Using Malware for Recon Work

Friday, May 4, 2012 @ 05:05 PM gHale


Look at advantages instead of the problem: That is exactly what some companies are now doing when malware infiltrates their system.

They are looking at malware as a source of intelligence to learn more about the threats they face. The goal is for security teams to find out more about the compromise, and keep apprised of the latest attacker techniques.

RELATED STORIES
Russian Cybercrime Consolidates, Grows
Spammers: It Just Keeps Working
Rogue AV Lets Victims do Dirty Work
Fake Google Antivirus Circulates

“Companies ask these questions because they want to know how it got in their network, if it did, but they also want to know if they have to worry about the malware or can they just wipe the system,” said Lenny Zeltser, an information-security professional who teaches courses on malware analysis for the SANS Institute.

One quick way to learn about the dreaded malware is to work with service providers that offer malware analysis in the cloud. When a firm encounters a suspected piece of malware, they can upload it to a managed or cloud service and get an automated report detailing the program’s behavior.

In some cases, companies want to analyze large volumes of malware. Most firms don’t have the infrastructure or the expertise to handle the load, according to Dean Debeer, chief technology officer of ThreatGRID, a firm that specializes in malware analysis and intelligence.

Companies can plug the results of the analysis directly into other security systems to better inform defenses, Debeer said.

Malware-analysis-as-a-service is not for everyone; companies with sensitive data will likely not want to export the information outside their firewall.

Whether they build or buy the capability to analyze malware, this is one more way for companies to find ways to stay one step ahead of the bad guys and better understand the attackers that have targeted their networks.



Leave a Reply

You must be logged in to post a comment.