Malware

Definition: Malware can be defined as any unauthorized software or program that is malicious - causes harm to the user, computer and/or network.

Types of Malware: There are many different types of malware. The following are the most common ones.

  • Backdoor: A backdoor is a malicious computer program that provides ongoing remote access to the compromised computer by exploiting security vulnerabilities. Backdoors usually allow an attacker to bypass authentication mechanisms while connecting to a compromised computer.

  • Botnet: A botnet is a collection of compromised computers (known as bots or zombies) infected with malware that can be remotely controlled by an attacker.

  • Downloader: A downloader is a malicious computer program that has a primary functionality of downloading other malicious content.

  • Information-stealing malware: Information-stealing malware is malware that collects information from a victim’s compromised computer and sends it to the attacker. Examples of this type of malware include but are not limited to keyloggers, sniffers and adware.

  • Launcher: A launcher is a malicious computer program that has a primary functionality of launching other malicious programs.

  • Rootkit: A rootkit is a stealthy software that is used to give the attacker unauthorized access to a compromized computer.

  • Scareware: Scareware is a type of malware that is used to manipulate the victim into purchasing or downloading potentially malicious software.

  • Spam-sending malware: Spam-sending malware is malware that infects a victim’s computer and uses the compromised computer to send spam.

  • Worm or virus: A worm or virus is a malicious computer program that propagates itself to infect other computers. An important difference between a worm and a virus is that a virus requires an active host program for it to run and propagate, while a worm is a stand-alone program that can continuously self replicate and propagate making it much faster to spread than a computer virus.

Malware Analysis

Definition: Malware analysis is the study of a malware sample(s) to determine its functionality, cause and possible impact. The typical goals of malware analysis is to determine what happened, locate all the infected machines and files and contain the damage caused by the malware.

Malware Analysis Techniques: Malware analysis techniques fall under two types: static malware analysis and dynamic malware analysis. Static malware analysis is the study of malware without running it. Dynamic malware analysis is the study of malware behavior while running it on the host system. Both types are further categorized into basic and advanced.

  • Basic Static Analysis: Basic static analysis is the study of a malware executable file without viewing the program instructions.

  • Advanced Static Analysis: Advanced static analysis is the study of a malware executable file by reverse-engineering the malware (with the help of a disassembler) and viewing its program instructions to determine its functionality.

  • Basic Dynamic Analysis: Basic dynamic analysis is the study of a malware executable file by running it on the system and observing its behaviour.

  • Advanced Dynamic Analysis: Advanced dynamic analysis is the study of a malware executable file by running it on the system and using a debugger to step through the execution of the malware sample and determine the internal workings of the sample as it runs.

General Rules for Malware Analysis:

  • Try not to get caught up in the details. Just focus on the key features that define the malware.
  • Remember that there are different tools and approaches to deal with different malware types.
  • Realize that malware analysis is like a cat-and-mouse game. Malware is constantly evolving with new features that allow it to circumvent some of the current analysis/detection techniques. As a malware analyst you need to be able to understand the techniques used by malicious users to evade detection/analysis and develop new methodologies/tools that respond to these changes.

Reference: M. Sikorski and A. Honig, Practical Malware Analysis. San Francisco: No Starch Press, 2012, pp. 1-5.