Hi All,
I am trying to learn Malware Analysis on my own. I've read a lot of stuff that talks about setting up your lab using physical or virtual machines. Then it speaks about understanding what the Malware does by studying its behavior and finally reverse it.

I've set up a small lab with the help of Virtual Box and have installed all the tools necessary to understand file system as well as Network traffic and tested a couple of bits of malware out as well; I got these from the offensivecomputing site.

My question now is actually a very simple one(I think ) - Can any of you suggest 5 specific malware samples that I should work on to improve my understanding of the same? The reason I ask is that I am not sure whether the various pieces of malware that I am downloading are the right ones when I am still learning the skill.

All your inputs are appreciated.

Thanks
Arvind
p.s... I hope this is the right forum. Please move this if it is not.

Although you are a "newbie" to malware, the Malware Forum seems a better match for your question, so, taking your suggestion, I have moved the question here.

Regards,

Howdy,

I just got this one in an email:
http://www.pcworld.com/businesscenter/article/226745/cybercriminals_exploit_pdf_picture_filter_to_embed_malware.html

I have it saved on a flash drive if you want it.

Woodmann

That will be great Woodmann. Will you Email it to me or can I pull it down from some place? Thanks so much in advance.

An update though is that I have been working on a piece of malware called fb.166.exe downloaded from the site http://support.clean-mx.de/clean-mx/viruses.php . It seems to be a facebook worm of some sort.

Hopefully I'll get somewhere soon and put up a write up of some sort

Thnx
Arvind

Here ya go:


2461

malware warning.

Thanks a bunch Woodmann. I will check this out.

you may want to look for malware that fall under different categories as a way of learning how to identified them. For example, you may want to look for droppers, backdoors/trojans, rootkits, pdf/doc/jpeg embedded malware, VB malware, vmprotect, kernels/drivers, etc.

For started, check the binary auditor malware section. They have the idbs(ida pro files) of some malwares for analisys. So you will only be limited to do some static analisys.

Cool thanks. Is there a link for this section.. coz I couldn't find it.

I also have another question; in this initial stage where I'm just trying to get my environment exactly the way I want for dynamic analysis - is it necessary to focus on a specific type of malware like you suggested? Shouldn't just about any type of malware do for the 'behavioral analysis' part?

Maybe once I get comfortable and used to my environment I could do what you say to gain more clarity on how 'each type of malware' works.

For e.g This is the piece of malware I am analyzing now and it seems to have a lot of functionality in it.
URL - http://support.clean-mx.de/clean-mx/viruses.php
MD5 - 8c547549bea45c23e2eabf837a2d0f2a

Is that ok? Or do you advise something else?

Thnx
Arvind