Building your OWN Malware Lab (Part 1)

Malicious software pieces like viruses, worms and bots are currently one of the largest threats to the security of the Internet. Antivirus Labs have invested great Money for analyzing and reversing viruses, but for our case we can perform the analysis using some useful tools on our PC.

Let’s start with www.virustotal.com , if I feel that I have a suspicious file. First what I will do is to upload it to VirusTotal. VirusTotal gives the user the ability to analyze any file with more than 40 Antivirus products. With the latest signature definition, this brings a clear idea not only if your file is safe but also to know which AV is effective. The file can be uploaded directly from the site using SSL or sent over the email. You can also download the uploader to your PC and install it which enables you to directly send files from your system using the context menu.


Today it is very important for reversing malware to know virus behavior. User should run the program and detect the changes in the system but this can harm the main system. for this we need Sandboxie. Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. After installing Sandboxie you will have a big choice of tools for detecting and monitoring the changes on the system. you can use Process Monitor from sysinternal, API Monitor or free analyzing tools from iDEFENSE LABS.

CWSandbox is another very nice tool for performing malware analysis that fulfills the three design criteria of automation, effectiveness and correctness for the Win32 family of operating systems. CWSandbox allows tracing and monitoring all relevant system calls and generating an automated report that describes:

• which files the malware sample has created or modified,
• which changes the malware sample performed on the Windows registry,
• which dynamic link libraries (DLLs) were loaded before executing,
• which virtual memory areas were accessed,
• which processes were created, or which network connections were opened and what information was sent over such connections.

Malware can be so hard to remove, and sometimes the best approach to clean an infected machine is by restoring a clean copy of the operating system. Here we arrived to the end of this new series of Building your own malware Lab.

make sure you subscribe to my RSS feed!

Share
You can leave a response, or trackback from your own site.
  • Pingback: uberVU - social comments

  • Pingback: CoderW3X

  • Pingback: Andréz Lamouroux

  • Pingback: Security Tools Watch

  • Pingback: joe white

  • Pingback: Mourad Ben Lakhoua

  • Pingback: Barry Irwin

  • Pingback: HackThis

  • Pingback: Keith

  • http://www.security-wire.com/ Remove Spyware

    I agree with you. Now I'm using virustotal.

  • Profesik

    I needed to my school information how to bulid a malware, becouse that is a part of my exam. First i must bulid a malware, and next I must crash him.
    You maybe help me.

  • Pingback: Anonymous

  • Wajika

    I prefer the automatic analysis of malicious environment

  • license bonds

    I like your post and all you share with us is up to date and quite informative, i would like to bookmark the page so i can come here again to read you, as you have done a wonderful job.

  • E-devlet

    This is one of the best posts that I’ve ever seen; you may include some more ideas in the same theme. I’m still waiting for some interesting thoughts from your side in your next post.

  • Qwest4knowledge

    Not only is this post vague,simplistic and uninformative- but it so far has no use for ‘building’ anything. All it is, is a jumble of ‘I like this program’ listing, but yet no informative ways to actually use the programs in a description that matches the header of this post. I could get better results just doing a Google keyword search. Lesson- try keeping your post header descriptions and the info in the post the same,otherwise, you’re just a misleading,useless tool who likes to see himself posting and thinks he is a MENSA candidate. Good luck.

  • http://sectechno.com Mourad

    Hello,
    This comment reflects your own opinion on the other hand many people has found it useful and linked to this post on forums and other blogs to solve problems related to malwares. As we all know that malicious software is a great panic for the most proactive technologies.
    Tools mentioned are commonly used to process a sample of a highly detailed report with technical details match or exceed antivirus Lab.