How to Detect Malware Implementation in .Net Code
I have been given the source code of a large tailor made .Net Windows Application and im required to scan through it and certify that it is safe and Malware-free. Are there any tools out there that actually scan .Net source code to detect possible embedded/hidden Malware code?
A logical strategy may be to look for code that sends sensitive data outside the application (such as by email, WCF, web services...etc), correct? If not, what else should i look for?
Any advice would be greatly appreciated...
Re: How to Detect Malware Implementation in .Net Code
A possibly helpful link: http://samate.nist.gov/index.php/Sou...Analyzers.html. Obviously, you will want to try basic things like antivirus software, as well, on the compiled binaries. They can perform by signature-based and heuristic analysis.
Your strategy is an OK one, but malware could be pretty insidious. It would be hard to detect everything. A possible strategy might be to install the application on a virtual machine and then monitor all network traffic in and out to try to assay for a malware signature. Even this would not detect everything as the malware traffic could delay its communication until some unknown point in the future.
Long story short: you are attempting to do something very difficult and the certifying with absolute confidence that it is malware-free is basically impossible. I'm not recommending that you NOT take adequate precautions, but that you adopt a realistic perspective about what can and cannot be done.
Probably the best defense you have is a legal and social one. If the software you inherited was from a firm that displayed professionalism, they are not likely to risk their reputation by injecting malware into your software. I would suspect that there would be legal consequences (fraud? computer misuse?) for injecting malware too...
All of that said: I am not a lawyer (and this is not legal advice) and this is just some best guesses. The responsibility of your systems rests on you, so please don't base your strategy on this post alone.
I hope that helps point you in the right direction.