An ideal setup for Malware Analysis would be to have a machine where we can readily install and execute malicious programs. But given the nature of malicious programs, they may cause permanent and irreversible damage to the machine. To protect a machine from such damage Virtual Machines are used.
A Virtual Machine is a OS running within an OS. Softwares like VMWare and VirtualBox allow emulation of multiple Operating Systems on a single physical system.
Advantages of using a Virtual System:
A Virtual Machine is a OS running within an OS. Softwares like VMWare and VirtualBox allow emulation of multiple Operating Systems on a single physical system.
Advantages of using a Virtual System:
- Safe environment to infect: We can safely infect a virtual machine without harming the base system to some extent (more will be explained about this later). This allows us to boldly analyze dangerous malwares which we would otherwise hesitate to analyze.
- Snapshots: A snapshot taken in a Virtual Machine saves the state of the virtual OS 'at that point of time'. In the event of a system crash due to the malware, we can travel back to the state when the snapshot was taken.
- Host-Only Networking: This is convenient for interconnecting virtual systems using a simulated network without additional hardware. The host-only network allows any virtual system to see all traffic on the simulated network when listening in promiscuous mode.This makes monitoring the specimen's network interactions easy.
- Multiple environments: Using virtual machines for different OS allows us to perform analysis on different Operating Systems. It is more feasible for people to have multiple systems with different OS rather than buying different systems with multiple OS. Malwares usually behave differently on different OS and different versions of the same OS. Having multiple OS allows us to analyze malware behavior on different systems and thus get a better understanding of the malware.
No comments:
Post a Comment