What is malware?
I think you all know what malware is but lets start with some well known definitions:
Malware is software designed to infiltrate or damage a computer system without the owner's informed
consent. The expression is a general term meaning a variety of forms of hostile, intrusive, or annoying software or program code. Simply put, Malware is software designed to make a computer do something an attacker wants it to do. It is not always designed to destroy a computer. It may, for example, just sit on a computer, using processor cycles to crack the encryption of a certain file.
Tools for analysing malware (free and open source):
Tools
There are many different tools available that will help you analyze malware. Some of this tools are designed specially for debugging, and analyzing software, others are designed to better understand your
system. I will list some free and open source tools that can be helpful for basic malware analysing and research.
Microsoft Sysinternals
Microsoft’s Sysinternals suite is one of the best tools out there to understand your Windows environment. It includes tools such as TCPView, Process explorer, and Autoruns. This suite includes tools that let you see
what processes are running, what ports are open, what files are set to run at startup and other things.
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
Regshot
Regshot is an open-source(GPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.
http://sourceforge.net/projects/regshot
Snort
Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) capable of performing packet logging and real-time traffic analysis on IP networks.Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features.
I think that is very clear why snort is so important in malware analyzing.
http://www.snort.org/
NetCat
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
For malware research this tool is useful because it can help you to see what are the network connection after malware was installed on the machine.
http://netcat.sourceforge.net/
Software analyzing
While system orientated tools (sysinternals, netcat, etc..) helps you to understand the environment, software orianted tools helps you to understand the software. They usualy require you to understand assembly language ( I suggest you watch Vivek's Assembly primer videos). For software analysis we use debuggers. Debuggers are tools (software) that are used to analyze binaries and the output of such analysis is in low level format. I will mention only one tool for such purpose, and that is OllyDbg.It is efficient and
has many plugins available to extend its usefulness.
OllyDbg
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
http://www.ollydbg.de/
Remove Malware
Use Malwarebytes Software to remove malwares from your PC......DOWNLOAD
No comments:
Post a Comment