Analysis for Virus attack

If virus attack a system. what best tools/Formula/Calculation to understand what virus effect in our environment or infrastructure and what data we should collect from our infrastructure network traffic, OS, ..... will help us to evaluate this attack or impact.  From where I can get this samples?
abdallah1973Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
What you are asking a proper response would be either a college course or a week long seminar just to cover the basics. Every virus works differently and has different objectives. A security consultant that specializes in this might be available in your area.  All that you can do is not leave any low hanging fruit .. no user should run routinely as an administrator .. standard accounts are your friend. Prevention here is the key, the cure can be expensive.
0
Rich RumbleSecurity SamuraiCommented:
You should setup the cuckoo sandbox http://www.cuckoosandbox.org/ 
You can run your samples in that, and it will tell you everything you need to know, what registry changes, traffic captures, and files it may access or download. There are virus databases out there like VirusSign, MalwareMustDie, ThreatGRID, OffensiveComputing, and contagiodump. These professional groups however are better suited to decompile and understand the samples. If your trying to get your start in malware research, the above should get you started.
-rich
0
btanExec ConsultantCommented:
you can have the sample sent to the online scanning to check its modus operandi which will start to create its trails of doings (carrier, dropper, rootkit, callbacks etc) on its "residential" (file system, registry, processes, application) or commonly known as Indicator Of Compromise (IOC). There is a nice OpenIOC (http://www.openioc.org/) to represent sample doing and helps in cluster samples, and mainly for threat intelligence sharing (analogous to "signature" sharing)
Such exploitation scheme will need to surface the sample (or dropper) injection and override (breach and vulnerability) performed. Thus static (code run/reverse engr) and dynamic (include sandboxing) analysis of the sample is useful to surface these meta-data and trail as a whole. Can check out this wp describing crimeware, downloader / dropper scheme. (https://www.damballa.com/downloads/r_pubs/WP_Advanced_Malware_Install_LifeCycle.pdf)
Primarily, this is to help analyst in understanding its TTP (tactic, technique and procedure) throughout the sample targeted infestation (lateral and depth of penetration) and accompanying cyber kill chain (recon > intrusion > exploitation > persistence) lifecycle. Its sophistication is revealed as the analysis reveal more of its "anti" capability such as anti-forensic, anti-debugging, ant-packing, anti-VM and etc. Likely it sums up to be cyber sabotage or cyber espionage or simply cyber theft scheme behind this one (out of many) samples...

You can check out below for the approach, tools and analysis services (cum course) to aid the understanding and analysis - Main summary - http://zeltser.com/combating-malicious-software/index.html

Some useful takeaways from the summary:-
Analyzing Malicious Documents Cheat Sheet
http://zeltser.com/reverse-malware/analyzing-malicious-documents.html

Malware Sample Sources for Researchers
http://zeltser.com/combating-malicious-software/malware-sample-sources.html

Analyzing Malicious Documents Cheat Sheet
http://zeltser.com/reverse-malware/analyzing-malicious-documents.html

Free Automated Malware Analysis Services
http://zeltser.com/reverse-malware/automated-malware-analysis.html

Free Online Tools for Looking Up Potentially Malicious Websites
http://zeltser.com/combating-malicious-software/lookup-malicious-websites.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.