The genesis of computer viruses started in early 1980s when some researchers came up with self-replicating computer programs. In 1984 Dr. Cohen provided a definition for computer viruses saying, “A virus is program that is able to infect other programs by modifying them to include a possibly evolved copy of itself”. This definition is based on the behavior of programs of that period, was appropriate. However, overtime viruses have evolved into dozens of different categories and are now termed collectively as malware instead of just virus. A virus is now simply considered as one category of malware.
Malware is short for MALicious softWARE. It is software that is specially designed to harm computer data in some way or the other. Malware have evolved with technology & has taken full advantage of new technological developments .
Malware consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operations, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources and other abusive behavior .
What is Malware Forensics?
It is a method of finding, analyzing & investigating various properties of malware to find the culprits and reason for the attack. The process also includes tasks such as finding out the malicious code, determining its entry, method of propagation, impact on the system, ports it tries to use etc. investigators conduct forensic investigation using different techniques and tools.
Types of Malware:
The category of malware is based upon different parameters such as how it affects the system, functionality or the intent of the program, spreading mechanism, and whether the program asks for user’s permission or consent before performing certain operations. Some of the commonly encountered malwares are:
- Rogue application
- Worm or Virus
- Credential-stealing program, etc .
Symptoms of Infected Systems:
Following are some symptoms of an infected system-
- System might become unstable and respond slowly as malware might be utilizing system resources.
- Unknown new executables found on the system.
- Unexpected network traffic to the sites that you don’t expect to connect with.
- Altered system settings like browser homepage without your consent.
- Random pop-ups are shown as advertisement.
- Recent additions to the set are alerts shown by fake security applications which you never installed. Messages such as “Your computer is infected” are displayed and it asks the user to register the program to remove the detected threat .
Overall, your system will showcase unexpected & unpredictable behavior.
Different ways Malware can get into system:
- Instant messenger applications
- Internet relay chat
- Removable devices
- Links and attachments in emails
- Legitimate “shrink-wrapped” software packaged by disgruntled employee
- Browser and email software bugs
- NetBIOS (File sharing)
- Fake programs
- Untrusted sites & freeware software
- Downloading files, games screensavers from internet sites .
Prerequisites for Malware Analysis:
Prerequisites for malware analysis include understanding malware classification, essential x86 assembly language concepts, file formats like portable executable file format, windows APIs, expertise in using monitoring tools, disassemblers and debuggers .
Types of Malware Analysis:
The two of the malware analysis types based on the approach methodology include:
- Static Malware Analysis: It is a basic analysis of binary code & comprehension of the malware that explains its functions.
- Dynamic Malware Analysis: It involves execution of malware to examine its conduct, operations and identifies technical signatures that confirm the malicious intent.
Online Malware Analysis Services:
- Metascan Online
- Malware Protection Center
- Web Online Scanners
- Payload Security
- Valkyrie, etc.
Malware Analysis Tools:
- IDA Pro
- What’s Running
- Process Explorer
- Directory Monitor
- Capsa Network Analyzer
- API Monitor, etc .
It is a big concern to provide the security to computer system against malware. Every day millions of malwares are being created and the worse thing is that new malwares are highly sophisticated which are very difficult to detect. Because the malware developers use the various advanced techniques to hide the actual code or the behavior of malware. Thereby, it becomes very hard to analyze the malware for getting the useful information in order to design the malware detection system because of anti-static and anti-dynamic analysis technique. Therefore, it is crucial for the forensic analysts to have sound knowledge of different malware programs, their working, and propagation, site of impact as well as methods of detection and analysis and continuous advancement of the same.
- “Introduction to Malware & Malware Analysis” [Online] (http://dlupdate.quickheal.com/documents/technical_papers/introduction_to_malware_and_malware_analysis.pdf) Accessed on 16/03/2019.
- “Malware” [Online] (http://dlupdate.quickheal.com/documents/technical_papers/introduction_to_malware_and_malware_analysis.pdf) Accessed on 16/03/2019
- CHFI, Module 11 “Malware Forensics”.
- “Art of Assembly” [Online] (http://dlupdate.quickheal.com/documents/technical_papers/introduction_to_malware_and_malware_analysis.pdf) Accessed on 17/03/2019