Malware Investigation

Why investigating malware is becoming so important

Malware.png

There are many reasons behind why malware is appears on user’s computers. One such reason is to have the compromised computer added to a network of similarly infected devices (called a Botnet), rendering each one under the control of a central operator. As is it often the case, this process is achieved without the knowledge of the genuine user, whereupon these computers metaphorically become ‘Zombies’.

The Botnet operator can then rent out the services of the Botnet to underground figures to facilitate mischief or for illegal purposes. Some examples of this include:

• Mass e-mail spamming

• Direct Denial-of-Service (DDoS) attacks to bring down online services

• Pay-per-click fraud

• Information Theft

• To download illegal images and store remotely on the zombie device

Fusion Forensics have assisted clients that have fallen victim to this practice. Recently a client’s computer fell foul of a nightmare scenario when their infected computer was found to be storing indecent images without their knowledge. Following a thorough investigation, Fusion proved the machine was being controlled remotely to store the illegal content, saving the client from the life changing implications of being wrongly prosecuted of a sexual offence.

Software defences to malware are getting better; however the malware technology behind Botnets is fast becoming more advanced with Smartphones, particularly Android devices, coming under increasing threat. Seemingly innocuous apps containing sophisticated malware are now being found within various app stores. Once infected, it becomes very difficult to remove, never mind detect the infection.

Polymorphic Malware, viruses or trojans that constantly change their identifiable characteristics to avoid detection by standard anti-virus software, are now the latest challange. Traditional methods of detection are being evaded; however, advanced tools utilising static artificial intelligence engines are fighting back.

As long as the malware threat exists, there will always be a need to ensure that a thorough investigation to establish what has really happened on a device. If malware is an issue in your case, Fusion Forensics backed by our partner malware experts from Custodian 360, can assist you in getting to the root cause.

Stephen Haslett