Week 12
Forum Based learning : Malware in network analysis
Malware is short for malicious software. It is a software that is made to create destruction or gain valuable information from a computer system or a server.
There are a lot of ways to identify malware using network forensics methodology. One way is using SIEM, security information and event management. This method combines the functions of two approaches : security information management (SIM) and security event manager (SEM), into a singular security management system.
Examples of malware :
First example : worms. A worm is self-replicating type of malware. Hence, worms would spread out really quickly. Worms make other programs and files do the dangerous things. For example, if a person opens an email containing worms, the whole organisation can be infected. There are a lot of ways to solve this problem and prevent worms, such as virus remover.
Second Example : viruses. A computer virus modifies host files and stick to the host file, so when a file is executed, the virus will also execute. Virus is the type of malware to stick to other files, so it is difficult to be solved. There are a lot of antivirus programs that may have trouble getting to detect these viruses. In that case, antivirus ends up blocking the file to be executed or suggest deleting the infected file.