how to test for malware

Discussion in 'other anti-malware software' started by starflame, Jul 30, 2009.

Thread Status:
Not open for further replies.
  1. starflame

    starflame Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    20
    I have just been reading the article on UltraSurf and I'm amazed at how long this malware has gone unnoticed for such a long time. This got me thinking about other applications and 0day malware.

    I want to give a hypothetical example here. Here I am surfing away on the internet and come across a high-tech photo editing suite for free. Being curious I Google it to see what others have said about the application, only to find there is little knowledge or good reviews. I go ahead and download the application. I check the application against my AV scanner
    and VirusTotal, both return clean so I continue to install the
    application. Once installed, as promised, a photo editing suite appears. However is it really just a photo editing suite? No, the application is smart enough to initially bypass AV / BB/ Firewalls / HIPS, even hide itself from windows completely. Yet its sat there in the background logging keys, stealing cookies/sessions/password/documents, etc.

    How do you test against something like this?
    What level would you go down to in testing something like this?
     
    starflame, Jul 30, 2009
    #1
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Well given that the BB or HIPS would have alerted you to what's going on yet you installed anyway,I'm afraid to say that nothing will prevent malware from getting onto a system if the user positively insists on installing it.
     
    andyman35, Jul 30, 2009
    #2
  3. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    First make sure the Installer Digitally Signed!


    HKEY1952
     
    HKEY1952, Jul 31, 2009
    #3
  4. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Here are four tools:

    01)- Run the Microsoft Malicious Software Removal Tool
    http://www.microsoft.com/security/malwareremove/default.aspx

    02)- Use AntiHookExec with traditional system-analysis tools such as Trend Micro HijackThis, and Microsoft Autoruns, and Process Explorer
    http://www.security.org.sg/code/antihookexec.html

    02/a)- Trend Micro HijackThis
    http://free.antivirus.com/hijackthis/index.html

    02/b)- Microsoft Sysinternals
    http://www.microsoft.com/technet/sysinternals/default.mspx

    03)- Use Rootkitty to perform an inside-the-box and outside-the-box cross-difference file comparison scan
    http://www.ubcd4win.com/forum/index.php?showforum=48
    http://www.ubcd4win.com/forum/index.php?showtopic=2424&hl=Rootkitty

    04)- Use GMER Anti-Rootkit application
    http://www.gmer.net/


    HKEY1952
     
    Last edited: Jul 31, 2009
    HKEY1952, Jul 31, 2009
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...