Analysis for Virus attack

Posted on 2014-08-29
Last Modified: 2014-09-04
If virus attack a system. what best tools/Formula/Calculation to understand what virus effect in our environment or infrastructure and what data we should collect from our infrastructure network traffic, OS, ..... will help us to evaluate this attack or impact.  From where I can get this samples?
Question by:abdallah1973
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    What you are asking a proper response would be either a college course or a week long seminar just to cover the basics. Every virus works differently and has different objectives. A security consultant that specializes in this might be available in your area.  All that you can do is not leave any low hanging fruit .. no user should run routinely as an administrator .. standard accounts are your friend. Prevention here is the key, the cure can be expensive.
    LVL 38

    Expert Comment

    by:Rich Rumble
    You should setup the cuckoo sandbox
    You can run your samples in that, and it will tell you everything you need to know, what registry changes, traffic captures, and files it may access or download. There are virus databases out there like VirusSign, MalwareMustDie, ThreatGRID, OffensiveComputing, and contagiodump. These professional groups however are better suited to decompile and understand the samples. If your trying to get your start in malware research, the above should get you started.
    LVL 60

    Accepted Solution

    you can have the sample sent to the online scanning to check its modus operandi which will start to create its trails of doings (carrier, dropper, rootkit, callbacks etc) on its "residential" (file system, registry, processes, application) or commonly known as Indicator Of Compromise (IOC). There is a nice OpenIOC ( to represent sample doing and helps in cluster samples, and mainly for threat intelligence sharing (analogous to "signature" sharing)
    Such exploitation scheme will need to surface the sample (or dropper) injection and override (breach and vulnerability) performed. Thus static (code run/reverse engr) and dynamic (include sandboxing) analysis of the sample is useful to surface these meta-data and trail as a whole. Can check out this wp describing crimeware, downloader / dropper scheme. (
    Primarily, this is to help analyst in understanding its TTP (tactic, technique and procedure) throughout the sample targeted infestation (lateral and depth of penetration) and accompanying cyber kill chain (recon > intrusion > exploitation > persistence) lifecycle. Its sophistication is revealed as the analysis reveal more of its "anti" capability such as anti-forensic, anti-debugging, ant-packing, anti-VM and etc. Likely it sums up to be cyber sabotage or cyber espionage or simply cyber theft scheme behind this one (out of many) samples...

    You can check out below for the approach, tools and analysis services (cum course) to aid the understanding and analysis - Main summary -

    Some useful takeaways from the summary:-
    Analyzing Malicious Documents Cheat Sheet

    Malware Sample Sources for Researchers

    Analyzing Malicious Documents Cheat Sheet

    Free Automated Malware Analysis Services

    Free Online Tools for Looking Up Potentially Malicious Websites

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now