Malware Attribute Enumeration and Characterization (MAEC) is the standard to represent malware by attributes. MAEC provides schema which can be used as a basis for creating malware repositories. It can also be used as the format to share malware information between applications. Basically, either Static and Dynamic analysis techniques are used to discover attributes of malware. Static analysis is performee by looking at the code and dynamic analysis is by at tracking the behaviour of system. Once the attributes are discovered with any of the techniques the applications can adopt MACE to report on discovered attributes of malware.
CWSandbox is one of tools which uses dynamic analysis techinque to report on detected malware. It is available for windows and yet to adopt MAEC.
ThreatExpert has tools for detecting malware on windows and does it by looking at changes in file system, memory, registry, and Outbound and SMTP traffic data. Here is the sample report form ThreatExpert memory scan from my system -
Full Scan Summary:
Scan details:
Scan started: Tuesday, November 30, 2010 20:15:23
Scan time: 01 minutes, 53 seconds
Number of memory objects scanned: 9356
processes: 60
modules: 3085
heap pages: 6211
Number of suspicious memory objects detected: 0
Number of malicious memory objects detected: 0
Overall Risk Level: Safe
Summary of the detected threat characteristics:
No suspicious characteristics detected.
Summary of the detected memory objects:
No suspicious memory objects detected.
For now, i could use the above tools and looking for other free tools which can be used to detect malware. Also looking out for tools which can report using MAEC schema format. Will keep this bolg updated on my findings. Adieos till then.
Sources -
http://maec.mitre.org
http://mwanalysis.org
http://www.threatexpert.com
