What is malware and malware analysis?

Malware

Malware is, by definition, any code that performs malicious, unknown or 'bad' action.
Malware is a short term for malicious software. Malware is basically a piece of software that does malicious activity. Malicious activity can be of many types such as stealing user's personal information (such as usernames, passwords, credit card information etc.) providing backdoor access to attacker, destroying files on the system, etc. anything that is designed to damage, disable or disrupt computer or computer systems.

Wikipedia
Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software.'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.

There are different categories of malware:

• Trojan
• Backdoor
• Rootkit
• Key-loggers
• Spyware
• Scareware

• Virus
• Worm
• Banker
• Bootkit
• Hoax
• Adware

It can come in various shapes and sizes (executable's compiled by different compilers and come packed/compressed/krypted) it can also come in different file types such as HTML, JavaScript, PDF, batch file and many other types. And it can infect system using numerous ways.

Malware can also be divided by its targeting strategy:

• Mass malware
• Targeted malware

Mass malware is very common and less sophisticated and easy to detect but later can be very advanced and customized specifically for the target and like one of a kind malware. so its not not widespread and its very challenging and nearly impossible to protect against it.

Malware Analysis

Malware analysis us the process of studying the behavior of a malware using different techniques and tools.
It's more of a art than a technique.
Various tools and techniques are used for malware analysis. We will cover all starting from basic malware analysis of simple malware using basic techniques and tools to advanced malware analysis.
Malware analysis can be broadly categorized into to categories:

• Static analysis
• Dynamic analysis

And these can further be categorized into basic and advanced categories.

Purpose of Malware Analysis

The purpose of malware analysis can be to identify source of attack, to understand capabilities of malware and measure the damage that is caused or might have caused by malware, for incidence response and create effective detection or network signature for malware.

There is no single reason for malware analysis it can be for fun or learning. It can be to understand malware to thwart future attacks or to understand the motives of attacker.

Malware Analysis is very interesting and challenging field.

I will explain each malware type and malware analysts technique in subsequent posts. We will analyze each malware type one by one. We will also study their infection mechanisms and how to protect from them. Stay tuned...