Malware Forensics

What it is:

Malware is software that is intentionally designed to disrupt, damage, or gain unauthorized access to a computer system. A considerable amount of computer intrusions involve some form of malicious software on the victim’s computer. Analyzing this software can return valuable information such as what actions it can carry out, how it got on the system, how it spreads, and how it returns data to the attacker. This can be crucial for triaging an incident to determine what, if any, information was lost and what actions need to be taken next to protect against further incidents.

Types of malware:

There are several different types of malware. Some are less dangerous but annoying while others can have long lasting devastating effects on a company. The types of malware include the following.

• Adware: Software that bombards the victim with advertisements.
• Spyware: Software that obtains sensitive information about a victim or exerts control over a device without their knowledge.
• Virus: Malicious software that inserts itself into other programs.
• Worm: Software that spreads by itself through network connections.
• Trojan: Malicious software that presents itself as another legitimate program.
• Backdoors: Software that opens a network connection on the victim’s device so the attacker can gain access later.
• Keyloggers: Software that records all the keystrokes an individual inputs into their device’s keyboard.
• Ransomware: Software that encrypts the user’s files on a system so the attacker can demand a ransom to unlock the user’s files. 

Potential Use Case:

Malware analysis can be beneficial both in terms of a company’s overall information security as well as in potential legal matters. For example:

A disgruntled employee is found to have installed malware onto a company computer to steal intellectual property. An experienced examiner could examine the malicious software to determine things such as who made it, what it did to the system, what information was stolen, how the information was stolen, where the information was sent, and who the information was sent to.

This would allow the company to link the breach to both the employee who installed the malware and who received the files.