I just received an e-mail notification that Project 2 has been just been released – which feels just a tad overwhelming since project 1 (implementing a stack based overflow) is just coming to an end – and I’m pretty stoked to work on it. According to PDF document that contains the project instructions, the project exposes us students to malware analysis. In particular, we will be launching a virtual machine nested with a virtual machine, where the inner most virtual machine (running Windows XP) will be infected with malware, the outer inner machine (running Linux) will be used to run a de-facto industry malware analysis tool called cuckaroo, a program I’ve actually never even heard of before.
Why am I so excited for this project? Because early on in my career, when working as a systems administrator, I often had to run tools against computers (mainly PCs running windows) infected with malware. And although the tools, in general, did a pretty good job of identifying and eradicating the malware, I never really understood what those tools were doing. So I was always left asking: what is the malware doing and how was the malware detected? Or even more a more naive question: what exactly is the definition of malware?
So, at the time of this writing, I have zero previous experience with identifying and troubleshooting malware. I’m hoping I’ll learn more about the internals of the operating system (even if its the Windows OS) and how a process can be classified as malware. Finally, I’m curious if we will learn how to eradicate the malware or be confident when doing so.