Security expert releases Ubuntu Linux distro for malware analysis
REMnux is a version of Ubuntu on a virtual machine filled with malware sleuthing tools.By Source Seeker
A security consultant has released a Ubuntu-based Linux distribution specifically designed to help analyze and re-engineer malware. Lenny Zeltser on Thursday released REMnux on Sourceforge and it has already been downloaded nearly 2,000 times.
REMnux is not a brand-new distro built from scratch but really a stripped down version of Ubuntu distributed loaded on a VMware virtual machine and stuffed with hand-picked analysis tools.
So, you run the suspect code on your forensics system to see what happens and REMnux helps you determine what type of nasty game the code plays.
Zeltser said he specifically built REMnux to be more focused on Web-based malware, rather than including every possible tool. According to the ThreatPost blog:
But it's not intended as a be-all-end-all tool. It isn't geared to analyze Windows bugs, Zeltser explains. He recommends the Zero Wine project for that. It also isn't the only Linux-based malware analysis toolkit. He notes that a more full-featured one is the SANS Investigative Forensic Toolkit (SIFT) Workstation. Cert also offers the CERT Linux Forensics Tools Repository, based on Fedora, billed as a collection of tools useful for security forensics. There are other popular tools for reverse engineering Windows- and Linux-based code specifically, such as IDA Pro. (I freely admit that I don't know enough about security forensics to understand how apples-to-oranges these tools are. If you have other favorites, please share.)
I asked Zeltser via Twitter why he created REMnux when these other tools, particularly SANs own SIFT are already available. He replied, "SIFT is great, but can be overwhelming to a person getting started with malware analysis. We may merge REMnux into SIFT some day."
For all that it isn't, Zeltser's Ubuntu OS has still been earning praise in the security blogosphere. This is in part because Zeltser is a well-known malware analysis teacher for the SANs Institute as well as an author and an incident handler at the Internet Storm Center. He also leads the security consulting practice at Savvis.
Download the REMnux here.