What is malware ?
“Some sort of unknown malicious software is called as malware.”
Key Terminology of Malicious Software.
– Virus: a computer program that is usually hidden within another seemingly innocuous program and that produces copies of itself and inserts them into other programs and usually performs a malicious action as destroying data.
– Worm: a usually small self-contained and self-replicating computer program that invades computers on a network and usually performs a destructive action.
– Trojan Horse: a seemingly useful computer program that contains concealed instructions which when activated perform an illicit or malicious action as destroying data files.
– Spyware: software that is installed in a computer without the user’s knowledge and transmits information about the user computer activities over the Internet.
– Adware: software installed that provides advertisers with information about the
users browsing habits, thus allowing the advertiser to provide targeted ads.
– Backdoor: Bypasses normal security controls to give an attacker unauthorized access.
– Rootkit: Trojan horse backdoor tools that modify existing operating system software so that an attack can keep access to and hide on a machine.
– Sniffer: an application used to monitor and analyze network traffic.
– Reverse Code Engineering: the process of disassembling software to reveal how the software functions.
– Disassembler: programs that take a programs executable (exe) binary as input and generate textual files that contain the assembly language code for the entire program or parts of it.
– Debuggers: programs that allows software developers to observer their program while running it.
– Decompiler: a program that take an executable binary file and attempts to produce readable high-level language code from it.
Type of Malware Analysis?
– Static malware analysis
– Dynamic malware analysis
– Memory analysis
Looking into malicious software involves a variety of tasks, some simpler than others. These efforts can be grouped into stages based on the nature of the associated malware analysis techniques and expertise.
Stage of Malware Analysis?
– Fully-Automated analysis : mostly used as script and tool as scan code
– Static Malware analysis : Virus Scanner, IDA, disassembler, reg editor, hex editor, image editor, packet detection, file analyzer.
– Dynamic Malware analysis
– Interactive behavior analysis
– Manual code reversing
– Memory analysis
– Running process, Network connection, File Fingerprints, memory diagnose
Six Step for Incident Response in Malware Analysis
– Expertises and lesson learn
Maximization of avoid malware to harm system
Need Better Firewall with advanced signature detection rule and correlations that analysis any suspicious activities from inbound, outbound network packet. It also help when create some advanced protection for system using anti-malware software like clamav.
Getting knowledge for how to use safer Internet, Email service, Banking services. Employee and Customer need awareness about good level of cyber crime incident.