Take it easy. Let’s start with what malware is first. It’s malicious software, or “malware” for short. It is intrusive software that can take many forms and result in many different consequences. Malware can steal information, damage computers and systems, overwhelm servers, assuming control of computers, etc. It also has many different types like viruses, ransomware, worms, trojans, and spyware. [2], [4] On top of the abundance of variation in malware, it is always changing and new malware is always being created. This is overwhelming, and makes security professionals’ jobs complicated.
One way we can learn about malware to help us build better systems, products, and response is through malware analysis. Malware analysis helps us learn the behavior, purpose, and scope of a piece of malicious software [1]. In addition, throughout the process, indicators of compromise (IOC’s) can be uncovered. These IOC’s can be used to improve detection and alerts to the presence of a piece of malware on a system.
When are you presented with a piece of malware to do an analysis, there are different techniques use in the process: basic static analysis, basic dynamic analysis, advanced static analysis, and advanced dynamic analysis [3]. The most simple difference between these is that static analysis does not involve running the code, while dynamic analysis does involve running the malware executable. In further blogs I’ll go more in depth here, as these topics and techniques deserve their own spotlight.
So what exactly is our goal for this capstone project? Well, we will be using example malware binaries on a isolated virtual network. Through static and dynamic analysis, we hope to find how each piece of malware behaves, how we can detect that malware on a network, and how we can contain the damage. Finally, and most importantly, this will produce a report with all our findings and recommendations for the malware files we analyzed. And now, step 1: basic static analysis.
References
[1] “Malware analysis explained: Steps & examples: CrowdStrike,” crowdstrike.com, 13-Jan-2022. [Online]. Available: https://www.crowdstrike.com/cybersecurity-101/malware/malware-analysis/. [Accessed: 18-Jan-2022].
[2] McAfee, “What is malware and why do cybercriminals use malware?,” McAfee, 26-Nov-2019. [Online]. Available: https://www.mcafee.com/en-us/antivirus/malware.html. [Accessed: 18-Jan-2022].
[3] M. Sikorski and A. Honig, Practical malware analysis: The hands-on guide to dissecting malicious software. San Francisco: No Starch Press, 2012.
[4] “What is malware? – definition and examples,” Cisco, 29-Sep-2021. [Online]. Available: https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-malware.html. [Accessed: 18-Jan-2022].
