Malicious software, or malware, plays a part in most computer intrusion and security incidents. Any software that does something that causes harm to a user, computer, or network can be considered malware, including viruses, trojan horses, worms, rootkits, scareware, and spyware. While the various malware incarnations do all sorts of different things, as malware analysts, we have a core set of tools and techniques at our disposal for analyzing malware.
Malware analysis is the art of dissecting malware to understand how it works, how to identify it, and how to defeat or eliminate it. And you don’t need to be an uber-hacker to perform malware analysis.
Describe types of malware, including rootkits, Trojans, and viruses.
Perform basic static analysis with sysinternals
Perform basic dynamic analysis with a debugging
Perform advanced static analysis with IDA Pro
Explain malware behavior, including launching, encoding, and network signatures
Recognize common packers and how to unpack them
Researchers, defense and law authorities
System, media, information security personnel