Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.

Published bySuzan Atkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering."— Presentation transcript:

1 Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering

2 Objectives Analyzing a worm or a virus Provide a method to eliminate How to prevent from infection in future?

3 Overview Introduction Definition of Malware Definition of MalwareTechniques Lab Scenario Hands-on analysis of Beagle.J Hands-on analysis of Beagle.J

4 Introduction to Malware How? Forms of Malware Detection Techniques

5 Forms of Malware VirusTrojansWormsSpywareAdware

6 Detection Techniques Integrity Checking Static Anti-Virus (AV) Scanners Signature-based Signature-basedStrings Regular expressions Static behavior analyzer Static behavior analyzer Dynamic Anti-Virus Scanners Behavior Monitors Behavior Monitors

7 Malware Analysis Techniques VMWare Multiple Operating System Multiple Operating System Creates network between host and guest systems Creates network between host and guest systems Self-contained files Self-contained files Can transfer virtual machines to other PCs.vmx – configuration file.vmdk – image of hard disk

8 Lab Scenario Static Analysis BinText BinText Extracts strings from code IDA Pro IDA ProDissembler USD 399/user UPX UPX UPX compression/decompression

9 BinText Extracts strings from executables Reveals clues: IRC Commands, SMTP commands, registry keys IRC Commands, SMTP commands, registry keys

10 IDA Pro Disassembles executables into assembly instructions Easy-to-use interface Separates subroutines, creates variable names, color- coded Separates subroutines, creates variable names, color- coded

11 UPX Decompression Executable packer commonly used by virus writers Can compress wide range of files Windows PE executables, DOS executables, DOS COM files, and many more Windows PE executables, DOS executables, DOS COM files, and many more To unpack: upx.exe -d -o dest.exe source.exe upx.exe -d -o dest.exe source.exe

12 Decompressed Output

13 Process Observation Tools Process Explorer Monitor processes Monitor processesFileMon Monitor file operations Monitor file operationsRegMon Monitor operations on registry Monitor operations on registryRegshot Take snapshot of registry and filesProcDump Dump code from memory

14 Beagle.J Capabilities Registry/Run on startup Copies into folders containing “shared” Sends copies by email Backdoor

15 Conclusion As you have seen there are various ways for an attacker to get malicious code to execute on remote computers We have only scratched on the surface, there are much more to learn and discover

16 Questions ? References Images Images http://www.microsoft.com http://www.symantec.com Softwares Softwares BinText – http://www.foundstone.com http://www.foundstone.com IDA Pro – http://www.datarescue.com http://www.datarescue.com UPX – http://upx.sourgeforce.net http://upx.sourgeforce.net

Download ppt "Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering."

Similar presentations

Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.

Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.
Beyond Anti-Virus by Dan Keller 1987- Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
Computer Viruses Preetha Annamalai Niranjan Potnis.

Computer Viruses Preetha Annamalai Niranjan Potnis.
Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.

Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

Similar presentations

Ads by Google