X hits on this document





107 / 120

To experiment with most of the types of malware listed here is dangerous. Therefore, if

one decides to try one's hand at analyzing real-life malware, using the machine code and

bytecode reversing techniques demonstrated in this paper, one should do so in a carefully

prepared environment. One should not install any malware on a computer that must

remain in operating condition. Worms and backdoors can be especially dangerous

because they can propagate to other systems on computer networks. Be aware that using

virtualization tools such as VMware to create secondary operating system images on

which to install malware can still result in the infection of the primary operating system,

especially if the VMware-hosted image has connectivity enabled.

The goal of this section is to help you become familiar with using software tools

to identify, monitor, report, and securely delete software that you suspect to be malicious.

Since it's not practical to ask that you install a virus, worm, backdoor, or rabbit on your

machine, we are left with the possibility of a guaranteed benign software Trojan. It's

important to note here that malware usually isn't of just one type; for example, 3 of the

top 10 malicious codes families reported in 2008 were Trojans with a backdoor

component [45]. It turns that focusing on software Trojans is appropriate because as

Symantec's 2009 Global Internet Security Threat Report [45] states, “Trojans made up 68

percent of the volume of the top 50 malicious code samples reported in 2008”, and “Five

of the top 10 staged downloaders in 2008 were Trojans.”

For the vast majority of us, the story of the Trojan horse from antiquity is quite

familiar. Essentially, the Greeks, in a 10-year siege against the city of Troy, devised a


Document info
Document views538
Page views539
Page last viewedMon Jan 23 08:57:56 UTC 2017