Hey Guys, Back again after a long time
Due to some issues, I wasn’t able to keep you posted, I will try my best to update your knowledge as much as I can in the upcoming days
Today’s blog is on Malware Analysis, we already have 3 Posts on Malware analysis but still I would say we need to go through again especially this one is for Beginners, some new guys are here who literally need to learn from this one.
What is Malware, How many types of Malware all these things you can learn in this one here Click Here
In this Blog we will learn the below mentioned points.
Whats the Use of Malware Analysis?
How do we start?,
what we really need?
where to look up?,
what we are going to learn new?
What’s the Use of Malware Analysis?
It is Mandatory to have an insight knowledge about Malware and its Behavior and what is its purpose, As a cyber security professional we all know how malware play vital role in Affecting users in terms of Professional and personal space. So its our responsibility to keep all safe.
Daily 230000 New malware samples are produced everyday as of January 2020, Hugeeeeeeee one Right? Yes it is.
Those Who really want to steer into Malware Analysis path, I can say you are really going to learn something new and the best stuff from here
Malware Analyst can be an Independent Malware analyst and they can get into the profile of Incident Response team.
A Regular Malware analyst earns $110000 Per Annum.
Malware analysis happens in three stages.
1) Malware Sketch or Outline
2) Analysis Laboratory
3) Analysis Phase
Here today we are going to learn first two Stages.
Stage 1:- Malware Sketch or Outline:
Step 1 :- We need to how necessary it is to fight against Malware Propagation and spread nature by learning types of Malware and its classification (Purpose of Analysis, Process of Analysis, Effective Malware analyst)
Step 2:- Clustering of Malware and how Clustering can be a side kick for researchers (Classification of Malwares and characteristics [You can read this in previous blog on malware threats])
Step 3:- How malware are deployed, what are all the technologies that are handled by the attackers over the target, Simply we can say Malware deployment. (Eg. Physical Media, Mails, File shares, Chats)
Step 4:- Get to know how malware hides from Security measures and getting away from researchers eyes, how it is working. (Static Malware, Dynamic Malware, Encryption, Polymorphism, Anti-reversing,Obfuscation)
Step 5:- What are all the dependencies that malware depends on to propagate freely, what are all the vital operations that is needed by Malware. We can simply remove one of its dependencies to stop its malicious play. (Operating System, System Settings, Virtualization, Program Dependencies, Timing Dependencies, Event Dependencies, User Dependencies)
Stage 2:- Analysis Laboratory
In analysis Laboratory we must have Malware samples with us right to work with. So our First step will be the collection of Malware samples.
We merely in the need of Malware samples to work with but where we can get all these?
In these places you can find Malware
Research mailing Lists
Your own Backyard
We can look for malware samples from online sources. These are made specially for ones who really are lazy to extract malware from their own machine like me…LOL.
There are already many researchers spent their valuable time to find malware samples we can make use of it by visiting these blogs, Forums and websites.
Research Mailing Lists:
These are nothing but exclusive mailing lists for researchers where they can freely able to share their knowledge and malware samples on a regular basis and discussion about various threats of malware. To be a member you need to be invited and sponsored by an existed member. Product Marketing things in the research mailing lists will toss you guys from the group and get banned ever joining again.
Security organizations do Sample Exchange on a periodic basis such as weekly or monthly. All the employees will be requested to dump all the new malware samples that they have collected. With this technique each other will be having the chance to get to know more about the samples shared by others. It also simplified human effort on finding samples from somewhere else for the research purpose.
Those who don’t want to waste money in setting up the environment to collect malware they can buy it from other sources. As I told early 230000 Malwares/Day for what? Obviously Money isn’t it. So Security firms and organizations are considering these commodities. Purchasing malware samples are most practical to do malware research activities.
We can Get Malware samples from our Defensive mechanism devices like Honeypots. These systems are used to collect malware automatically.
Your Own Backyard:
Definitely everyone here must have faced a situation from their parents, relatives, friends, partners that their Computer devices works abnormally, they don’t have any idea about that, that’s the scenario am talking about here.
This needs human intervention a lot to collect malware samples
We need to look for these places to find something
1) Scanning for Malicious files
2) Active Rootkits
3) Check out the Startup Programs
4) Check Running Processes
5) Extract suspicious files.
So this is how we collect all the sample that we need to work on, So next we will be setting up The Analysis laboratory in the Next Blog Post
Stay With us to learn More about Malware analysis.
Thank you so much for your time here
Be safe out there!