SECURITY 537

Identifying and Removing Malware

In today's world, it is critical to understand malicious code by learning how to identify and remove them from a live system, including viruses, worms, trojans, and rootkits.

This course discusses the essential tools and techniques for examining a system, looking for malware using a variety of tools and techniques. We'll look at Graphical and Command line built-in tools of Microsoft Windows and external free tools that will make you able to stop the infection and remove the malware from the system.

Hands-on workshop exercises are an essential part of this course, and you are required to bring a laptop with virtual machine and Windows XP professional installed with you. The instructor will demonstrate the skills discussed in the course, and the manual includes numerous screenshots.

Who Should Attend

• System administrators and security personnel
• Members and leaders of incident handling teams
• Anyone involved in Incident Response
• Security Professionals who want to fill the gaps in their understanding of Incident Response

Prerequisites

• Students should have a computer system that matches the laptop requirements (note some software needs to be installed before you come to class).
• Students should be familiar with using Windows and with troubleshooting general connectivity and setup issues.
• Students should have a general understanding of Windows Command Line tools, using a DOS Prompt
• Students should have a general understanding of network protocols

A Sampling of Topics

• What's New in the Malware World?
• Basic Microsoft Windows CLI Tools
• Advanced Microsoft Windows CLI Tools - WMIC
• Windows Basic GUI tools
• HijackThis Tool
• Microsoft Sysinternals Tools
• ADS - Alternate Data Streams
• Rootkits and Anti-Rootkits
• Network Based Malware Traces
• Online Help - Malware Behaviors

I learned more here in six days than I could in a year in terms of breadth of knowledge.
-Stephen Yuhas, TESSCO Technologies

Author Statement

Malware development is one of the most exciting and rapidly changing aspects of information security. Simple downloaders, trojans, bots, spamming worms, and rootkits are becoming more and more common and are being integrated within the system, trying to make them undetectable for the longest possible time.

I've been working in the field of research for several years for fun, and recently it became my main job. It is really interesting to see how the techniques evolve and what you can do to identify, fight, and remove them from the system.

Although on some occasions you will find yourself in a position to rebuild the infected system, my goal here is to give you the skills necessary to build and develop your own malware fighting kit, to be able to identify and remove a malware in your own environment, and to be successful 95% of the time.

-Pedro Bueno