Analyzing Malware

If you're interested in learning more about how law enforcement investigates computer-related crimes, you have a couple of choices -- watch more CIS on television (and rot your brain) or read the recently release CERT paper The Use of Malware Analysis in Support of Law Enforcement, by Nicholas Ianelli, Ross Kinder, and Christian Roylo (and improve your mind).

As the report points out, malware has become a tool of choice for intruder who want to steal information and other assets, or commandeer your systems for other illicit activities. As such, malware is defined as

software designed and/or deployed by adversaries with malicious intentions as a part of the tradecraft involved in accomplishing a mission. Commonly, the purpose of malware is to gain access to resources or information without the consent or knowledge of the end user. In many countries, including the United States, the actions performed by malware on behalf of an attacker are criminal in nature. Online adversaries use malware as a tool in much the same way that conventional adversaries use firearms, lock picks, and crowbars.

The paper goes on to note that there are different forms of malware, including "Worms," "Trojans," and "Bots", although the authors lump them altogether for the purposes of their research. And central to this research was their examination of malware source code and binaries.

All of all, this is a fascinating paper that (sort of) take you inside the minds of malicious intruders. Well worth reading.

Posted by Jon Erickson at 12:50 PM  Permalink