Tag Archive: malware


SecuraBit podcast review

I’ve been meaning to review the SecuraBit podcast for a long time but the most recent episode(Episode 67: We’re all gonna get HAX!) pushed me to do it.  Their format is fairly informal and that has sometimes led to what they refer to as a “SecuraBeer” episode where everyone talks over each other and the topics drift into the gutter but SecuraBit has been REALLY stepping up their game lately and delivering some excellent content.  I would said pretty much everything in 2010 has been great.  They focus on malware forensics, reversing and several other topics along those lines.  I’m glad that I stuck it out with them and kept listening because an earlier review would have been unfair.

That being said, EVERYONE needs to listen to episode 67.  Everyone who uses a computer at all for anything at home, at work, or wherever should hear what there guest, Roger Grimes, has to say about antivirus software, patching, embedded systems and all of the fortune 10,50, 100 & 500 companies of the world.  The message is fairly grim but it boils down to antivirus NOT being a magic bullet.  Roger also mentions how fake antivirus is the number one source of infection that he encounters.  He goes on further to talk about Mac OS X and people’s blind ignorance when it comes to OS X security. He refers to Charlie Miller winning the “Pwn to Own” contest at CanSecWest:

Roger takes a minute towards the end to plug his own favorite operating system, OpenBSD.  Even if you don’t understand some of the things Roger is talking about at the start of the interview, stick it out.  He starts speaking in very plain English towards the middle and the message is something that everyone needs to hear and anyone should understand.

I’m looking forward to many more well-picked interviews on SecuraBit.  It seems that they have finally found their niche.

I was listening to the ISD Security Podcast episode 168 the other day and heard this great interview with Paul Royal researched and helped shut down the original Kraken botnet in 2008. While the whole interview was excellent, one part at the end stood out as something that should be documented. Rick asked Paul how someone could get started in malware analysis if they are interested. The following is my paraphrased version of Paul’s response:

Check out the following sites to obtain malware samples:

Malfease – which is a public malware repository hosted by Georgia Tech. You don’t have to be a student at Georgia Tech to use this service. From the FAQ: “Q) What is the purpose of Malfease? A) Malfease is designed to automate many of the tasks associated with new malware collection. With thousands of new samples created each week, automation can help reduce the burden on researchers and industry analysts.”

Malware Domain List – is a site where volunteers document different malicious domains found on legitimate compromised sites, etc and has links to download some of the malware. There are several very interesting links right on the front page of the MDL that anyone interested in malware analysis, prevention and incident response should check out.

With the above links you can purposely download malware and allow it to exploit your virtual machine or other sandboxed environment running known vulnerable, unpatched software or software vulnerable to zero day threats. Once this has been done, you can study it at various different levels:

  • At a basic level, study the network traffic patterns with a tool such as Wireshark.
  • Next you could run it with a live binary analysis tool such as OllyDbg
  • You can also do a static analysis with a debugger/disassembler such as IDA Pro.

When you are ready to move beyond those initial methods, install Linux on a system that supports hardware virtualization extensions. Then you can delve into tools such Ether in conjunction with the Xen virtualization platform. This will allow you to play around with much more sophisticated malware and figure out how it operates.

Continue experimenting and piece by piece you will start to understand how the “modern threat landscape” works.

Powered by WordPress. Theme: Motion by 85ideas.