Malware Analysis Made Simple

Malware Analysis Made Simple SecureWorld Expo Detroit Wednesday, November 5, 2008 Paul Melson

Why Not Focus On Prevention? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

You’re Probably Required To ,[object Object],[object Object],[object Object],[object Object],[object Object]

Why Do Malware Analysis In-House?

Malware is Number 1! Yay! ,[object Object],[object Object],[object Object],[object Object],[object Object]

Firewalls & Antivirus Have Lost ,[object Object],[object Object],[object Object]

Malware is Adapting Quickly ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

“ But it’s just spyware, right?” ,[object Object],[object Object],[object Object],[object Object],[object Object]

Anatomy of a Drive-By Download Dropper Malware Servers More Malware JScript Exploit

Log Files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

IDS/IPS Alerts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Snort Rules ,[object Object],[object Object],[object Object],[object Object]

Antivirus?! Yes, Antivirus! ,[object Object],[object Object]

For Starters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Detecting Packed Files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Analyzing Binary Files ,[object Object],[object Object],[object Object],[object Object],[object Object]

Behavioral Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object]

Network Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Analyzing System Hooks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Response Toolkit: CD ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Analysis Toolkit: VM ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Prevention – Whack-a-Mole ,[object Object],[object Object],[object Object]

Prevention: Local Admin? ,[object Object],[object Object],[object Object],[object Object],[object Object]

Parting Shot: Best Practices ,[object Object],[object Object],[object Object]

Empfohlen