Teodoro Cipresso, profile picture
Uploaded byTeodoro Cipresso
465 views

Identifying, Monitoring, and Reporting Malware

The document discusses the identification, monitoring, and reporting of malware, defining it as software that intentionally exhibits harmful behaviors. It categorizes various types of malware, highlights the challenges of malware reversing, and presents tools like the Sysinternals Process Monitor for analyzing processes in Windows. The document also emphasizes safely analyzing malware in isolated virtualized environments to prevent infections and outlines methods for reporting suspected malware through online services.

Embed presentation

Downloaded 17 times
CS266 Software Reverse Engineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso, teodoro.cipresso@sjsu.edu Department of Computer Science San José State University Spring 2015 The information in this presentation is taken from the thesis “Software reverse engineering education” available at http://scholarworks.sjsu.edu/etd_theses/3734/ where all citations can be found.
2 Identifying, Monitoring, and Reporting Malware What Qualifies as Malware?  Malware describes a category of software that doesn’t always operate in a way that benefits the user.  Of course, those of us who have ever used software might contend that this definition of malware will cause programs that we use every day to be categorized as malware.  So let's qualify it a bit: the malicious or annoying behaviors of malware are intentional, not the result of one or more bugs.
3 Identifying, Monitoring, and Reporting Malware Types of Malware  There are several types of malware that affect computer systems [6] [7]:  Viruses: require some deliberate action to help them spread.  Worms: similar to a virus but can spread by itself over computer networks.  Trojan Horses: performs hidden malicious or annoying operations.  Backdoor: a vulnerability purposely embedded in software.  Rabbit: a program that exhausts system resources.  Ransomware: lock computer files, victim has to pay to unlock.  Criminalware: Steal sensitive information.
4 Identifying, Monitoring, and Reporting Malware Prevalence of Malware Types  Malware usually isn't of just one type; for example, 4 of the top 10 malicious codes families reported in 2011 were Viruses with a Worm component.  Using the machine code and bytecode reversing experiences gained from the previous modules, one could attempt to reverse malware.  Using virtualization tools such as VMWare or Virtual Box to create secondary operating system images (Guests) on which to analyze malware can still result in infection of the primary operating system (Host).  Great care should be taken to isolate guest OSes from their host OS.  Networking, removeable storage, clipboard usage, etc…
5
6 Identifying, Monitoring, and Reporting Malware Safe & Practical Malware Reversing  We want to become familiar with using tools to identify, monitor, and report software that might be malicious.  Reversing malware directly is especially challenging because several anti- reversing techniques will have been applied to the code.  Given that unexpected catastrophes can arise when installing a virus, worm, backdoor, etc… for academic purposes; we could still learn something from working with contrived or benign “malware”.  In 1996, Mark Russinovich founded a company called “Winternals Software” where he was the chief software architect on a comprehensive suite of tools for diagnosing, debugging, and repairing Windows® systems and applications [9].
7 Identifying, Monitoring, and Reporting Malware Windows Sysinternals  Mark's company was purchased by Microsoft and the suite of tools have been rebranded as Windows Sysinternals which are are offered for free.  Mark's story is an interesting one because he is recognized as an expert on the internals of Windows even though he did not participate in its development—a true testament to what can be learned about software through reversing.  The Sysinternals suite contains 69 utilities, but we’ll focus on just one.
8 Identifying, Monitoring, and Reporting Malware Sysinternals Process Monitor  The Process Monitor can capture detailed information about a process in a Windows system including file system, registry, and network activity. Process Monitor session for the Password Vault CPP application. File system activity
9 Identifying, Monitoring, and Reporting Malware Sysinternals Process Monitor (cont’d)  The Process Monitor can capture detailed information about a process in a Windows system including file system, registry, and network activity. Process Monitor session for the Password Vault CPP application. Network activity
10 Identifying, Monitoring, and Reporting Malware Sysinternals Process Monitor (cont’d)  The Process Monitor can capture detailed information about a process in a Windows system including file system, registry, and network activity. Process Monitor session for the Password Vault CPP application. Registry Activity
11 Identifying, Monitoring, and Reporting Malware Sysinternals Process Monitor (cont’d)  Process Monitor itself does not detect or identify malware. It simply monitors and records what processes are doing.  With a little bit of ingenuity, one can identify a software Trojan by looking for activities that don't seem to fit with the advertised functionality of a program.  It's common practice to download free software from the Internet:  Some believe that open-source software, should have the fewest number of vulnerabilities. The more eyes the better, right?  Becoming familiar with the Sysinternals suite can help you evaluate whether the software on your Windows machine is acting in your best interest.
12 Identifying, Monitoring, and Reporting Malware Benign Malware Exercise  The Alarm Clock application is a benign software Trojan that, in addition to being a rudimentary alarm clock, performs unadvertised functions on background threads:  Logs information from the Windows® registry  Logs locations of “office” documents in the file system.  Scans for computers that respond to an ICMP ping.  Paced background threads are used.
13 Identifying, Monitoring, and Reporting Malware Benign Malware Exercise (cont’d) Background threads log information about the user’s system.
14 Identifying, Monitoring, and Reporting Malware Is Open Source More Trustworthy?  The data on the number of vulnerabilities found in the 5 most popular Internet browsers does not support the proposition that open source is more secure.  Big 5: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari.  Mozilla Firefox was affected by 270 new vulnerabilities in 2013, more than any other browser; 245 new vulnerabilities were found in Google Chrome, 126 in Internet Explorer, 75 in Apple Safari, 11 in Opera [Secunia].  The two browsers containing the most open source (Chrome based Chromium, Firefox based on Mozilla), have the most vulnerabilities…  Of course we need temper this judgement with the observation that popular software is targeted more often.
15 Identifying, Monitoring, and Reporting Malware Reporting Suspected Malware  If you suspect a particular program to be malware, it can be submitted to online threat analysis services such as ThreatExpert or Virus Total.  ThreatExpert and Virus Total are Web-based tools that support submission of suspicious executables or URLs to detect possible malware.  Both services match against databases of existing malware, however ThreatExpert (itself) attempts to execute binaries in an isolated environment to perform heuristic detection of malware.
16 http://www.threatexpert.com/submit.aspx http://www.threatexpert.com/report.aspx?md5=acdd4c2a377933d89139b5ee6eefc464 Heuristic anlaysis components
17 44 out of 56 antiviruses detect this as malware
18 Identifying, Monitoring, and Reporting Malware Setting up a Lab for Analyzing Malware  Each of you have been assigned your own VMWare image (info on Canvas).  The images are only accessible through VMWare’s built-in VNC server.  The images are on a virtual network and have no connectivity to the Internet or the Host’s network. This is to prevent:  Infection of the Host (primary OS), worms from spreading*  downloading of additional threats,  transmission of sensitive data to hacker sites.  Virtualized Network Isolation for a Malware Analysis Lab  https://zeltser.com/vmware-network-isolation-for-malware-analysis/
19
20
21

More Related Content

PDF
Computer virus
byFlora Runyenje
 
PPTX
Malware and Anti-Malware Seminar by Benny Czarny
byOPSWAT
 
PPTX
Malware & Anti-Malware
byArpit Mittal
 
PDF
What Is An Antivirus Software?
byculltdueet65
 
DOC
Antivirus software
byShreya Singireddy
 
PPTX
Malware
byAnoushka Srivastava
 
PPT
spyware
byAkhil Kumar
 
PPTX
Malewareanalysis
byahmad abdelhafeez
 
Computer virus
byFlora Runyenje
 
Malware and Anti-Malware Seminar by Benny Czarny
byOPSWAT
 
Malware & Anti-Malware
byArpit Mittal
 
What Is An Antivirus Software?
byculltdueet65
 
Antivirus software
byShreya Singireddy
 
Malware
byAnoushka Srivastava
 
spyware
byAkhil Kumar
 
Malewareanalysis
byahmad abdelhafeez
 

What's hot

PPT
Computer viruses
byImran Khan
 
PDF
DEFINING A SPYWARE
byunnecessary34
 
PPTX
Malware
byHarshdeep Singh
 
PPT
Virus
byMukul Kumar
 
PPTX
Anti virus
byMarlon San Luis
 
PPT
Spyware Adware
byhaldia institute of technology
 
PPT
Virus, Worms And Antivirus
byLokesh Kumar N
 
PPT
Spyware And Anti Virus Software Presentation
byamy.covington215944
 
PPTX
What is a virus and anti virus
byLeonor Costa
 
PPT
Presentation2
byJeslynn
 
PPTX
Virus and worms
byVikas Sharma
 
PPTX
Spyware presentation by mangesh wadibhasme
byMangesh wadibhasme
 
DOCX
Malwares and ways to detect and prevent them
bykrunal gandhi
 
PPT
Rajul computer presentation
byNeetu Jain
 
DOCX
Computer virus
byDark Side
 
PPT
Computer Virus And Antivirus-Sumon Chakraborty
bysankhadeep
 
PPTX
Computer virus
byAarya Khanal
 
PPT
10 Worst Computer Viruses of all time
byAlefyaM
 
PPTX
Avoiding email viruses
bySan Diego Continuing Education
 
PPTX
Computer virus and anti virus presentation
bySardar Kaukaz
 
Computer viruses
byImran Khan
 
DEFINING A SPYWARE
byunnecessary34
 
Malware
byHarshdeep Singh
 
Virus
byMukul Kumar
 
Anti virus
byMarlon San Luis
 
Spyware Adware
byhaldia institute of technology
 
Virus, Worms And Antivirus
byLokesh Kumar N
 
Spyware And Anti Virus Software Presentation
byamy.covington215944
 
What is a virus and anti virus
byLeonor Costa
 
Presentation2
byJeslynn
 
Virus and worms
byVikas Sharma
 
Spyware presentation by mangesh wadibhasme
byMangesh wadibhasme
 
Malwares and ways to detect and prevent them
bykrunal gandhi
 
Rajul computer presentation
byNeetu Jain
 
Computer virus
byDark Side
 
Computer Virus And Antivirus-Sumon Chakraborty
bysankhadeep
 
Computer virus
byAarya Khanal
 
10 Worst Computer Viruses of all time
byAlefyaM
 
Avoiding email viruses
bySan Diego Continuing Education
 
Computer virus and anti virus presentation
bySardar Kaukaz
 

Viewers also liked

PPTX
Bitonic Sort in Shared SIMD Array Processor
byAsanka Dilruk
 
PDF
Reversing and Patching Java Bytecode
byTeodoro Cipresso
 
PDF
Applying Anti-Reversing Techniques to Machine Code
byTeodoro Cipresso
 
PPTX
Why z/OS is a Great Platform for Developing and Hosting APIs
byTeodoro Cipresso
 
PPT
Make Your API Catalog Essential with z/OS Connect EE
byTeodoro Cipresso
 
PPT
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
byTeodoro Cipresso
 
PDF
Reengineering and Reuse of Legacy Software
byTeodoro Cipresso
 
PPTX
Introduction to Software Reverse Engineering
byTeodoro Cipresso
 
PDF
Array Processor
byAnshuman Biswal
 
PPT
CO Module 5
byAlan Leewllyn Bivera
 
Bitonic Sort in Shared SIMD Array Processor
byAsanka Dilruk
 
Reversing and Patching Java Bytecode
byTeodoro Cipresso
 
Applying Anti-Reversing Techniques to Machine Code
byTeodoro Cipresso
 
Why z/OS is a Great Platform for Developing and Hosting APIs
byTeodoro Cipresso
 
Make Your API Catalog Essential with z/OS Connect EE
byTeodoro Cipresso
 
Innovate 2014: Get an A+ on Testing Your Enterprise Applications with Rationa...
byTeodoro Cipresso
 
Reengineering and Reuse of Legacy Software
byTeodoro Cipresso
 
Introduction to Software Reverse Engineering
byTeodoro Cipresso
 
Array Processor
byAnshuman Biswal
 
CO Module 5
byAlan Leewllyn Bivera
 

Similar to Identifying, Monitoring, and Reporting Malware

PDF
CH1- Introduction to malware analysis-v2.pdf
byWajdiElhamzi3
 
PDF
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
byIJNSA Journal
 
PDF
Survey on Malware Detection Techniques
byEditor IJMTER
 
PPTX
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
byvarshsambhav
 
PPTX
Malware ppt final.pptx
byLakshayNRReddy
 
PDF
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
byIJNSA Journal
 
PPTX
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
byBlueHat Security Conference
 
PPTX
Type of Malware and its different analysis and its types !
byMohammed Jaseem Tp
 
PDF
Practical Incident Response - Work Guide
byEduardo Chavarro
 
PDF
Module 5.Malware
bySitamarhi Institute of Technology
 
PDF
Module 5.pdf
bySitamarhi Institute of Technology
 
PPTX
1.Malware.pptxxxcxczcxzxcxxxxxxxxxxxxxxxxxxxxxxxxx
byabhaykatrecse23
 
PPTX
UNIT I Introduction to Malware Analysis .pptx
byGuna Dhondwad
 
PDF
Invesitigation of Malware and Forensic Tools on Internet
byIJECEIAES
 
PDF
Intro2 malwareanalysisshort
byVincent Ohprecio
 
PDF
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
byManjuAppukuttan2
 
PPTX
Malware, Hacker Techniques, and Wireshark.pptx
byfovoni
 
PDF
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
bySam Bowne
 
PDF
CNIT 126: Ch 2 & 3
bySam Bowne
 
PPTX
Virus and its CounterMeasures -- Pruthvi Monarch
byPruthvi Monarch
 
CH1- Introduction to malware analysis-v2.pdf
byWajdiElhamzi3
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
byIJNSA Journal
 
Survey on Malware Detection Techniques
byEditor IJMTER
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
byvarshsambhav
 
Malware ppt final.pptx
byLakshayNRReddy
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
byIJNSA Journal
 
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
byBlueHat Security Conference
 
Type of Malware and its different analysis and its types !
byMohammed Jaseem Tp
 
Practical Incident Response - Work Guide
byEduardo Chavarro
 
Module 5.Malware
bySitamarhi Institute of Technology
 
Module 5.pdf
bySitamarhi Institute of Technology
 
1.Malware.pptxxxcxczcxzxcxxxxxxxxxxxxxxxxxxxxxxxxx
byabhaykatrecse23
 
UNIT I Introduction to Malware Analysis .pptx
byGuna Dhondwad
 
Invesitigation of Malware and Forensic Tools on Internet
byIJECEIAES
 
Intro2 malwareanalysisshort
byVincent Ohprecio
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
byManjuAppukuttan2
 
Malware, Hacker Techniques, and Wireshark.pptx
byfovoni
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
bySam Bowne
 
CNIT 126: Ch 2 & 3
bySam Bowne
 
Virus and its CounterMeasures -- Pruthvi Monarch
byPruthvi Monarch
 

Recently uploaded

DOCX
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
PDF
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
PPTX
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
PDF
Figma systems development services
bydavidjohansen1597
 
PDF
Windows Server 2025 Administration Fundamentals 4ED
byraynasolomon136
 
PPTX
HackYourBrain_JFokusConference_03022026.pptx
bySimonedeGijt
 
PDF
2026 Safety Roadmap: Systems, Skills, and Scale for EHS Leaders
byTECH EHS Solution
 
PDF
Attendance Dashboard – Time & Attendance Analytics
byHajir Pro
 
PDF
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
PPTX
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
PDF
Artificial Intelligence Planning (Harinath Palavalli)
byHarinath Palavalli
 
PDF
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
PDF
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
PDF
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
PDF
On Demand Grocery Delivery App Development.pdf
byV3CUBE TECHNOLABS
 
PDF
The Growing Impact of Blockchain and Web3 on Digital Ownership With Paul Inou...
byPaul Inouye
 
PPTX
Device Repair and Maintenance Management
byAxisTechnolabs
 
PDF
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
PPTX
Best eCommerce Development Agency in USA | The Dataflux
byKey Medsolutions Inc
 
PDF
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
Figma systems development services
bydavidjohansen1597
 
Windows Server 2025 Administration Fundamentals 4ED
byraynasolomon136
 
HackYourBrain_JFokusConference_03022026.pptx
bySimonedeGijt
 
2026 Safety Roadmap: Systems, Skills, and Scale for EHS Leaders
byTECH EHS Solution
 
Attendance Dashboard – Time & Attendance Analytics
byHajir Pro
 
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
Artificial Intelligence Planning (Harinath Palavalli)
byHarinath Palavalli
 
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
On Demand Grocery Delivery App Development.pdf
byV3CUBE TECHNOLABS
 
The Growing Impact of Blockchain and Web3 on Digital Ownership With Paul Inou...
byPaul Inouye
 
Device Repair and Maintenance Management
byAxisTechnolabs
 
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
Best eCommerce Development Agency in USA | The Dataflux
byKey Medsolutions Inc
 
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 

Identifying, Monitoring, and Reporting Malware

  • 1.
    CS266 Software ReverseEngineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso, teodoro.cipresso@sjsu.edu Department of Computer Science San José State University Spring 2015 The information in this presentation is taken from the thesis “Software reverse engineering education” available at http://scholarworks.sjsu.edu/etd_theses/3734/ where all citations can be found.
  • 2.
    2 Identifying, Monitoring, andReporting Malware What Qualifies as Malware?  Malware describes a category of software that doesn’t always operate in a way that benefits the user.  Of course, those of us who have ever used software might contend that this definition of malware will cause programs that we use every day to be categorized as malware.  So let's qualify it a bit: the malicious or annoying behaviors of malware are intentional, not the result of one or more bugs.
  • 3.
    3 Identifying, Monitoring, andReporting Malware Types of Malware  There are several types of malware that affect computer systems [6] [7]:  Viruses: require some deliberate action to help them spread.  Worms: similar to a virus but can spread by itself over computer networks.  Trojan Horses: performs hidden malicious or annoying operations.  Backdoor: a vulnerability purposely embedded in software.  Rabbit: a program that exhausts system resources.  Ransomware: lock computer files, victim has to pay to unlock.  Criminalware: Steal sensitive information.
  • 4.
    4 Identifying, Monitoring, andReporting Malware Prevalence of Malware Types  Malware usually isn't of just one type; for example, 4 of the top 10 malicious codes families reported in 2011 were Viruses with a Worm component.  Using the machine code and bytecode reversing experiences gained from the previous modules, one could attempt to reverse malware.  Using virtualization tools such as VMWare or Virtual Box to create secondary operating system images (Guests) on which to analyze malware can still result in infection of the primary operating system (Host).  Great care should be taken to isolate guest OSes from their host OS.  Networking, removeable storage, clipboard usage, etc…
  • 5.
  • 6.
    6 Identifying, Monitoring, andReporting Malware Safe & Practical Malware Reversing  We want to become familiar with using tools to identify, monitor, and report software that might be malicious.  Reversing malware directly is especially challenging because several anti- reversing techniques will have been applied to the code.  Given that unexpected catastrophes can arise when installing a virus, worm, backdoor, etc… for academic purposes; we could still learn something from working with contrived or benign “malware”.  In 1996, Mark Russinovich founded a company called “Winternals Software” where he was the chief software architect on a comprehensive suite of tools for diagnosing, debugging, and repairing Windows® systems and applications [9].
  • 7.
    7 Identifying, Monitoring, andReporting Malware Windows Sysinternals  Mark's company was purchased by Microsoft and the suite of tools have been rebranded as Windows Sysinternals which are are offered for free.  Mark's story is an interesting one because he is recognized as an expert on the internals of Windows even though he did not participate in its development—a true testament to what can be learned about software through reversing.  The Sysinternals suite contains 69 utilities, but we’ll focus on just one.
  • 8.
    8 Identifying, Monitoring, andReporting Malware Sysinternals Process Monitor  The Process Monitor can capture detailed information about a process in a Windows system including file system, registry, and network activity. Process Monitor session for the Password Vault CPP application. File system activity
  • 9.
    9 Identifying, Monitoring, andReporting Malware Sysinternals Process Monitor (cont’d)  The Process Monitor can capture detailed information about a process in a Windows system including file system, registry, and network activity. Process Monitor session for the Password Vault CPP application. Network activity
  • 10.
    10 Identifying, Monitoring, andReporting Malware Sysinternals Process Monitor (cont’d)  The Process Monitor can capture detailed information about a process in a Windows system including file system, registry, and network activity. Process Monitor session for the Password Vault CPP application. Registry Activity
  • 11.
    11 Identifying, Monitoring, andReporting Malware Sysinternals Process Monitor (cont’d)  Process Monitor itself does not detect or identify malware. It simply monitors and records what processes are doing.  With a little bit of ingenuity, one can identify a software Trojan by looking for activities that don't seem to fit with the advertised functionality of a program.  It's common practice to download free software from the Internet:  Some believe that open-source software, should have the fewest number of vulnerabilities. The more eyes the better, right?  Becoming familiar with the Sysinternals suite can help you evaluate whether the software on your Windows machine is acting in your best interest.
  • 12.
    12 Identifying, Monitoring, andReporting Malware Benign Malware Exercise  The Alarm Clock application is a benign software Trojan that, in addition to being a rudimentary alarm clock, performs unadvertised functions on background threads:  Logs information from the Windows® registry  Logs locations of “office” documents in the file system.  Scans for computers that respond to an ICMP ping.  Paced background threads are used.
  • 13.
    13 Identifying, Monitoring, andReporting Malware Benign Malware Exercise (cont’d) Background threads log information about the user’s system.
  • 14.
    14 Identifying, Monitoring, andReporting Malware Is Open Source More Trustworthy?  The data on the number of vulnerabilities found in the 5 most popular Internet browsers does not support the proposition that open source is more secure.  Big 5: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari.  Mozilla Firefox was affected by 270 new vulnerabilities in 2013, more than any other browser; 245 new vulnerabilities were found in Google Chrome, 126 in Internet Explorer, 75 in Apple Safari, 11 in Opera [Secunia].  The two browsers containing the most open source (Chrome based Chromium, Firefox based on Mozilla), have the most vulnerabilities…  Of course we need temper this judgement with the observation that popular software is targeted more often.
  • 15.
    15 Identifying, Monitoring, andReporting Malware Reporting Suspected Malware  If you suspect a particular program to be malware, it can be submitted to online threat analysis services such as ThreatExpert or Virus Total.  ThreatExpert and Virus Total are Web-based tools that support submission of suspicious executables or URLs to detect possible malware.  Both services match against databases of existing malware, however ThreatExpert (itself) attempts to execute binaries in an isolated environment to perform heuristic detection of malware.
  • 16.
  • 17.
    17 44 out of56 antiviruses detect this as malware
  • 18.
    18 Identifying, Monitoring, andReporting Malware Setting up a Lab for Analyzing Malware  Each of you have been assigned your own VMWare image (info on Canvas).  The images are only accessible through VMWare’s built-in VNC server.  The images are on a virtual network and have no connectivity to the Internet or the Host’s network. This is to prevent:  Infection of the Host (primary OS), worms from spreading*  downloading of additional threats,  transmission of sensitive data to hacker sites.  Virtualized Network Isolation for a Malware Analysis Lab  https://zeltser.com/vmware-network-isolation-for-malware-analysis/
  • 19.
  • 20.
  • 21.