Examining a piece of malware for strings (sequences of printable characters) can reveal a few clues about what the malware does, or what it is capable of doing. Most malware is packed or otherwise obfuscated these days, and this series of articles demonstrates one of the reasons why. Continue Reading
Archives
All posts by karl
A honeynet is a nifty way of collecting malware from the Internet, and consists of a network of one or more honeypots together with the supporting network infrastructure. This second part will describe how I set up the network infrastructure for my honeynet lab. Continue Reading
Ever wanted to try reverse engineering something a tad different? Granted, you’re probably not likely to run across anything like this in the wild, but this challenge will hopefully cause some musing to stimulate the brain cells.
Basically, your challenge is to figure out what the challenge file does (without running it). It is not malicious. It is something that I created some years ago now just to see if it was possible, even though it is of little practical use — I do that sometimes… Continue Reading
I have just been reading ‘Facebook friend added a new photo of you? Beware spammed-out malware attack‘ by SophosLabs which involves an email being sent to victims suggesting that a friend has tagged them in a photo. Continue Reading
A honeynet is a nifty way of collecting malware from the Internet, and consists of a network of one or more honeypots together with the supporting network infrastructure. If this sounds like something that you’ve been dying to do, or you are simply interested in what I’m using to capture malware samples, then grab yourself a cuppa (after last night, I’d suggest something other than two cups of Chai Vanilla tea if you are planning on getting some sleep anytime soon) and let’s begin. Continue Reading
I am a believer of the ‘just because you can do something, doesn’t necessarily mean that you should‘ mentality, and I was reminded of this again this morning when I read ‘Malware Analysis as a function of intelligence and counterintelligence operations.‘.
As I start my first blog, I am grappling with the matter of what to blog about, what not to blog about, what to do, and what not to do; lest my actions potentially say more than I wanted to say. The idea that your actions (or sometimes inaction) can say more than you wish to say, isn’t new to me and is, in fact, something which I would like to blog about later — software/devices (and people for that matter) often leak information which, while not explicitly disclosing information, can sometimes allow for (potentially undesirable) inferences. Passive operating system fingerprinting is an example of this. Continue Reading
Welcome to Malware Musings.
I’m your host, Karl, and this is my blog for sharing thoughts and ideas about malware analysis, reverse engineering, and some of the things that malware gets up to when it thinks we’re not looking.
Thinking about reverse engineering malware and malware analysis can be a tad daunting. After all, it is a bit like finding a list of instructions such as:
- Keep taking a step forward until you get to the end of the path
- Turn left
- Take fifty steps forward
- Turn right
- etc.
and working out that it is actually a list of instructions for popping down to the shop for some milk. Continue Reading