Sup NERDS, This will gonna be my first article on AXIAL Blog 🥰. Today I will discuss malware will give u a gentle introduction to malware analysis in general. So What we will discuss in this article is:
Well I think u know what a malware is but let me give a like a short scientific definition. so a malware is short for “Malicious Software”. which means that its any software that causes harm to your PC like Stealing data, encrypting your files or maybe make your pc totally unusable.
So I Begin with this because its very poupler so Ransomware is basically a malware that gets into your pc and encrypts. but lets differentiate there are really two types of ransomware first is the crypto and second is the locker. the first encrypts your files and ask for money to decrypt the data, the second not encrypt your data but rather it just locks u from your pc what this means ? it means that u won’t have access to your pc.
These are types of malware that shows u that its a legitimate software. like it maybe in a game, a commercial software like pirated software most of them are trojans u think that u are installing the game and literally u are just installing the malware. also they may come in phishing emails. there are also special types of trojans like banking trojans these are used to steal banking accounts and credentials.
These are malwares used to steal user information like accounts, files u opened, logging your keystrokes (Keyloggers), browser history etc..
Backdoors are also considered trojans they are software that bypasses security authentication and takes root access. u may heard of RATs Remote Access Trojans and u can say that they are synonyms for Backdoors.
These are malwares that have the capability of exploiting your network and it infects other devices on your network. example is Stuxnet.
First there is a quite difference between Downloaders and Droppers. Downloaders are used to download other malwares from the internet examples are Bazarloader and Droppers doesn’t need a internet connection it may drop the malware from the resource section. the resource section is a section in any program like notepad.exe for example it contains the name of the program name, version, the icon and so on a dropper may be the malware in the resource section.
U may heard about Bitcoin right ? actually mining for bitcoin needs a powerful pc features. Crypto miners are malwares that its goal is to mine for bitcoin on your pc. this literally makes ur pc unusable because it will take all ur pc power.
These are malwares that self replicates and infects ur files and your programs it will work only when u open the program it infected so it requires user interaction to run.
Rootkits are advanced type of malware that takes root access over your pc there are many types of them like user mode rootkits, kernel mode rootkits, hypervisor rootkits. don’t mind if u don’t understand the difference between user vs kernel or what hypervisor means. just take it and u I will write an article on these stuff. Bookits are type of malware that infects ur boot sector this sector in the harddisk includes the bootloader this is a software that will load ur operating system. example is memz trojan take a look here :) MEMZ
Are malwares that are used to throw ads or advertisements on your browser and they typically run in the browser they are used to spy on the user and collect your data.
Botnets or bots are series of infected computers with a malware these bots are also called “Zombies”. They bots are controlled by the attacker and then they can be used to make DDos Attacks or sends spams and phishing emails. example is Mirai Botnet and Zeus.
So Enough from that if u want to read more on that check this article its very nice 11 Types of Malwares
So The Idea of Malware goes back to 1966 by a Hungarian scientist named “John von Neumann” in his paper Theory of self-reproducing automata. He discussed the idea of self-replicating machine which is a machine capable of making copies of its self. well he really didn’t explain the concept of “Virus” but actually this idea is very similar because viruses are capable of replicating them self’s into other programs and files as we discussed. And then later in 1971 a Scientist called “Bob Thomas” made a virus as an experiment called “Creeper” it was a self replicating virus infecting computers running TENEX and goes through the systems through the ARPANET Creeper Showed a message “I’m the creeper: catch me if you can” Creeper didn’t make any damage and it was just a experiment. for me the the game changer for the world of malware was Stuxnet this was a malware developed by the Israel to attack Iran it was the first malware to infect SCADA systems. Scada systems are short for “Supervisory control and data acquisition” they are set of hardware and software that makes u control the industrial systems like nuclear system, Power systems, oil and gas etc… Stuxnet exploited a vulnerability in the Scada system of Iran it was for nuclear system. this is a big damage if a nuclear system may make a global damage. Stuxnet exploited 4 windows vulnerabilities and it exploited Siemens Step7 Siemens is a company that develops Scada systems. if u want to know more about Stuxnet see this awesome video :D STUXNET: The Virus that Almost Started WW3
So Malware Analysis is Art and Science of dissecting malware. we need to know the functionalities of the malware in order to be able to defend against it. its logic lets take from a real life example corona virus for example this virus that made owr world a total disaster 😔. logically u can’t develop a cure for corona without studying it in depth. the same in malware analysis we need to understand how the malware works ? who is behind it ? how to defend against it ?. these are the main 3 questions.
There are 2 main types of malware analysis Static Malware and Dynamic Malware Analysis. Static Malware Analysis is Just Reading the Malware Code u may say bruhh this is madness my answer is yes it is 😅 but its really fun and gives u a deep understanding of what the malware is doing at this stage u will be reading mostly assembly code instead if u are very reach and bought IDA Pro or simply a open source software like Ghidra developed by the NSA this software is called Disassemblers. the second type is is dynamic malware analysis is running the malware and monitor its behavior see what it does. does its drops another malware ? does it connects to websites or ip address ? does it encrypts the files ? and so on.
There are many resources to study malware analysis and reverse engineering but here is my opinion u may start learning C First to get a gentle introduction to programming and then go and learn Assembly. resources u may find useful are
For Malware Analysis and Reverse Engineering first book u must read is Practical Malware Analysis this book is the best in this field other books are Learning Malware Analysis and Mastering Malware Analysis
Here is a list of movies related to cybersecurity and technology in general u may find interesting :)
. Mr. Robot
. The Internet Own Boy
So that’s it hope u enjoy and thanks for AXIAL for building this community I will inshallah make more articles like this and tell me what topic u want ? related to malware only this is my interest :).
Blog by: astrovax [@astrovax_]