developed by high-level languages. Those malicious codes bring the code to increase in its size. Therefore, the much more efforts and the time are required for its analysis.
Individual analysis of malicious code can not guarantee the expected output because there is a limitation in time for analyzing each malicious code. The individual analysis, which is currently performed and traditionally accepted, is not well suited for entry-level analyst who has just started to learn the work.
Most research efforts to solve the problem are dedicated to the use of concept of collaboration. The concept of collaboration has been achieved through analyzing those malicious codes using IDA and its plug-ins. However, the analyzed result of malicious code in previous concept of collaboration could not be utilized. In addition, newly emerged and various types of malicious codes which has minor difference in its code content from the original copy are not effectively analyzed by the previous concept.This paper proposes CMAS (Collaborative Malicious codes Analysis System), which is considered as an analysis technique based on “divide and conquer” approach. CMAS provides guidelines to break down the code to be analyzed and to assign the part of code to each individual who is an expert in their particular field such as network, registry and file. It enables each participant to analyze the part of code simultaneously through network environment. The analyzed data is enabled to be stored into the central database, and the data which is previously stored in the database can be utilized to analyze malicious code.
Full Paper : Kyu-beom Hwang and Deokyoung Jung, "Collaborative Malicious Codes Analysis System", Virus Bulletin Conf. 2006.