Malware Analysis email: firstname.lastname@example.org
A detailed analysis of the continuously evolving threat of Malwares
Author: Rajdeep Chakraborty Email: email@example.com
The purpose of this article is to help users analyze and determine if an executable\process\binary running in their system is aharmful Malware. We will do the analysis by analyzing it in a controlled environment without the use of antivirus software,debuggers, code disassembly or any other sophisticated tools or applications. However, we would take the help of certainfreely available tools and utilities to fulfill our requirements.The steps for Malware Analysis followed here in this article have been taken from the article "
Malware Analysis for Administrators
" posted by
of F-Secure (http://www.securityfocus.com/infocus/1780). The basic methodologiesproposed by him in the document have been kept the same but I have tried to explain those methodologies in a much moredetailed fashion.
Traditionally, Malware analysis has been considered to be very complicated, and in fact some of the techniques ormethodologies involved are very complicated and way beyond a normal user's access or understanding. However, in context of today’s scenario, we can see that there is a clear need for people to learn how to analyze Malware themselves. But the mostimportant factor is that the analysis techniques should be simplified enough so that even the average computer user canunderstand it. Unfortunately, information dealing with Malware analysis techniques is either too complicated for the averageusers to understand or they are in a very much scattered form, beyond the reach of normal users. With the help of this, sortof tutorial, I would try to fill in this disparity and also would like to make it easy and simplified enough for the average users tounderstand and do hands on themselves.
Malwares has evolved into the cyber era as the most dangerous, damaging and menacing tantrum. It is not an exaggeratedstatement that if you are linked to the Internet, there’s every chance of being affected by this nuisance. So, it is veryimportant that we should possess a peripheral view about this threat. We will look into some basic details of this thing calledMalware.
What is Malware?
Malware is a malicious software, which is designed specifically to damage your system or interrupt the normal computingenvironment. A trojan horse, worm, virus or spyware could be classified as malware. Some advertising software can bemalicious by trying to re-install itself after you have removed it. A binary is considered Malware on the basis of certainfeatures.
Types of Malware
A Malware can be Viruses, Worms, Trojan horses, Rootkits, Spywares, dishonest Adware or other malicious and unwantedrogue softwares. Hence a Malware is something that usually contaminates the system and carries out malicious activities.The best-known types of Malware are viruses and worms. They are known for the manner in which they spread, ratherthan any other particular behavior.
A computer virus is a computer program that can copy itself and infect a computer without permission orknowledge of the user. A virus can only spread from one computer to another when its host is taken to the uninfectedcomputer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium suchas a floppy disk, CD, or USB drive.
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes(computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need toattach itself to an existing program.
A piece of software which appears to perform a certain action but in fact performs another such as acomputer Virus. Trojan horses are notorious for their use in the installation of backdoor programs in the system that canbe exploited by the author of such programs. These systems now become zombies and they can be completely controlledby the attacker.
: A computer software that is installed surreptitiously on a personal computer to intercept or take partial controlover the user's interaction with the computer, without the user's informed consent. Spyware suggests software thatsecretly monitors the user's behavior, collect various types of personal information, interfere with user control of thecomputer in other ways such as installing additional software, redirecting Web browser activity, accessing websites blindlythat will cause more harmful viruses, or diverting advertising revenue to a third party.