International Journal of Scientific Research in Computer Science, Engineering and Information Technology

© 2019 IJSRCSEIT | Volume 5 | Issue 3 | ISSN : 2456-3307

DOI : 10.32628/CSEIT195379

Malware attack and Malware Analysis : A Research

Soumen Chakraborty
Department of Information Technology, MCKV Institute of Engineering, MAKAUT, West Bengal, India
Email : [email protected]

Abstract:

Malware analysis is the manner of performing evaluation of the malware and knowledge its moves and
conduct. It is of two types- static and dynamic evaluation. Static analysis is carried out by staring at the supply
code of the malware and drawing conclusions primarily based on it. Dynamic analysis is the analysis achieved
through executing the piece of code and noting its actions. Malware evaluation is an essential and relevant
undertaking, for the advanced forms of malware these days are often not even detectable through generally
available anti-virus software program. In the present paper, the authors have made a scientific have a look at on
one of a kind problems in malware and analysis of malware. One of the most full-size threats to cyber security
in nowadays’s world of limitless Internet get right of entry to is malware. In latest times, the malware being
designed are polymorphic and metamorphic, with the ability to transform their code and to cover quietly
within the structures of the unsuspecting customers.
Keywords : Malware, Viruses, Static Analysis, Dynamic Analysis, Classification, Security.

I. INTRODUCTION “software program whose rationale is malicious, or

whose effect is malicious”. [26] It can have any
With the rise of broadband Internet access, simple quantity of vindictive functions which include
computer viruses, which were first of all written as disrupting the normal computer operations,
mere pranks, have given way to malicious software accumulating sensitive and exclusive information
program which, in turn, has taken the form of a from an unwitting user, gaining access to personal pc
massive epidemic. In recent times, malware has been networks and showing unwanted advertisements or
written and designed maintaining earnings in unsolicited mail. The time period ‘malware’ was
thoughts. Since 2003, the general public of worms coined by Yisrael Radai in 1990, however, preceding
and viruses, which have grow to be enormous, had that these forms of software had been prevalently
been written so that it will perform illicit activities referred to as pc viruses [22]. Malware is a preferred
on users’ computer systems. McAfee [2] catalogs over time period, used to refer to a ramification of
a hundred,000 new malware samples each day means intrusive and dangerous software program, together
approximately 69 new threats each minute or about with laptop viruses, Trojan horse, worms, spyware,
one risk according to 2nd. Preliminary results from and adware. [25] Malware may be stealthy portions
Symantec Malware, abbreviated from malicious of software, quietly stealing non-public information
software program, is any form of software that or they will reason direct damage like sabotage and
“deliberately fulfills the harmful reason of an even extort price from the unsuspecting victim.
attacker.” Aycock (2006) defined malware as

CSEIT195379 | Received : 05 May 2019 | Accepted : 27 May 2019 | May-June -2019 [ 5 (3) : 268-272 ]
268
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

consumer of this motion. Thus it takes manipulate

over the consumer’s machine with out asking for
II. METHODS AND MATERIAL his/her consent regarding the problem.
[3] posted in 2008 counseled that "the discharge
DIFFERENT TYPES OF MALWARE fee of malicious code and other undesirable
applications can be exceeding that of legitimate
The following paragraphs are totally here for the software program packages." F-Secure [4] mentioned
reason of a short advent to the extraordinary how the amount of malware produced in 2007 turned
terminology related to malware. The various styles of into as a lot as inside the preceding twenty years.
malicious software are very shortly discussed. It is to This, but, has visible a rise in tremendously specific
be referred to that the instructions which can be and superior tools to counter such malware. In a
going to be referred to here are not together different reason-impact scenario, this, in turn, has led to the
and a piece of malware can be displaying traits and brand new generation cyber security threats and
traits of multiple such classes. In depth discussions of attacks to be extra centered, unknown, stealthy,
malicious code can be determined in Szor (2005). personalized and 0 day. This is in stark assessment to
the traditional malwares which had been huge,
Viruses: “A laptop program typically hidden inside acknowledged, open and one
every other reputedly harmless program that
produces copies of itself and inserts them into
different applications or documents, and that protections. After set up, they call their command
generally plays a malicious action (including and manage servers for further instructions, which
destroying information)”.[6] will be to thieve facts, infect different machines, and
permit reconnaissance. [1]
Worms: Spafford (1989) defines a trojan horse as “a
program that could run independently and might
propagate a totally working version of itself to method is by enforcing stolen certificates to disable
different machines.” This type of dangerous code is anti-virus protection. This is executed by means of
predominantly established in networks along with positive spyware; technical remedies are available to
the Internet. address such spyware.

Trojan horses: The time period is derived from the

Ancient Greek story of the timber horse that helped III. STATIC MALWARE ANALYSIS
Greek troops invade the metropolis of Troy by way of
stealth and deception. Like the name, Trojan horses Analyzing malicious software with out executing it,
are basically programs that misrepresent themselves but with the aid of merely inspecting this system is
as beneficial software, along with plug-ins or referred to as static or code evaluation. It is typically
downloadable video games, while secretly perform performed with the aid of taking each a part of the
malicious sports in the heritage. binary file and analyzing every aspect very well with
out absolutely executing it. The different detection
Spyware: Spyware refers to software that get entry to patterns used in case of static analysis [1] consist of
confidential information from the person and skip it string signature, byte-collection n-grams, syntactic
directly to some other entity with out informing the library call, manipulate go with the flow graph and

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

269
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

opcode (operational code) frequency distribution and instruction sequences which are considered malicious.
so forth. A software is declared malware while one of the
signatures is diagnosed within the software’s code. [5]
Basic static evaluation entails the subsequent steps [7]. Malware authors use an expansion of techniques to
First, the suspicious executable is run via specific reveal the vulnerabilities in extraordinary internet
anti-virus software and answers to hit upon offerings, working systems, browsers, or in variations
commonplace malware. The programs detected by of browser plug-ins and exploit those weaknesses.
the anti-virus are noted down as is the facts of what Some commonly used techniques carried out
the anti-virus detects the malware as. Once the encompass useless code insertion, sign up
scanning of malware using anti-virus is completed, reassignment, subroutine reordering, instruction
the second one step of simple static evaluation is substitution, code transposition and code integration
finished. The malware is opened up in a hex editor to to stay away from detection with the aid of
see what type of software program it's far and traditional defenses like firewalls, antivirus and
whether or not it's far using a few kind of packer gateways which generally use signature primarily
utility (together with Ultimate Packer for based strategies and are not able to come across the
Executables or UPX). A packer including UPX makes formerly unseen malicious executables. Syntactic
use of a simple records compression set of rules signatures forget about the semantics of instructions
which permits for decompression of the record in a and consequently the syntactic homes of code are in
few hundred bytes of code. On unpacking the large part unnoticed, resulting in such malware being
malware, other gear can be run against it. A replica of resilient against common defence mechanisms.
the malware need to be made, for if the unpacking is Commercial antivirus companies aren't able to
achieved incorrectly, the malware can be not able to provide on the spot safety for zero day malwares as
characteristic. Microsoft has a beneficial utility called they need to research these to create their signatures.
Strings, which tests for ASCII, Unicode or both [1]
characters in a document. Strings searches the
executable even as ignoring context and formatting Thus with the usual signature based defence
and for that reason allows in finding out protocols, mechanisms failing inside the face of superior
ports, IP addresses and different such facts that offer modern-day malware, the want for malware
vital clues approximately the functionality of the evaluation is abundantly clear. Malware evaluation
malware. Strings searches for a three-letter or greater may be of types – static and dynamic. Static malware
collection of ASCII and Unicode characters, evaluation refers to studying malicious software
accompanied through a string termination character. program without executing, by using merely
Once the Strings seek is achieved, it's time to observing and inspecting the strategies of the
disassemble the malware. The executables are malware. Dynamic malware evaluation includes
opposite compiled the use of debuggers or analyzing a given application whilst it is being done.
disassemblers. The disassembled, decrypted malware
code affords excellent insight into the working of the Backdoor: The method of evading ordinary
software program. Current systems to locate authentication procedures, in particular over
malicious code (most prominently, virus scanners) connections including the Internet, is referred to as
are in large part based totally on syntactic signatures. backdoor. One or extra backdoors can be established
That is, those structures are geared up with a database into a machine without the user’s understanding to
of regular expressions that designate byte or make the gadget liable to outdoor assaults.

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

270
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

referred to earlier than, for proper analysis of

Rootkits: It is critical for a chunk of malicious malware, dynamic analysis should complement the
software to stay concealed once it has been hooked technique of static evaluation. In dynamic analysis,
up in a device. This is to avoid detection, which the procedure is completed and the system is
defeats the cause of malware. Rootkits are software discovered whilst the modifications that arise are
program packages that useful resource inside the referred to. It is to be kept in mind that the malware
hiding of malware in the gadget with the aid of needs to be performed in a safe environment, ideally
enhancing the user’s operating system making sure in a digital gadget. It is likewise clever to take a
that the software stays concealed. picture of the digital gadget earlier than the malware
binaries are achieved in an effort to ensure that the
In recent times, a widespread portion of malware safe nation can be lower back to and the right
makes use of a number of strategies to avoid changes may be noted. Before appearing dynamic
detection. The most ordinary evasion method analysis, it's miles to be ensured that the digital
implemented in in recent times is by means of gadget networking is not connected to another
fingerprinting the environment as quickly as the networks other than the host, for there may be a
malware is carried out. Another common P a g e superb threat of introducing the malware to other
networks if this step is not accomplished. Other
examples of managed environments where the
malware may be completed are simulators, emulators
Often malware writers use diverse obfuscation and sandboxes. Also, earlier than executing the
techniques to prevent the above reverse engineering malware, sure monitoring equipment along with
and as a result make static evaluation unpredictable, Process Monitor [8] and Capture BAT [9] (for
unreliable and high-priced. Binary obfuscation turns document device and registry monitoring), Process
malware binaries into self-compressed and uniquely Explorer [10] and Process Hackerreplace [11] (for
based binary documents. Furthermore, vital facts procedure tracking), Wireshark [12] (for network
about the malware is misplaced at the same time as tracking) and Regshot [13] (for machine alternate
trying to work with such binary executables and detection) are installed and activated. [1] The various
subsequently the technique of malware analysis is techniques which can be employed to perform
made greater hard. [1] Moser et al. Discussed the dynamic analysis are mentioned beforehand P a g e
drawbacks and shortcomings of static analysis. In
their paper, they introduced a scheme primarily
based on code obfuscation that proven how static
evaluation on my own isn't sufficient to detect Volume four, Issue 10, October 2016 pg. 22-30
malware. They additionally proposed that dynamic
malware analysis at the side of static analysis is Function Call Monitoring: Functions utilized in
important to make the system much less susceptible applications encompass codes that carry out a
to code obfuscation strategies and approach. selected task, inclusive of sorting a fixed of
information. Functions are useful in case of
IV. DYNAMIC MALWARE ANALYSIS programming, for they help in code reusability and
also make the code easier to preserve. One
Once static malware analysis is completed, it is time characteristic of features is that they provide an
to transport directly to dynamic evaluation. As aspect of abstraction in carrying out the project. For

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

271
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

example, a sorting function would make certain that in tracking the waft of data between the ‘source’ and
the number one difficulty is the suitable taken care of the ‘sink’. Any fee within the application that relies
output, with out indulging within the details of the upon on computation the usage of statistics from a
algorithm this is hired to attain the aforementioned ‘tainted’ supply is referred to as ‘tainted’ records. Yin
result. It does not truely be counted within the large et al [15] proposed a method called whole-device
photo where the algorithm used is a merge sort or a fine-grained taint evaluation which uses a whole-
bubble sort so long as the result reached by the system emulator to capture the intrinsic residences of
characteristic is accurate. These abstractions assist in a diffusion of malware and therefore presenting a
developing a summary of the conduct and sample of great quantity of development to automatic malware
the program at the same time as analyzing code. One detection and analysis. As cited in their paper, their
way to useful resource such analysis is to intercept proposed gadget showed how the method helped in
the calls to such functions. The time period ‘hooking’ detecting a massive range of malware of different
is used to describe this manner of intercepting training consisting of backdoors.
function calls. The code is analyzed and alongside the
desired functions, a ‘hook’ feature is invoked which Instruction tracing: Instruction tracers, or tracers, are
helps to enforce the respective analysis functionality, referred to for recording every unmarried practise
together with analyzing input parameters or and related nation while executing a chunk of code.
preserving information of invocations to log files. [14] This tracing is then analyzed by a hint analyzer for
System calls are utilized by consumer-mode software extraction of relevant data. Bangerter et al [16]
to request the working device to perform certain delivered a brand new tracer called Helios which
functions on its behalf. Usually, malware invokes involved a lot of optimizations along with
gadget calls to interact with kernel space even as automatically skipping beside the point code
executing inside the person space. This makes the components which are also computationally
dynamic analysis of this interface quite thrilling. luxurious. The simple approach behind Helios is
simple in that it interrupts the execution go with the
flow whenever manage switch coaching (CTI) takes
Function Parameter Analysis: In static evaluation, place, records the training among two CTIs, and then
function parameter analysis attempts to infer the incorporates on with the execution from the vacation
sorts of the parameters or the set of their values in a spot cope with of the CTI.
static manner. However in dynamic evaluation, the
real values of the parameters, which can be surpassed Apart from this, there are numerous different
while a characteristic is called, are of concern. For strategies like autostart extensibility points which are
instance, the go back fee of a CreateFile gadget name also part of dynamic malware evaluation. It ought to
can be used later for a WriteFile call, and this be stated that while dynamic analysis is some
correlation is of first-rate importance in dynamic distance greater efficient than static malware analysis,
malware analysis. [14] it is also lots more time extensive and useful resource
consuming, therefore main to expanded scaling
Information Flow Tracking: The purpose of records problems.
float monitoring/evaluation is to problematic at the
go with the flow of ‘exciting’ information throughout V. TOOLS USED FOR MALWARE ANALYSIS
the machine, whilst this system manipulating it's
miles being completed. Dynamic taint analysis helps

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

272
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

Before discussing the one of a kind malware analysis taken into consideration as a specific shape of
equipment to be had popularly, some terms need to virtualization. Sandboxes are therefore frequently
be clarified. Malware evaluation uses a device called used to test codes with malware, without inflicting
sandbox typically, so as to run the unauthorized and harm to the host laptop. They characteristic with the
in all likelihood dangerous piece of code or software aid of limiting the assets used by the execution of the
with out harming the host gadget. In laptop safety, a piece of malicious code. One of the numerous
sandbox refers to a precise, separate environment, benefits of the usage of Norman SandBox is that
analogous to a container, with strict regulations and because the malware receives done in a simulated
permissions, where pc code can run without being system, obfuscation can not avoid the manner of
able to inflict any harm or purpose infection. malware evaluation itself. This aids in the detection
Anything outside the sandbox is beyond the reach of of viruses and worms spread over electronic mail or
the suspicious computer code. It is to be stated that a thru P2P networks. Alongside this, a widespread
sandbox and a digital gadget are not the equal malware detection algorithm is likewise run in order
element. When a application runs in a sandbox, it has to seize different types of malicious software.
the permission to execute as although it was not in a
sandbox. Any modifications tried through the utility Anubis: Anubis is developed by the International
are lost whilst the application stops going for walks. Secure Systems Lab and is able to studying both files
In evaluation, whatever modified or created through and URLs. Unknown binaries are analysed in an
the utility is permitted to remain in a virtual gadget, emulated surroundings of a Windows XP operating
and all movements stay inside it. system on this project. The evaluation is executed
through monitoring the machine calls and Windows
API features. Function parameters also are tracked
and monitored in this malware evaluation assignment
© 2016, IJARCSMS All Rights Reserved ISSN: [20].
2321-7782 (Online) Impact Factor: 6.047 25 4,
Issue 10, October 2016 pg. 22-30 CWSandbox: CWSandbox is a tool for malware
analysis that satisfies the three design situations of
The foremost job of the sandbox is to enable “users to automation, effectiveness and correctness. Dynamic
automate the pattern submission procedure; analysis of malware is achieved to achieve
absolutely analyze any risk; and speedy act to protect automation. The software or code is done in a
touchy facts”. [17] simulated environment, a sandbox. Effectiveness is
ensured with the aid of the usage of the method of
API hooking. The calls to the Windows application
Several on-line automated tools exist for the purpose programmers’ interface (API) are despatched to the
of dynamic analysis of malware. Only some of them monitoring software for analysis before the actual
will be mentioned here. API code is called. API hooking ensures that all
nuances of malware conduct are referred to for
Norman SandBox [18]: “The Norman SandBox which the API calls are hooked. Correctness of the
Analyzer is a utility intended to automate, simplify, tool is accomplished through implementing the
and speed up the facts amassing system while technique of DLL code injection. Briefly, DLL code
studying malware.” [19] The sandbox affords a injection may be defined to allow API hooking to be
notably controlled environment and can hence be applied in a reusable and modular way. It is worth of

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

273
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

point out that although this tool can touch upon the and so on), encrypt the intellectual records and ship
seen movements of the malware, it cannot describe the stolen facts to a faraway server. Another method
how the malware turned into programmed. However, used by cybercriminals nowadays is known as “hack-
regardless of this disadvantage, the information back”, as stated with the aid of Gunter Ollmann,
amassed from executing malware using a CWSandbox vice-president of studies for Damballa. This feature
is treasured and more regularly than no longer, detects if and while a researcher is reading the
sufficient to diagnose the risks related to the precise malware,
malware [21].

III. RESULTS AND DISCUSSION © 2016, IJARCSMS All Rights Reserved ISSN:
2321-7782 (Online) Impact Factor: 6.047 26
It is with alarm that experts are noting how malware four, Issue 10, October 2016 pg. 22-30
appears to be getting increasingly more sophisticated and right now compromises the researcher’s device.
with the aid of the day. A as a substitute bleak Similar steps are taken by numerous different botnet
photograph is without difficulty painted, thinking malware which spark off
about that compared to the advancements inside the
generation behind malware, running systems and
internet browsers are not released that fast. DDoS – denial of carrier – attacks on researchers, if
they come too close to the C&C (command-and-
One recent trend in the upward push of malware control) machine. The Conficker computer virus
assaults is noticeable inside the subject of on the spot really blacklists users investigating the malware, who
messaging. As the various systems begin permitting try to get admission to the botnet server.
interaction between them, the quantity of malware
attacks on them will growth. A similar pattern is Although statistics display that there are about 30%
cited amongst Massive Multiplayer Online more CVEs (common vulnerabilities and exposures)
Roleplaying Games (MMORPG), where malware in Microsoft Office in place of PDFs, it is seen that
authors take manipulate of the debts of the the number of assaults on PDFs hugely overshadows
unsuspecting users and use them to their own the quantity of attacks on MS Office. [23] Prior to
malicious advantage. Top companies nowadays are October, 2007, PDF attacks were non-existent; but, at
typically involved approximately Trojan Horses. the quit of September that 12 months, CVE-2007-
Using the help of cautiously positioned keyloggers or 5020 turned into launched, exposing a major
display-scraping software, cybercriminals have taken vulnerability in Adobe’s PDF software program. And
to attacking unique computer systems, assisting in accordingly started out the unfairness of protection
their vindictive hobbies of industrial espionage or assaults on PDFs over MS Office. Attackers use three
comparable financially motivated crimes. Such foremost ways to compromise PDFs – mass mailing,
focused assaults regularly remain undetected, for power-by downloads and focused attacks. Mass
popular software are not able to identifying them. mailing includes sending malicious PDFs via e mail
Recent reports be aware many new and stepped and using social engineering so that you can tempt
forward assaults. There became a malware specially users to open the record. On the other hand,
written to steal intellectual assets. What became pressure-by downloads silently supply the PDFs to
anomalous approximately the malware became its the unsuspecting customers’ machines after they visit
capability to crawl thru specific file types (Excel, PDF, malicious websites. Targeted assaults are like mass

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

274
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

mailings, except that the malicious PDFs aren't sent in the wild use JavaScript, different strategies also are
in bulk, however are sent to a particular man or observed. One usual method is to embed Flash objects
woman or agency. in the PDF. In addition to diverse distribution
techniques, attackers have additionally improvised
Malicious PDFs can be improved in three distinct extraordinary techniques to stay away from detection
approaches through the attackers. The first is it of the malicious content material. Some of the
containing one precise exploit. The 2nd one is the malicious PDFs comprise junk parts of code to throw
possibility of a malicious PDF having several exploits. off antivirus software. Others crash the PDF reader so
And the 0.33 approach of infection includes detecting one can supply the person the illusion that they're
the version of PDF software program installed on the corrupted files, whilst silently wearing out the
pc this is focused. That manner handiest an vicious sports. Furthermore, diverse elements of a
appropriate take advantage of will be used. Lesser the PDF can be obfuscated, as a result not permitting
range of exploits, greater is the risk of a a hit assault. detection. Obfuscation of PDF report format is tons
easier compared to other record formats along with
Example of a de-obfuscated malicious JavaScript code MS Word, etc. A quite simple obfuscation method
showing how the PDF software version is detected: with the aid of which a vulnerable API call string is
damaged into smaller strings is demonstrated below.
feature PDF(admwn.P collab)
var lv=Pdf1.GetVersions(); Tryeval(“thi”+”s.M”+”ed”+”ia”+”.N”+”ew”+”Pl”+”ay”+
var fi=/EScript=([^,]+),/; ”er(n”+”ull)”);
lv=lv.Healthy(fi)[1].Break up(‘.’);
lv=parseInt(lv.Be part of(‘ ’)); catch(e)
if(lv<=812)
SHOWPDF(collab); To avoid being infected, a person can carry out the
else subsequent precautions. Users can disable JavaScript
SHOWPDF(admwnp); guide where possible. They need to maintain up to
date with all of the software patches available for the
This piece of code identifies the type of PDF software PDF reader software program. Antivirus and IPS
and can provide a malicious PDF for that reason. definitions need to be updated, and eventually, users
should always exercise caution at the same time as
When analysing malicious PDFs, we can commonly commencing PDFs from an untrustworthy supply.
classify them into two categories: JavaScript based
totally and Non JavaScript based totally. Because of Another principal exploitation fashion was spotted in
its flexibility and ease of use, JavaScript is widely Java as these days as 2012. [24] According to Oracle,
used in malicious PDF, exploiting a inclined 1.1 billion desktops run Java, and subsequently
JavaScript API and putting in the PDF reader vulnerability in Java is sure to have a good sized
program’s memory with malicious code. Although impact on consumer safety. The vulnerability in
the general public of malicious PDFs determined query have been constant before the primary
appearance of the malware. However a researcher
disclosed details of the vulnerability on his web page,
which turned into shortly accompanied through the
monitor of the malware. Shortly afterwards, it

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

275
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

become cited that the exploitation of this instances, the source code isn't visible. And although
vulnerability took over all different pre-existing Java the supply code turned into available, it can by no
vulnerabilities. This vulnerability is currently the means be ensured that no changes have been done to
number one vector for all pressure-with the aid of the binary executables which remained
exploits. Categorizing beyond Java vulnerabilities, 4 undocumented through the supply. Hence, because
classes are cited typical: type confusion, good of many such drawbacks, dynamic evaluation is
judgment error, reminiscence corruption and favored over static malware analysis. On reading
argument injection. Type protection is a totally vital malware analysis equipment, it can be concluded that
feature of Java safety. Type protection is ensuring the sandbox surroundings is in particular conducive
that a variable with a positive records type isn't towards studying malware. Recent trends in malware
always treated as a distinctive facts kind in a attacks show extraordinarily superior strategies being
application. On the failure of type protection, type implemented to secure sensitive statistics. It is with
confusion takes location. It is analogous to awesome alarm that experts are noting how malware
identification theft inside the real international. An assaults are being more and more state-of-the-art in a
example of a beyond kind confusion vulnerability in brief period of time, whereas working systems and
Java element is CVE-2012-0507: Atomic Reference different person software are not produced in such
Array kind confusion vulnerability. Logic errors can brief durations.
reside inside Java device code. CVE-2011-3544: Java
Rhino Script Vulnerability is an instance of common V. REFERENCES
sense errors wherein Security Manager is disabled.
Memory corruption problems, even as now not a [1]. Gandotra, E., et al. (2014) Malware Analysis
trend, have took place before, together with CVE- and Classification: A Survey. Journal of
2010-0842: Sun Java Runtime Environment Information Security, five, 56-sixty four.
MixerSequencer. Argument injection may be very Http://dx.Doi.Org/10.4236/jis.2014.52006
popular with Java plug-ins, as become mentioned in [2]. (2013) Infographic: The State of Malware.
CVE-2010-0886: Java Deployment Toolkit Http://www.Mcafee.Com/in/security-
Component. To analyse such Java vulnerabilities, recognition/articles/nation-of-malware-
specific static and dynamic research tools are 2013.Aspx three"Symantec Internet Security
required for Java binaries and the platform. CVE- Threat Report: Trends for July–December 2007
2012-0507 is presently the maximum commonplace (Executive Summary)" (PDF). XIII. Symantec
vulnerability for pressure-with the aid of exploits. Corp. April 2008: 29. Retrieved 11 May2008.
[3]. "F-Secure Reports Amount of Malware Grew
IV.CONCLUSION AND FUTURE SCOPE by using one hundred% during 2007" (Press
launch). F-Secure Corporation. Four December
The thoughts of malware, the one of a kind types of 2007. Retrieved 11 December 2007
malware and malware analysis were discussed in [4]. Andreas Moser, Christopher Kruegel, and
details here. It is inferred from the facts accumulated Engin Kirda, Limits of Static Analysis for
that dynamic evaluation is a higher approach of Malware Detection, Secure Systems Lab
malware analysis than static evaluation. Although Technical University Vienna
dynamic analysis has the plain flaw of studying [5]. “What are viruses, worms, and Trojan horses?".
simplest one execution of the malware, static Indiana University. The Trustees of Indiana
evaluation is rather hard to do well, for in maximum University. Retrieved 23 February 2015.

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

276
 Soumen Chakraborty Int J Sci Res CSE & IT. May-June-2019 ; 5(2) : 268-272

[6]. Http://resources.Infosecinstitute.Com/malware- Software Engineering three(four), April - 2013,

analysis-basics-static-evaluation/eight(2014) pp. 972-975
Process Monitor. [16]. Anubis. Analysis of unknown binaries.
Http://technet.Microsoft.Com/en- Http://anubis.Iseclab.Org
us/sysinternals/bb896645.Aspx nineCapture [17]. Toward automatic dynamic malware evaluation
BAT. Https://www.Honeynet.Org/node/315 the usage of CWSandbox.
[7]. (2014) Process Explorer. Http://dl.Acm.Org/citation.Cfm?Id=1262675
Http://technet.Microsoft.Com/en- [18]. Christopher Elisan (five September 2012).
us/sysinternals/bb896653.Aspx elevenProcess Malware, Rootkits & Botnets A Beginner's
Hackerreplace. Guide. McGraw Hill Professional. Pp. 10–.
Http://processhacker.Sourceforge.Net/ ISBN 978-zero-07-179205-nine
[8]. Wireshark. Http://www.Wireshark.Org/ [19]. Karthik Selvaraj and Nino Fred Gutierrez, The
[9]. Regshot. Http://sourceforge.Net/tasks/regshot/ Rise of PDF Malware, Symantec Security
[10]. Egele, M., Scholte, T., Kirda, E. And Kruegel, C. Response.
(2012) A Survey on Automated Dynamic [20]. Jeong Wook (Matt) Oh
Malware-Analysis Techniques and Tools. ([email protected]), Recent Java
Journal in ACM Computing Surveys, forty four, exploitation trends and malware, Black Hat
Article No. 6. USA 2012 Las Vegas.
[11]. Whole-gadget Fine-grained Taint Analysis for [21]. Imtithal A Saeed, Ali Selamat and Ali M A
Automatic Malware Detection and Analysis Abuagoub. Article: A Survey on Malware and
Heng Yin [email protected] College of William Malware Detection Systems. International
and Mary Dawn Song [email protected] Journal of Computer Applications 67(16):25-31,
Carnegie Mellon University April 2013. Full textual content to be had.
http://bitblaze.Cs.Berkeley.Edu/papers/malware [22]. Verma, Aparna, M.S.Rao, A.K.Gupta, W.
-hit upon.Pdf Jeberson, and Vrijendra Singh. "A Literature
[12]. Efficient and stealthy practise tracing and its Review On Malware And Its Analysis."
programs in computerized malware evaluation: International Journal of Current Research and
Open problems and demanding situations Review five (2013), 71-82.
Endre Bangerter, Stefan B¨uhlmann, and Engin
Kirda Bern University of Applied Sciences, Cite this article as :
Switzerland [email protected] Bern
University of Applied Sciences and Joe Soumen Chakraborty, "Malware attack and Malware
Security, Switzerland Analysis : A Research", International Journal of
[email protected] Northeastern Scientific Research in Computer Science, Engineering
University, USA [email protected], and Information Technology (IJSRCSEIT), ISSN :
http://dl.Ifip.Org/db/conf/ifip11 - 2456-3307, Volume 5 Issue 3, pp. 268-272, May-June
4/inetsec2011/BangerterBK11.Pdf 2019.
[13]. Http://cwsandbox.Org/ Journal URL : http://ijsrcseit.com/CSEIT195379
[14]. Norman Sandbox. Http://sandbox.Norman.No
[15]. Gadhiya et al., International Journal of
Advanced Research in Computer Science and

Volume 5, Issue 3, May-June -2019 | http://ijsrcseit.com

277