Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Malware Analysis Techniques
Дальше: General Rules for Malware Analysis

When performing malware analysis, you will find that you can often speed up your analysis by making educated guesses about what the malware is trying to do and then confirming those hypotheses. Of course, you’ll be able to make better guesses if you know the kinds of things that malware usually does. To that end, here are the categories that most malware falls into:

Malware often spans multiple categories. For example, a program might have a keylogger that collects passwords and a worm component that sends spam. Don’t get too caught up in classifying malware according to its functionality.

Malware can also be classified based on whether the attacker’s objective is mass or targeted. Mass malware, such as scareware, takes the shotgun approach and is designed to affect as many machines as possible. Of the two objectives, it’s the most common, and is usually the less sophisticated and easier to detect and defend against because security software targets it.

Targeted malware, like a one-of-a-kind backdoor, is tailored to a specific organization. Targeted malware is a bigger threat to networks than mass malware, because it is not widespread and your security products probably won’t protect you from it. Without a detailed analysis of targeted malware, it is nearly impossible to protect your network against that malware and to remove infections. Targeted malware is usually very sophisticated, and your analysis will often require the advanced analysis skills covered in this book.

Назад: Malware Analysis Techniques
Дальше: General Rules for Malware Analysis

sss
sss