Tuesday, January 12, 2010

Malware Analysis in the Incident Response Process followup

I just finished giving my webcast of Malware Analysis in the Incident Response Process at brighttalk.com. A few questions came in after the presentation ended so I'll answer them here and hopefully those who asked will see it.

You indicated it is inevitable to get malware. What is the best prevention…having dedicated PCs for missions critical functions (e.g. online banking)?

I honestly believe that the best way to prevent getting malware on systems is to run users with reduced privileges. I have seen first hand where restricting what activities a user can do on their system (install software, etc) will significantly decrease the amount of malware compromises you have.

Of course, there are other options as well. A good defense in depth strategy will make it more difficult for malware to compromise your systems. Using up-to-date AV on the desktop and your email systems, restricting Internet access and requiring all web-traffic to go through filtering proxy servers will help.

Are there any books you would recommend for beginners to learn malware analysis?

There are lots of great books out there that I would recommend to anyone who wants to learn malware analysis. The following are just a few of the ones I've read.

Malware Forensics by Aquilina, Casey and Malin
The Art of Computer Virus Research and Defense by Peter Szor
Malware: Fighting Malicious Code by Skoudis and Zeltser

There are others, but these are a good start.

Can you post a recent example of an analysis?

Unfortunately, I do not have one. However, I recommend checking out the results from the 2008 Malware Challenge for some analysis reports. I will also try to post something in the next few weeks.

Thanks to those who listened to the webcast. If you have any other questions, feel free to post them in the comments or send me an email!

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.