Detecting Malware through Static and Dynamic Techniques
Malware analysis involves two key techniques: static analysis and dynamic analysis.
Static analysis examines malware without actually running it. Dynamic analysis (also known as behavior analysis) executes malware in a controlled and monitored environment to observe its behavior.
Each of these techniques includes elements which are further categorized as basic or advanced. Although there are benefits for conducting static and dynamic analysis as separate tasks, an analyst can realize the value provided by conducting both techniques when reverse engineering complex malware.
Performing static and dynamic analysis together helps identify the... read more >
No Room at the Inn for these Phishing Attempts
Ahh...the holidays are upon us once again.
Time to drag out your moose-shaped eggnog mugs, that really do exist and ugly Christmas sweaters. Or if you prefer, your little pink bunny outfit that Aunt Clara made for you. Whatever you’re most comfortable in while roasting chestnuts on an open fire.
As many are aware, the holidays are a crazy, busy time of year. Just because you have to help coordinate four different Christmas celebrations in three different time zones during two weeks, it doesn’t mean you can let your guard down when it comes to phishing and spear phishing attempts. If anything, you need to be more vigilant, especially as people clutter their... read more >
We always hear about passwords. They are weak. And, when they are not weak, there is another website compromise that results in the exposure of millions of accounts, like from CyberVor or the more recent exposure of Gmail accounts.
Do you think passwords are still important? Do you worry about your passwords?
We’ve been kicking around computer and information security for a while now. Why don’t we have a better answer?
You are not surprised that an analysis of compromised passwords shows the most commonly used passwords are old stalwarts like “123456” and “password," right?
Or are you surprised that surveys say 70-80% of passwords being used online are classified as “weak," which often means a password that is less than eight lower-case characters or are simple... read more >
Analyzing Anomalous Data Structures
Malware authors are known for developing clever, interesting and sometimes dastardly ways to move, hide and distribute their wares to the masses.
They often work tirelessly to stay ahead of security analysts by playing on doubts, limitations and red tape. Some authors use trivial encryptions or encoding schemes like base64 while others use high-grade encryption or perform small modifications to a file to avoid detection.
If that does not work, the attacker can hide content in, or append content to image files or files made to look like images, but structurally they are another file type entirely. From a forensic standpoint, some of these files do not have a known structure and can be extremely difficult to identify and categorize, therefore they fall into the anomalous category.
In my thought process, anomalous data is that binary file that does not have an identified file structure.... read more >
Security Tactics for the Holidays and Beyond
This holiday season is here, and scammers and spear phishermen are on the hunt. Fake package delivery emails, order confirmations and similar tactics are on their way, if they’re not already in play.
Using the holiday shopping advice from Santa Kraus and a hefty helping of awareness and tact, we can make it through this holiday season unscathed.
Spear phishing, a more targeted form of phishing, narrows the target audience from a large scale (anyone with a valid e-mail address) to individuals or a smaller group of confirmed or likely targets. The goal with both phishing and spear phishing is generally some form of criminal gain. Motives range from financial exploitation to character defamation and even just a bit of fun.
Information used to exploit comes from a wide variety of sources including... read more >
On Monday, December 1, the FBI sent an alert to U.S. businesses, warning those businesses of an attack using particularly malicious software against a U.S. based business. According to sources, the FBI alert does not mention any company by name, but most people believe the warning appears to describe the same software used in a recent high profile attack.
The FBI stated that the malware can crash networks and erase hard drives. A Reuters article about the report states, “The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods.”
The FBI Liason Alert System (FLASH) ... read more >
Credit Card Safety - NOT Just For The Holidays
We are all shopping this holiday season, right? We flooded stores on Black Friday, and today is Cyber Monday, one of the busiest online shopping days of the year. We really give those credit cards a workout during the holidays.
But with all the news in the past year about data breaches and credit card compromises, are you worried about your credit cards? I am. As a matter of fact, four of my credit cards have been replaced in the past three months.
There are limited things you can do to stop your credit card from being stolen in a big breach. If you use your card, it is at risk. 60 Minutes recently had a feature story that talked about retailer breaches.
But, if you... read more >