Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
33Activity
0 of .
Results for:
No results containing your search query
P. 1
Malware Analysis

Malware Analysis

Ratings:

4.63

(8)
|Views: 1,509|Likes:
Published by maliciousbrains
The threat of malicious software can easily be considered as the greatest threat to Internet security these days. Earlier, Viruses were, more or less, the only form of Malware. However, nowadays, the threat has grown to include a vast range of highly sophisticated applications viz. network-aware worms, Trojans, DDoS agents, IRC Controlled bots, Spywares, Rootkits and many more. Malicious agents now use many mechanisms and technologically advanced techniques of infection.

Most of these Malwares are detected by Antivirus software, Spyware removal applications and other similar tools. However, this protection is not always enough and there are times when a small, benign looking binary sneak through all these levels of protection and compromises the system and the users data.
The threat of malicious software can easily be considered as the greatest threat to Internet security these days. Earlier, Viruses were, more or less, the only form of Malware. However, nowadays, the threat has grown to include a vast range of highly sophisticated applications viz. network-aware worms, Trojans, DDoS agents, IRC Controlled bots, Spywares, Rootkits and many more. Malicious agents now use many mechanisms and technologically advanced techniques of infection.

Most of these Malwares are detected by Antivirus software, Spyware removal applications and other similar tools. However, this protection is not always enough and there are times when a small, benign looking binary sneak through all these levels of protection and compromises the system and the users data.

More info:

Published by: maliciousbrains on Aug 19, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

05/09/2013

pdf

text

original

 
Malware Analysis email: rajdeep.chakraborty@gmail.com
Detailed analysis of the continuously evolving threat of Malwares
Author: Rajdeep Chakrabortyrajdeep.chakraborty@gmail.comhttp://www.malwareinfo.org
Page 1
 
Malware Analysis email: rajdeep.chakraborty@gmail.com
Malware Analysis
 A detailed analysis of the continuously evolving threat of Malwares
 Author: Rajdeep Chakraborty Email: rajdeep@malwareinfo.org
The purpose of this article is to help users analyze and determine if an executable\process\binary running in their system is aharmful Malware. We will do the analysis by analyzing it in a controlled environment without the use of antivirus software,debuggers, code disassembly or any other sophisticated tools or applications. However, we would take the help of certainfreely available tools and utilities to fulfill our requirements.The steps for Malware Analysis followed here in this article have been taken from the article "
Malware Analysis for  Administrators
" posted by
S.G. Masood
of F-Secure (http://www.securityfocus.com/infocus/1780). The basic methodologiesproposed by him in the document have been kept the same but I have tried to explain those methodologies in a much moredetailed fashion.
Introduction
Traditionally, Malware analysis has been considered to be very complicated, and in fact some of the techniques ormethodologies involved are very complicated and way beyond a normal user's access or understanding. However, in context of today’s scenario, we can see that there is a clear need for people to learn how to analyze Malware themselves. But the mostimportant factor is that the analysis techniques should be simplified enough so that even the average computer user canunderstand it. Unfortunately, information dealing with Malware analysis techniques is either too complicated for the averageusers to understand or they are in a very much scattered form, beyond the reach of normal users. With the help of this, sortof tutorial, I would try to fill in this disparity and also would like to make it easy and simplified enough for the average users tounderstand and do hands on themselves.
Basics
Malwares has evolved into the cyber era as the most dangerous, damaging and menacing tantrum. It is not an exaggeratedstatement that if you are linked to the Internet, there’s every chance of being affected by this nuisance. So, it is veryimportant that we should possess a peripheral view about this threat. We will look into some basic details of this thing calledMalware.
What is Malware?
Malware is a malicious software, which is designed specifically to damage your system or interrupt the normal computingenvironment. A trojan horse, worm, virus or spyware could be classified as malware. Some advertising software can bemalicious by trying to re-install itself after you have removed it. A binary is considered Malware on the basis of certainfeatures.
Types of Malware
A Malware can be Viruses, Worms, Trojan horses, Rootkits, Spywares, dishonest Adware or other malicious and unwantedrogue softwares. Hence a Malware is something that usually contaminates the system and carries out malicious activities.The best-known types of Malware are viruses and worms. They are known for the manner in which they spread, ratherthan any other particular behavior.
Virus:
A computer virus is a computer program that can copy itself and infect a computer without permission orknowledge of the user. A virus can only spread from one computer to another when its host is taken to the uninfectedcomputer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium suchas a floppy disk, CD, or USB drive.
Worm:
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes(computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need toattach itself to an existing program.
Trojan horse:
A piece of software which appears to perform a certain action but in fact performs another such as acomputer Virus. Trojan horses are notorious for their use in the installation of backdoor programs in the system that canbe exploited by the author of such programs. These systems now become zombies and they can be completely controlledby the attacker.
Spyware
: A computer software that is installed surreptitiously on a personal computer to intercept or take partial controlover the user's interaction with the computer, without the user's informed consent. Spyware suggests software thatsecretly monitors the user's behavior, collect various types of personal information, interfere with user control of thecomputer in other ways such as installing additional software, redirecting Web browser activity, accessing websites blindlythat will cause more harmful viruses, or diverting advertising revenue to a third party.
Page 2
 
Malware Analysis email: rajdeep.chakraborty@gmail.com
Adware:
Computer software that comes with advertising functions integrated into or bundled with a program. It isusually seen by the programmer as a way to recover programming development costs. Some types of Adware are alsoSpyware and can be classified as privacy-invasive software. They automatically play, display, or download advertisingmaterial to a computer after the software is installed on it or while the application is being used.There can be many more categories of Malware depending on their characteristics and malicious activities. However, detaileddescription of those is not within the scope of this article.
Background of Malware Analysis
The threat of malicious software can easily be considered as the greatest threat to Internet security these days. Earlier,Viruses were, more or less, the only form of Malware. However, nowadays, the threat has grown to include a vast range of highly sophisticated applications viz. network-aware worms, Trojans, DDoS agents, IRC Controlled bots, Spywares, Rootkitsand many more. The infection vectors have also changed and grown drastically as malicious agents now use mechanisms likeemail harvesting, browser exploits, operating system vulnerabilities, and P2P networks and many more unknown, unheard andtechnologically advanced techniques of replication.A relatively large percentage of the software that a normal internet user encounters in his/her online activities are or can bemalicious in some form or other. Most of these Malwares are detected by Antivirus software, Spyware removal applications andother similar tools. However, this protection is not always enough and there are times when a small, benign looking binarysneak through all these levels of protection and compromises the system and the user’s data. The reasons for this breach canbe:
Users not updating their Antivirus signatures regularly
Users not keeping their systems well patched
Failure of Antivirus Software’s heuristics engine
New or low-profile Malware that has not yet been discovered by Antivirus vendors
Custom coded Malware which cannot be detected by Antivirus
Firewall not installed or not properly configuredMalwares are continuously evolving, and Antivirus vendors are finding it difficult to keep up with this ever increasing threatlist. In some cases, the vendors may opt not to include a signature for a particular piece of Malware. However, this should notprevent knowledge seekers from using freeware tools and techniques to analyze the files and develop their own preventionand detection mechanisms. Though the Antivirus Softwares are continually getting better and more sophisticated, a small butvery significant percentage of Malwares escape this predefined screening process and manages to enter and compromise boththe system and the network itself. Unfortunately, this percentage of the Malwares escaping this predefined screening processis also growing everyday.It is essential for users and absolutely essential for administrators to be able to determine if a binary is harmful by examiningit manually and without relying on the automated scanning engines. The level of information required after an analysis is donediffers according to the user's needs. For instance, a normal user might only want to know if a binary is malicious or not, whilean administrator might want to know more like the registry values the binary injects, the copies of infected files it creates, thetypes of files the binary infects and also the actual payload information and what it does. That means, he may want tocompletely reverse engineer the binary for his purposes.
Techniques for Malware Analysis
There are basically two techniques that are used for analyzing a Malware:
Code analysis
Behavior analysis
In most cases, a combination of both these techniques is used. However, we will consider code analysis first.
Code Analysis
Code analysis is one of the primary techniques used for examining Malwares. The best way of understanding the way aprogram works is, of course, to study the source code of the program. However, the source code for most Malware is notavailable. Malicious software is more often distributed in the form of binaries, and binary code can still be examined usingdebuggers and disassembles. However, the use of these tools is often beyond the ability of all but a small minority because of the specialized knowledge that is required. Given sufficient time, any binary, however large or complicated, can be reversedcompletely by using code analysis techniques. We will deal with some aspect of code analysis and reverse engineering processlater.
Behavior Analysis
Page 3

Activity (33)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Yulian Sani liked this
Yulian Sani liked this
BSASciti liked this
Ling Linglung liked this
Raja Mohammed liked this
ravi_raghu liked this
gdanneels liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->