TrainACE - IT and Cybersecurity Training Blog

What is Malware Analysis?

[fa icon="calendar"] Dec 4, 2012 9:23:03 AM / by Ryan Corey

Nearly every security breach in a company’s online network is caused by some form of malicious computer program. These programs are generally referred to as malware, but they exist in several distinct categories, including viruses, worms and Trojan horses. Being able to identify when and how malware is affecting a computer system takes specialized training, but this knowledge increases the value of any IT security technician or manager who possesses it. These individuals are capable of assessing the scope and severity of a malware infection, which leads to efficient and detailed planning of the steps required to eliminate the malware and recover any lost data or system resources.

Understanding Malware
Many people lump all malware into a single category, which they label as viruses. However, viruses are only one type of malicious software that can negatively impact computer systems and make data accessible to unauthorized users. All malware consists of computer code that is designed to disrupt the normal operation of a computer system or gather data without having to go through the proper channels or clearances.

Malware is classified according to several parameters, including how it installs on a system, how it affects a system and how it spreads to other systems. Following are the most common types of malware:

• Viruses – Viruses were the first types of malware to be created. They are self-replicating programs that insert themselves into existing system files.
• Worms – Worms are similar to viruses except that they are self-sustaining and can copy themselves to various locations at various times to avoid detection.
• Trojan horses – Trojan horses appear to be useful programs but contain malicious code that is activated when the primary files are opened or installed.
• Spyware – Spyware gathers information on the behavior of a computer system and its users. The information is then sent to a remote server.

Types of Malware Analysis to the Rescue
When a system begins to act erratically, the problems can often be traced back to malware. Determining the type of malware affecting a system, its origin and its current location are all important steps in successful malware analysis, but the processes required for a complete analysis can be much more extensive.

Static analysis is one common type of malware analysis. This is characterized by studying malware in a closed environment without actually executing it. Static analysis is not always useful once a system becomes affected, but it can be used to help prevent future infections. When malware is reverse engineered, an analyst can determine exactly how it infects a system and what it does to a system. Security measures can then be developed for future protection.

Another type of malware analysis is dynamic analysis. This is the study of malware as it is executed or as it is operates. After a system is infected, this type of analysis is used to determine the type of malware and its effects on the system. The analyst often begins by monitoring system processes and network communications. Software tools are also used to aid in the diagnostics.

Conclusion
Malware analysis is a vital skill for IT security personnel. Learning this skill increases a technician’s value and helps a business continue to operate smoothly in the face of disaster. As computer systems continue to grow more complex, the demand for malware analysts is expected to increase.

Get Info on Our Malware Analysis Training

Topics: Cisco, Cybersecurity, Information Assurance, Malware

Ryan Corey

Written by Ryan Corey

Need IT Certifications?
Want more info?

Call (301) 220-2802

Speak with a Program Manager