Malware Research (Pragmatic and starting to be Academic) 07/03/13 v0.3.01 3/4
by Peter Scully
1. Exploits / Buffer Overflows
2. Rootkits
2.1. Zeroaccess / TDL3
3. Industrial Network Malware
3.1. Stuxnet
4. Botnets
4.1. Relevant Papers
4.1.1. Botnet Detection Systems
4.1.1.1. Gu et al. 2006-8
4.1.1.1.1. "BotHunter" Payload Byte-Frequency Analysis (Gu, Porras, et al. 2007)
4.1.1.1.2. BotMiner
4.1.1.1.3. BotSniffer
5. Indicators of Infection
5.1. Network Packet Analysis
5.1.1. Frequency Analysis
5.2. Security Information & Event Monitoring (SIEM) Systems
5.2.1. Log Analysis
5.2.1.1. Application
5.2.1.2. Audit
5.2.1.2.1. Authentication
5.2.1.2.2. Installation
5.3. Memory Analysis
5.3.1. Process Tree
5.3.2. Process Memory
5.3.3. Full Dump Analysis
5.3.4. Process Core Crash Dump Analysis
5.4. File Changes
5.4.1. Hash-on-Execute Correlation
5.4.2. Periodic Validity/Version Checks
5.5. System Call
5.5.1. Frequency Analysis
5.5.2. Process-SysCall Correlation Analysis