Skip navigation.
Home

Intro to Malware Analysis

|

Greetings All,

I am doing a term paper on malware analysis for a digital forensics course. I am relatively new to malware analysis and such have a billion questions.

I need to pick a 'specimen', if you will, for my malware analysis. Instinctively I picked the much publicized Conficker. After some preliminary research I've discovered it is VMWare and Sandbox aware. Which is the only way I can monitor process, registry, etc changes. Additionally I've heard the code is extremely obfuscated.

My question is which piece of malware could I use as a launching point? Something I can get my feet wet with and not be overwhelmed!

Some colleagues of mine have pointed me towards Koobface and Adobe related malware. Thoughts?

Thank you for your time.

....

Have you thought about downloading a bot and compiling the code yourself? This would allow you to compare the source code and define settings for yourself. It's much easier from a beginner stand point to analyze code when you have a high level idea of the code.

Here are some links on malware analysis that might be helpful:
http://delicious.com/arebc/paper