Malicious Streams

Malware Analysis

Attributes of Malicious Files

Malware has become a common component to most modern intrusions. Confirming a system is infected or finding the attacker-­‐planted backdoor can be a daunting task. To compound the situation, attackers are taking steps to actively evade traditional detection mechanisms. The foundations laid in this paper begin to develop an alternate and supplementary approach for identifying malware through detecting anomalies in the low‐level attributes of malicious files. Over 2.5 million malicious samples were analyzed and compared with a control set of non-malicious files to develop the indicators presented.
Read More

Building A Malware Zoo

Today malware circulates in mass volume. New samples appear at a rate of thousands per day. In order to keep pace and manage this analysis demand two key needs emerge: automation and organization. This paper seeks to lay the foundation for a basic Malware Zoo that will provide a framework for both.
Read Paper

PDF Malware Overview

As far back as 2001 (Peachy Worm) we have seen cyber criminals utilize embedded malicious scripts and other dynamic PDF features to install malware and steal user credentials. While the goals and technical payloads of these PDFs have changed over the years, the pattern for creating a malicious PDF remains largely unchanged.

[Report posted as part of the SANS Malware FAQ: Read Report ]

Mac OS X Malware Analysis

As Apple's market share raises so will the Malware! Will incident responders be ready to address this rising threat? The intent of this paper is to begin building a basic Mac OS X malware analysis capabilities to deal with the potential of Mac Malware. Read Paper