I was recently asked a question in relation to this article http://resources.infosecinstitute.com/zeroaccess-malware-part-3-the-device-driver-process-injection-rootkit/
It is a detailed guide on how to reverse engineer a specific piece of malware. The question was. “Is releasing this type of information a good idea. Could this help other cybercriminals build variants?”
—- MY ANSWER —-
Detailed instruction from security researchers on how to reverse-engineer malware can be taken one of two ways. It can be frowned upon because it gives insight and access to sophisticated code designed to harm and infect computer systems – which could then be used by other criminals to build more sophisticated malware. Or it can be looked at as a way in which will give software vendors insight and access in to how they should be building their software to defend against such forms of attack.
A guide to reverse engineering specific malware COULD be used to build variants. It COULD give the bad guys a few tips and tricks in which they could implement into their own code, or build new features on top of that which was provided. But to be honest, people that make malware would already have the skills in reverse engineering to do this themselves, without the aid of instructions.
Sure, it might give a few ideas to less experienced coders who are looking to profit from cybercrime, but it is the same as not broadcasting a documentary on burglary because it could give criminals new ideas, when it fact, it makes people more aware of real threats and how they can properly secure themselves.
This debate is similar to the one which has been raging recently on full disclosure of exploits that security researchers find in various applications. Software vendors frown upon (and often press charges on) researchers who find vulnerabilities in their software and make it available to the public. The reason why researchers do this is to make people aware of the insecurities of some software in the hope that vendors will properly secure their products. The same can be said about releasing detailed instructions on how to reverse engineer malware.
The truth is that the more exposure it gets, the more that software vendors are forced to secure their products, which is actually a good thing. And that is the intended goal of security researchers everywhere, including the one mentioned in this article.