A new OS called REMnux has been released from Lenny Zeltser, a security expert specializing on malware reverse engineering. REMnux is a lightweight version of Ubuntu originally distributed as a VMware virtual appliance, which can be booted via several VMware products or through X-Windows. The OS was also recently released as an ISO image of a Live CD.
The classical approach to analyze malware is to set up a virtual machine on a computer specifically designed for that purpose and then release the malware and monitor how it affects the system. The drawback of this protocol is that much of the malware’s behavior can remain hidden, while deeper analysis is not a convenient option.
REMnux comes as a solution to these disadvantages and offers an alternative approach for taking apart a malicious code. Typically, infection of another laboratory system with the malware sample is followed by direction of the potentially-malicious connections to the REMnux “monitoring” ports.
Behind the development of REMnux stands the idea of providing a useful set of tools for people interested in the field, rather than a be-all reverse-engineering environment. As Zeltser himself puts it: “This doesn’t have every tool in it, because I think people can get distracted with too many tools in there”. On the contrary, Zeltser states that this OS targets beginners or people that are not Linux experts. He also hopes that users’ input and comments will aid in further development of REMnux to reach an improved version of the OS.
Any interested and adventurous potential developers, who would like to contribute to the improvement of REMnux, are welcomed to contact Lenny Zelter directly.