.

Malware Lab Question

<<

Superman859

Newbie
Newbie

Posts: 5

Joined: Wed Dec 15, 2010 5:57 pm

Post Thu Dec 30, 2010 2:15 pm

Malware Lab Question

I'm getting into analyzing Malware and am wondering what the standard is on setting up a malware lab for both behavioral and static analysis. 

Assuming I am analyzing malware targeted at Windows machines, I realize that behavioral analysis will be on a windows machine as well - running in a VM or secure environment.

What I wonder more about is static analysis.  In the past, I've been using linux distributions, as there is no worry about infections.  However, I'm starting to want to use tools more often that can only be found in Windows. 

Is it standard practice to set up a fully patched Windows box for static analysis of malware?  Would I simply tell an antivirus scanner to ignore my samples directory (otherwise it will definitely go crazy) and be sure not to execute any pieces in attempts they still work on the patched machine?  I suppose for extra caution it could be re-imaged after each analysis just in case, but that makes it more difficult to keep an updated repository of malware on the system, OS patches, etc.

I'm just curious to see what other people do or what is standard in the professional world.  As I said earlier, I've been using linux but am thinking about setting up a Windows box instead - it seems nearly every tool or script will run on Windows but only some on linux...
network+, security+
<<

JollyJokker

Post Tue Jan 18, 2011 4:31 am

Re: Malware Lab Question

I don't know what problems you may face if you use a Windows box. But I still can't understand why not use a VM? Apart from the isolated environment, I think that most of the time you will need the snapshot features for reverting and also saving state.
<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Tue Jan 18, 2011 6:13 am

Re: Malware Lab Question

Just remember, some malware will detect that it is in a VM environment and will not operate to avoid these malware labs, and some can even break out of the VM environment and attack the host system

~TheXero
Last edited by TheXero on Tue Jan 18, 2011 6:14 am, edited 1 time in total.

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software