Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2. Malware Analysis in VMs

Published byGwendoline Barnett Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 2. Malware Analysis in VMs"— Presentation transcript:

1 Chapter 2. Malware Analysis in VMs

2 Virtual Machine (VM) VM – Software implementation of a machine that executes programs like a physical machine. Abstraction layer – decouples the physical hardware from the operating system Shares physical hardware resources with other users Cloud Computing – share hardware resources (VM vs. Docker Container – all the dependencies for an application to run)

3 Sandbox A type of container: placed around an application.
A virtual environment with restrictions.

4 VM – Cloud Computing

5 VMs Most malware must be executed in order to analyze them
Running on production machine -> spread to others (worms) Requires a safe environment with no risk VirtualBox and Vmware Host-only networking to monitor network traffic Snapshots and roll-back Record and replay execution

6 VM Structure Guest OS installed inside host OS as a VM
VM is isolated from the host OS

7 Host-only Networking Host-only networking: creates a separate private LAN between the host OS and the guest OS Malware is contained in VM, but not the Internet

8 Host-only Networking

9 Connecting VM to the Internet
Default option in VirtualBox (NAT) NAT mode shares the host IP; host acts as a router and translates all the requests from VM In real malware analysis: Cautious – spreading worm, becoming botnet for DDoS, spamming Malware authors may notice you are connecting to the control server and trying to analyze

10 VM: Snapshot Snapshot is unique to VM
Allows you to save the current state and possibly return to this state in future Extremely helpful in malware analysis Usually after you install all the tools, make a snapshot, or before you analyze some unknown program

11 Virtual Box Snapshot Under Machine -> Snapshot, view all the snapshots taken

12 Risks of using VM Malware can detect it is in VM and behave differently VM also have bugs, cause the host OS to crash or run the code on host OS (through the share folder possibly) Make sure the host OS is fully patched Avoid using a sensitive machine to perform malware analysis (save some of the non-personal files to the cloud like dropbox)

13 In-Class Homework Setup a Snapshot, Run malware and Rollback

Download ppt "Chapter 2. Malware Analysis in VMs"

Similar presentations

5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Computer Network (MASQ/NAT/PROXY)

Computer Network (MASQ/NAT/PROXY)
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
1 Virtualization and Virtual Machines Sarah Diesburg 1/10/2013 COP 5641.

1 Virtualization and Virtual Machines Sarah Diesburg 1/10/2013 COP 5641.
Virtualization A way To Begin with Virtual Reality… - Rahul Khanwani.

Virtualization A way To Begin with Virtual Reality… - Rahul Khanwani.
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
Space Science and Engineering Center University of Wisconsin-Madison Virtual Machines: A method for distributing DB processing software Liam Gumley.

Space Science and Engineering Center University of Wisconsin-Madison Virtual Machines: A method for distributing DB processing software Liam Gumley.
Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.

Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.
IT:Network:Applications Fall 2009.  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.

IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Hands-On Virtual Computing

Hands-On Virtual Computing
ICT Day Term 4, 2008.  Virtualisation is growing in usage.  Current CPU’s are designed to support Virtualisation.  Businesses are looking at virtualisation.

ICT Day Term 4,  Virtualisation is growing in usage.  Current CPU’s are designed to support Virtualisation.  Businesses are looking at virtualisation.
Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.

Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.
V IRTUALIZATION Sayed Ahmed B.Sc. Engineering in Computer Science & Engineering M.Sc. In Computer Science.

V IRTUALIZATION Sayed Ahmed B.Sc. Engineering in Computer Science & Engineering M.Sc. In Computer Science.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Network Plus Virtualization Concepts. Virtualization Overview Virtualization is the emulation of a computer environment called a Virtual Machine. A Hypervisor.

Network Plus Virtualization Concepts. Virtualization Overview Virtualization is the emulation of a computer environment called a Virtual Machine. A Hypervisor.

Similar presentations

Ads by Google