DIY Malware Analysis

Autor: Ken Bechtel, Michael Blanchard, Robert S. Vibert, Henk Diemer, David Harley, Bojan Zdrnja, Igor Muttik, Andrew Lee
Rok vydání: 2007
Předmět:
Popis: Publisher Summary This chapter is based on the works of Michael Blanchard and Bojan Zdrnja. It deals with malware analysis and forensics techniques and tools, starting from basics and progressing to advanced forensics. In the past couple of years, malware has become increasingly difficult to analyze and remove. Most malware authors today are organized crime gangs that seek profit. They go an extra step in making it difficult to remove their malware, to hide it, and to make reverse engineering more complex. This is why the only sure way to deal with infected machines is to reinstall them. However, before doing that, one should make sure that he/she knows what the infection vector was, because otherwise the same re-infection can be faced in the future. A prepared and tested incident response plan is a must for every organization today. Malware incidents do happen, no matter how much one has invested in protection. When previously unknown malware strikes an organization, people get to assess the impact and decide on the countermeasures. This can be very difficult in the first few hours of malware spread, as most antivirus (AV) vendors would not yet have definitions and malware descriptions. By analyzing malware when it is required, one is able to assess the impact (and the threat) correctly, and ultimately decide on money spent by the organization on damage recovery which can range from reinstalling the infected machine to dealing with stolen intellectual property or customer data.
Databáze: OpenAIRE
Externí odkaz: