Shachar Shemesh escribió: > But what good is a malware study tool if the malware can trivially > detect it's there? What if it doesn't infect the machine, but just run > differently? > > There are Windows tools that do similar things to what you need (check > out the sys-internals web site), where the environment is much more > close to the real thing. > > Actually, Dan's question is the more interesting here - did the malwares > work under wine? > > Shachar
I know that in windows we can found similar things, but with wine we can make a first check, make a simple report, and send it to client. Later, we can make a good manual analysis. At the moment we can report quickly if a malware delete files, change registry... "did the malwares work under wine?" a lot of, :) Think... if we dont get results, we must made a manual analysis... -- _______________________________________________________________________________ Juan Carlos Montes Senra INTECO-CERT Instituto Nacional de Tecnologías de la Comunicación email: [EMAIL PROTECTED] | [EMAIL PROTECTED] Tlf. 0034 987 877 189 - ext. 532 _______________________________________________________________________________