W32/StormWorm.gen1 Network Analysis
This is actually my first analysis of malware so the paper I wrote up may not be as in depth as some may wish. I cover the two files that the variant creates on the windows system, and provide packet capture analysis. I plan on diving deeper into research with a few peers from Rochester Institute of Technology, including SPARSA (Security Practices and Research Student Association).
This paper briefly details the analysis of W32/StormWorm.gen1. Analysis includes the two files created by the variant and a look into the contents of those files. A quick overview of the network traffic generated by the worm is displayed and the data exchanged between the peers who are connected to the Overnet P2P network. Towards the end of the paper, extended research discusses the disassembly of the variant and where the process injection is found within the assembly code.
I will eventually post more analysis here once I can find the time.