Scribd Logo
Upload

Welcome to Scribd!

  • Malware Bsit 3 B

    Uploaded by

    Noze Stwomfight
    3 views7 pages
    The document discusses malware analysis and the types of data collected and statistical tests performed. Data collection includes malware samples, static analysis of malware code/structure, and dynamic analysis of malware behavior during execution. Common statistical tests are frequency analysis to identify common malware behaviors, clustering/classification to categorize malware samples, and correlation analysis to identify relationships between malware attributes. Understanding malware through data and statistics is important for cybersecurity.

    Original Description:

    Malware is a malicious code that will penetrate your personal computer or personal information

    Original Title

    MALWARE-BSIT-3-B (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses malware analysis and the types of data collected and statistical tests performed. Data collection includes malware samples, static analysis of malware code/structure, and dynamic analysis of malware behavior during execution. Common statistical tests are frequency analysis to identify common malware behaviors, clustering/classification to categorize malware samples, and correlation analysis to identify relationships between malware attributes. Understanding malware through data and statistics is important for cybersecurity.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    3 views7 pages

    Malware Bsit 3 B

    Uploaded by

    Noze Stwomfight
    The document discusses malware analysis and the types of data collected and statistical tests performed. Data collection includes malware samples, static analysis of malware code/structure, and dynamic analysis of malware behavior during execution. Common statistical tests are frequency analysis to identify common malware behaviors, clustering/classification to categorize malware samples, and correlation analysis to identify relationships between malware attributes. Understanding malware through data and statistics is important for cybersecurity.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 7

    PSIT 03-IT SECURITY AND MANAGEMENT

    MALWARE

    MEMBERS:
    BAYBAYANON, JOECALOU 3-B
    KIM KARLO SALIMBAGAT 3-B
    RAMAN, JOHN PHILIP 3-B
    LANGGA, JOHN ERVING 3-B
    Republic of the Philippines
    Central Philippines State University
    San Carlos Campus
    Sitio Mabuni, Brgy. Guadalupe, San Carlos City, Negros Occidental
    Website: www.cpsu.edu.ph
    E-mail add: cpsu_main@cpsu.edu.ph/ cpsu.sancarlos@cpsu.edu.ph
    Contact No.: 09173015565 (Mobile); (034) 702-9903 (Landline)

    COLLEGE OF COMPUTER STUDIES

    Chapter I
    Introduction

    In the digital age, cybersecurity is a paramount concern, and at the heart of this
    field lies the concept of malware. Malware, a portmanteau of "malicious software,"
    refers to any software intentionally designed to cause damage to a computer, server,
    client, network, or electronic device. As an ever-evolving threat. In, understanding
    malware is critical for both individuals and organizations to safeguard their digital
    assets.

    Malware has evolved significantly since its inception. Early forms of malware
    were primarily created for experimentation or pranks, but with the growth of the
    internet and digital reliance, it has developed into a tool for crime, espionage, and
    sabotage. Today, malware is a key component of cyber warfare, used by attackers to
    steal, destroy, or hold data for ransom.

    Understanding the different types of malware is crucial in identifying and


    mitigating threats: Virus: A self-replicating program that attaches itself to clean files
    and spreads throughout a computer system, corrupting files and disrupting operations.
    Worm: Similar to viruses, but capable of self-replication and independent spread
    without needing to attach to a host program. Trojan Horse: Disguised as legitimate
    software, Trojans deceive users into installing them. Once activated, they can steal,
    disrupt, or perform harmful actions. Ransomware: This type of malware encrypts the
    user's data and demands a ransom for the decryption key, posing significant risks to
    individuals and organizations. Spyware: Software that secretly records information
    about a user’s activities and transmits it to external parties. Adware: Often bundled
    with free software, adware displays unwanted ads and can track user behavior for
    targeted advertising. The consequences of malware infections can be diverse, ranging
    from minor annoyances to severe financial and data losses.

    In extreme cases, critical infrastructure and national security can be


    compromised. Combatting malware requires a multi-faceted approach. This includes
    using antivirus and anti-malware software, maintaining firewalls, regularly updating
    systems, and educating users about safe computing practices. Understanding the
    landscape of digital threats is the first step in developing effective defense
    mechanisms.

    Malware remains a significant challenge in the realm of cybersecurity. Its


    ability to adapt and evolve necessitates a proactive and informed approach to digital
    defense. By understanding the various forms of malware and their potential impact,
    individuals and organizations can better prepare and protect themselves against these
    digital threats.
    h

    VISION MISSION GOAL


    CPSU as the leading CPSU is committed to produce competent To provide efficient, quality,
    technology-driven multi- graduates who can generate and extend technology-driven and gender-
    disciplinary University by leading technologies in multi-disciplinary sensitive products and services
    2030 areas beneficial to the community.
    Republic of the Philippines
    Central Philippines State University
    San Carlos Campus
    Sitio Mabuni, Brgy. Guadalupe, San Carlos City, Negros Occidental
    Website: www.cpsu.edu.ph
    E-mail add: cpsu_main@cpsu.edu.ph/ cpsu.sancarlos@cpsu.edu.ph
    Contact No.: 09173015565 (Mobile); (034) 702-9903 (Landline)

    COLLEGE OF COMPUTER STUDIES

    Chapter II
    Methods

    Step 1: To open, go to Applications → 01-Information Gathering → nmap or zenmap.

    Step 2: The next step is to detect the OS type/version of the target host. Based on the
    help indicated by NMAP, the parameter of OS type/version detection is variable “-O”.
    h

    VISION MISSION GOAL


    CPSU as the leading CPSU is committed to produce competent To provide efficient, quality,
    technology-driven multi- graduates who can generate and extend technology-driven and gender-
    disciplinary University by leading technologies in multi-disciplinary sensitive products and services
    2030 areas beneficial to the community.
    Republic of the Philippines
    Central Philippines State University
    San Carlos Campus
    Sitio Mabuni, Brgy. Guadalupe, San Carlos City, Negros Occidental
    Website: www.cpsu.edu.ph
    E-mail add: cpsu_main@cpsu.edu.ph/ cpsu.sancarlos@cpsu.edu.ph
    Contact No.: 09173015565 (Mobile); (034) 702-9903 (Landline)

    COLLEGE OF COMPUTER STUDIES

    Step 3: Next, open the TCP and UDP ports. To scan all the TCP ports based on
    NMAP, use the following command − nmap -p 1-65535 -T4 192.168.1.101 Where the
    parameter “–p” indicates all the TCP ports that have to be scanned. In this case, we
    are scanning all the ports and “-T4” is the speed of scanning at which NMAP has to
    run. Following are the results. In green are all the TCP open ports and in red are all
    the closed ports. However, NMAP does not show as the list is too long.

    VISION MISSION GOAL


    CPSU as the leading CPSU is committed to produce competent To provide efficient, quality,
    technology-driven multi- graduates who can generate and extend technology-driven and gender-
    disciplinary University by leading technologies in multi-disciplinary sensitive products and services
    2030 areas beneficial to the community.
    Republic of the Philippines
    Central Philippines State University
    San Carlos Campus
    Sitio Mabuni, Brgy. Guadalupe, San Carlos City, Negros Occidental
    Website: www.cpsu.edu.ph
    E-mail add: cpsu_main@cpsu.edu.ph/ cpsu.sancarlos@cpsu.edu.ph
    Contact No.: 09173015565 (Mobile); (034) 702-9903 (Landline)

    COLLEGE OF COMPUTER STUDIES

    Chapter III

    Result

    In the context of malware analysis and cybersecurity, data collection and


    statistical tests play crucial roles in understanding the behavior, characteristics, and
    impacts of malicious software. Here's a general overview of the data collected and
    statistical tests commonly performed in malware analysis activities:

    Data Collection: Sample Collection: Malware analysts collect samples of


    malicious software from various sources including honeypots, malware repositories,
    email attachments, and websites.

    Static Analysis Data: Static analysis involves examining the code and structure
    of malware without executing it. Data collected here includes file size, file type,
    header information, imports, exports, and strings present in the malware binary.

    Dynamic Analysis Data: Dynamic analysis involves executing malware in a


    controlled environment (such as a sandbox) to observe its behavior. Data collected
    includes system calls, network traffic, registry modifications, file system changes, API
    calls, and process interactions.

    Metadata: Information such as timestamps, file attributes, and digital signatures


    associated with malware samples are also collected for contextual analysis.

    Statistical Tests: Frequency Analysis: Statistical methods are applied to


    determine the frequency of certain actions or patterns within the malware samples.
    For instance, frequency analysis might reveal common API calls, network ports used,
    or file system operations conducted by malware.

    Clustering and Classification: Machine learning algorithms, including clustering


    and classification techniques such as k-means clustering or support vector machines
    (SVM), are applied to categorize malware samples into families or types based on
    their behavioral patterns or code similarities.

    Correlation Analysis: Statistical correlation analysis helps identify relationships


    between different variables extracted from malware samples. For example, correlating
    specific API calls with the malware's persistence mechanism can provide insights into
    its behavior.

    VISION MISSION GOAL


    CPSU as the leading CPSU is committed to produce competent To provide efficient, quality,
    technology-driven multi- graduates who can generate and extend technology-driven and gender-
    disciplinary University by leading technologies in multi-disciplinary sensitive products and services
    2030 areas beneficial to the community.
    Republic of the Philippines
    Central Philippines State University
    San Carlos Campus
    Sitio Mabuni, Brgy. Guadalupe, San Carlos City, Negros Occidental
    Website: www.cpsu.edu.ph
    E-mail add: cpsu_main@cpsu.edu.ph/ cpsu.sancarlos@cpsu.edu.ph
    Contact No.: 09173015565 (Mobile); (034) 702-9903 (Landline)

    COLLEGE OF COMPUTER STUDIES

    Entropy Analysis: Entropy analysis measures the randomness or disorder within


    data elements. In the context of malware, entropy analysis can help identify encrypted
    or obfuscated code segments within the binary.
    Statistical Significance Testing: Statistical significance tests like chi-square tests or t-
    tests are applied to determine whether observed differences or patterns in malware
    behavior are statistically significant or occurred by chance.

    Time Series Analysis: For malware campaigns or outbreaks, time series


    analysis techniques may be employed to identify patterns or trends in the spread of
    malware infections over time.

    Result Interpretation: The results of statistical tests and analyses in malware


    activity provide valuable insights into the characteristics, capabilities, and potential
    risks associated with different types of malware. These insights help inform
    cybersecurity professionals, researchers, and developers in developing effective
    defense mechanisms, identifying malware trends, and understanding evolving threats
    in the digital landscape.

    VISION MISSION GOAL


    CPSU as the leading CPSU is committed to produce competent To provide efficient, quality,
    technology-driven multi- graduates who can generate and extend technology-driven and gender-
    disciplinary University by leading technologies in multi-disciplinary sensitive products and services
    2030 areas beneficial to the community.
    Republic of the Philippines
    Central Philippines State University
    San Carlos Campus
    Sitio Mabuni, Brgy. Guadalupe, San Carlos City, Negros Occidental
    Website: www.cpsu.edu.ph
    E-mail add: cpsu_main@cpsu.edu.ph/ cpsu.sancarlos@cpsu.edu.ph
    Contact No.: 09173015565 (Mobile); (034) 702-9903 (Landline)

    COLLEGE OF COMPUTER STUDIES

    VISION MISSION GOAL


    CPSU as the leading CPSU is committed to produce competent To provide efficient, quality,
    technology-driven multi- graduates who can generate and extend technology-driven and gender-
    disciplinary University by leading technologies in multi-disciplinary sensitive products and services
    2030 areas beneficial to the community.

    You might also like