0: Malware Analysis Primer

Table of Contents

  • The Goals of Malware Analysis
  • Malware Analysis Techniques
  • Types of Malware

*************************************************************************************

  • The Goals of Malware Analysis
    • Develop signatures to detect malware infections
    • Signatures: The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses.
      • Host-based Signatures: Used to detect malicious code on victim computers
        • Used to identify files created or modified by malware or changes to registry
        • Malware indicators focus on what the malware does to a system
      • Network Signatures: Used to detect malicious code by monitoring network traffic
        • Can be detected without malware analysis
        • Often more effective

 

  • Malware Analysis Techniques
    • Basic Static Analysis
      • Examine executable without viewing the actual instructions
    • Basic Dynamic Analysis
      • Run the malware and observe the behavior
      • Must run in a safe environment
    • Advanced Static Analysis
      • Disassemble the malware and looking at the instructions to understand what a program does
    • Advanced Dynamic Analysis
      • Uses a debugger to examine the internal state of a running malicious executable
      • Probably the most useful way to obtain information

 

  • Types of Malware
    • Backdoor
      • Malicious code self installed allowing the attacker to directly access computer such as executing commands or grabbing files
    • Botnet
      • Allows attacker access to the system but usually limited access
      • Also all the systems in the botnet execute the same exact instruction such as DDoS commands
    • Downloader
      • Exists only to download other malicious code
      • Often the first thing that occurs on a computer that gets infected by malware
    • Information-stealing malware
      • Grab info and send to attacker these can be sniffers or keyloggers or programs of the sort
    • Launcher
      • Program used to launch other malicious programs
      • Often launches at elevated privileges
    • Rootkit
      • Malicious code designed to conceal the existence of other code
      • Rootkits are usually paired with other malware like backdoors
    • Scareware
      • Basically ads that are designed to scare people
    • Spam-sending malware
      • Infects a computer and sends spam through things like email
    • Worm/virus
      • Malicious code that can copy itself and infect additional computers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s