Monday, February 4, 2013

On Friday I went to my internship. I learned that there are two types of analysis. Static and Dynamic. In static analysis we do not run the malware. We look at the strings, the dlls, the imports, exports, and functions. If the malware is packed this can be a difficult tactic to use, because most of the code is hidden from our view. There are ways to unpack malware, but I have not gotten that far in the lesson. Dynamic analysis is when you run the malware and see what it does and how it affects the machine. It is important that you do dynamic analysis in a virtual machine, so you do not harm your computer or spread the malware. In class we also "cracked" the game solitaire. We changed the program so that are any valid move, you would win the game. This was one of my favorite parts of class this week. It was fun.

5 comments:

  1. Lauren, it was great to learn more about running malware on a virtual machine from you. I hope you will get a chance of doing so soon, so that the malware won't affect other computers.

    ReplyDelete
  2. I find it fascinating that you can run viruses on your machine in a virtual mode. Seems like a useful but risky practice!

    As I noted before, please add some context to your posts, so that we can follow along with the general nature of your work on each day.

    ReplyDelete
  3. Hi Lauren, it was really interesting to hear about what you look for when you run a malware. The idea that a single virus can infect all the computers and steal all the files in a company is terrifying, so the fact that you are studying this is really good.

    ReplyDelete