Re: Analize Virus

[lists73 () skilltube com]

Hi,

Some people recommeded VMWare. While being a great product in general,
you might run into problems when using it for malware analysis.
Malware these days, at least the sophisticated ones, detect that they
are running inside a virtual machine. Your results are
therefore not what you migh expect. We use Core Restore instead.

http://www.coreprotect.com/core_restore.html

It might be cool to see what files are created,changed or deleted, but
it does not give you a real clue what the malware does. Take the
banking trojans as an example. Most of them trigger only when the
victim types in the correct URL of the targeted bank. You need not
only file/registry tools, you should combine that with WiresShark for
network traffic analysis, Paros to see what is going on on the web
application part, OllyDbg to analyze the malware sample more deeply
etc. etc.

Hope that helps

SkillTube Team




Quoting Rafa Richart <Rafa () ontinet com>:

> Hi Pals,
>
> we're looking for some tools to analize the Malware behaivor, we've   
>  a Lab under contrucción, but we need some advices of what tools    
> we've to use. tools to see what have benn changin the registry, stat  
>   conexions etc...
>
> Any help is wellcome.
>
> Thanks in advance
>
> Rafa
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------