Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to hunt for virus and malware the pro way


  • Please log in to reply
2 replies to this topic

#1 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 20 December 2016 - 02:59 PM

Found a good vid on the topic, all things i all ready knew about but it was still a good watch and i was like why not ill share.

Anyone out their besides me that douse this kind of thing too ?

 

I did years with no anti-virus of any kind in win 3.X win95~win98 so the only way you could know and find out if you were infected was to use the force if and when anti-virus software couldn't find anything.

 

https://www.youtube.com/watch?v=Wuy_Pm3KaV8



BC AdBot (Login to Remove)

 


#2 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 PM

Posted 21 December 2016 - 02:40 AM

Hi shadow_647.

 

This is a very good video about Sysinternals Tools. In fact, when I watched it months ago, I learned some new things about these tool's capabilities.

However, I think the title of the video is a misnomer. Hunting malware commonly refers to finding new malicious samples (usually with a certain goal). Researchers are often looking for certain malware families or for samples of new malware families or new variants of known families. What Mark Russinovich does is rather identifying if a system is infected, what files, entries and processes belong to that infection, and how to clean the system. Whilst you could also get new samples by chance from an infected system, it is not the best way to actually hunt for malware, because in most cases you won't get what you are looking for.

 

What we do for hunting is:

  • using large sample databases and YARA to search (e.g. on Virustotal)
  • honeypots
  • automatic analysis, e.g., reverse.it, malwr.com

Antivirus companies also have their own databases and automatic scanning procedures.

 

Best regards

Karsten



#3 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 21 December 2016 - 02:56 AM

Wouldn't mind setting up a honeypot computer my self just for fun, just to see what happens.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users