What are some infection vectors?
- Emails
- Drive-by Downloads
- Vulnerabilities in software/OS
How do you detect malware?
Using antivirus software that identifies and removes malware and also tries to stop users from getting infected in the first place.
What are virus dictioanries?
A large dictionary of signatures of known malware, used to compare with files - but what if malware is polymorphic and metamorphic?
What is a safe analysis environment?
It is to create a virtual machine and running the suspected program in the VM and then examined and monitored for malware-like behavior/changes (indicators of compromise).
What are the two Anti-VM techniques?
Checking for IO ports and determining Hypervisor brand using CPUID.
What is the preliminary analysis technique?
- Isolate
- Unpack
- Submit to VirusTotal
Why are malware becoming multi-staged?
Multi-staged malware is much harder to identify as they drop multiple files each time and have different payloads for different purposes.
