Essay Available:
100% (1)
Pages:
8 pages/≈2200 words
Sources:
4
Style:
APA
Subject:
IT & Computer Science
Type:
Essay
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 43.2
Topic:

Malware Analysis: Malicious Software

Essay Instructions:

Objective: Analyze malware trends and infection points, as well as methods for analyzing malware. This will include describing what is involved in a malware analysis environment, including tools, techniques, emerging developments in malware analysis.

Course Goals:

1. Develop and utilize policies, procedures, and technologies for incident analysis.

8. Incorporate analysis and response results into appropriate action plans, reporting information sharing, improvement cycles, and exposure elimination.

9. Incorporate analysis and response results into appropriate action plans, reporting, information sharing, improvement cycles, and exposure elimination.

10. Evaluate inter and intra organizational resources for incident investigation and response.

Scenario:

The use of computers and electronic devices to aid in the commission of crimes has seen explosive year over year growth. There is a high risk/reward potential for criminals in this environment compared to many other types of crimes. One of the tools of choice for criminals is malware, whether for theft of personal information, computing resources, or other forms of mischief.

Most organizations cease their effort once they have removed a malware threat or removed an infection. Our goal is to go much further and perform a full malware analysis of the incident. This means that we need a malware analysis procedures, environment, tools, and knowledge. Outline what is needed in terms of tools, procedures, and knowledge to analyze malware using both dynamic (behavioral) and static (code) analysis techniques – as well as identifying the potential vectors that delivered the payload that may allow for attribution.

The trend in malware is toward memory resident payloads, often with little or no footprint beyond active memory. This can create a complex situation where a minor slip up can ruin any chance at proper analysis. Obtaining malware artifacts from the wild can be an elite skill that very few people possess, particularly when it is memory based.

Essay Sample Content Preview:
Malware Analysis Student’s Name Institutional Affiliation Malware Analysis In the current era of modern forms of technology, malware and malware protection has become one of the significant aspects of computer security. Cybercriminals utilize different strategies to interfere with networks and computers. Arguably, most organizations or individuals use computers to pass information. The devices used by institutions and organizations are vulnerable to different forms of attacks and may result in the exposure of sensitive data. During the last decade, the lack of effective protection has resulted in an increased number of hackers stealing sensitive data. Besides, some cybercriminals set up spam as a way of trying to access the available systems. For that reason, most organizations develop different types of policies and procedures to address the prevailing issue of malware attacks. Malicious software is one of the sophisticated strategies that cybercriminals use to accomplish their set objectives, thus creating the need to conduct an analysis to determine the purpose and characteristic of an attack. Arguably, technology has influenced people to use computers in executing most of their activities. In fact, some companies use computer systems to replace workers in organizations. Although innovation in computer technology is imperative to the lives of humans, studies suggest that it might marginalize people’s role in life (Bazrafshan, Hashemi, Fard, & Hamzeh, 2013, p. 114). A computer virus can affect the functionality of a computer’s hard drive, thus causing the deletion of the directory information or files. Most cyber attackers take advantage of the availability of the internet to gather data from a system without credit cards or personal information. Accordingly, organizations and individuals should be aware of developers with the wrong intentions to their sensitive information on their computer systems. Computer malicious software has been in existence even before the emergence of the internet. For example, the Vienna malware developed in 1987 caused different forms of attacks on computers. Ralph Burger was the first person to conduct an investigation on computer viruses and even composed a publication titled “Computer Viruses: A High tech Disease.” Because of his comprehensive research, it was easy for people to gain an in-depth understanding of the viruses. Ralph’s research helped most people to understand the nature of malware and how it works. In fact, Ralph’s publication was significant guidance on creating and using malware. The invention of the internet in the 1990s caused a tremendous computer security breach. For instance, the new types of viruses, such as Mellissa and Michelangelo signified new dawn of different virus activities. For that reason, the formation of new virus-control technologies, such as botnets and bots began to take shape. The use of malware by cybercriminals caused different forms of security breaches in business and home environments (Bazrafshan et al., 2013, p. 116). In fact, the attackers would expose private details and user credentials on the internet. Because of this breach, the capability of hackers to assess network activities in real time and trace cookies became a major problem for all internet users. Malware Analysis Tools Organizations have a wide variety of malware to choose from when enhancing computer security. In fact, enterprises utilize them to assess unknown and potentially malicious software. Besides, the tools are effective strategies to use in gaining valuable insight into actions over computer systems. Therefore, it is a crucial foundation to enhance an understanding of the sample. According to Gandotra, Bansal, & Sofat (2014), FileMon is one of the programs that are useful in finding changes in the file system. Besides, the tool is effective in detecting and recording information. FileMon is a noisy tool, which runs on the Windows operating system. For that reason, organizations should clear the tool before executing the binary. Additionally, Norman Sandbox is a dynamic malware solution of analysis that helps in executing a sample in a controlled virtual environment. Notably, it is effective in stimulating the Windows operating system. The environment can stimulate a host computer system as one of the attached local area networks together with internet connectivity. The main idea behind the use of Norman Sandbox is to use simulated data, thus replacing the entire functionality. A simulated system provides support for different operating systems that are relevant in multithreading support and memory protection. Sandbox focuses on detection of malware that can spread through email or network systems. Furthermore, JoeBox is a tool that helps in conducting an analysis of a malicious sample. The tool helps in the creation of a log that has information on different forms of actions on registries, system activities, and file systems. Moreover, it is designed to run on real hardware without any form of emulation technique or virtualization. The tool acts as a form of server model, which coordinates multiple clients with an obligation of conducting the analysis. Therefore, it is necessary to increase the overall number of clients throughout the system. Trends in Malware In the contemporary world, malware has become quite sophisticated because of its unprecedented access to sensitive information. In most instances, cyber thieves are focused on making their tools undetectable. In fact, most of them have incorporated offensive techniques to make it quite complicated for organizations to implement the most appropriate defensive mechanisms. Because of this tactic, most malware authors seek to deliver numerous components into a malware payload. The common components include server components, which provide proxy services to an infected computer, kernel lever drivers, and malware clients. The use of resource section in windows binaries is one of the ways to embed additional components in windows malware. Malware can create an installation directory in a program’s hierarchy with the intention of hiding from curious users. Cyber thieves have invented various techniques for preventing antivirus programs from detecting infected computers. One of the effective strategies to achieve the ultimate objective is to modify host files in a system in association with antivirus updates. A host file is a text that contains a mapping of a computer’s IP address. The different modifications help in inserting carriage returns during host entries before appending any form of malicious activities on a computer system. Cyber thieves have developed new strategies to cause failure of antivirus updates and ensure that the malware is not detected for a long period. Most of them have turned to the use of rootkit mechanisms to hide the presence of malware. For that reason, it is important to run malware even after restarting a system (Gandotra et al., 2014). The basic forms of persistence are achievable after adding new commands, thus making it more convenient to execute malware. Currently, it is possible to make registry modifications to achieve the objective. Other forms of registry manipulations include installation of different components as improvements to the common and readily available...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order
© Essayzoo.org 2024
We are an established and reputable company, with over 10 years in the essay business.
Terms of Service | Privacy Policy | Essays for Sale | Essay Rewriter | APA Generator Tool | Topic Generator | Text Summarizer | Thesis Statement Generator
Sign In
Not register? Register Now!