Thursday, August 19, 2010

Analysis of a Malware Installation Attempt

Here's the background. Earlier this year, I was in a masters class that was an introduction to the TCP/IP suite of protocols. TCP/IP is, in essence, the backbone of the Internet. It's what allows all computers to talk to all other computers, regardless if they're little handheld iPhones to large supercomputers.
Me, I hate theory. I mean I really hate it. So many textbooks provide such dry prose that I have to stand in a monsoon to keep some humidity around me. To help keep my interest, I decided to do a little experiment. A friend's computer had been infected with a virus when she clicked on a link in her Facebook account. Turns out the link was from a friend of hers, whose account had also been infected. My friend's computer was running Windows, and it required several days and a couple hundred dollars to get it fixed. Anyway, I decided to use this as an opportunity to learn something. So, I set up a virtual machine (using VMWare) to create a Windows 7 Professional system. Then, I loaded Kaspersky Anti-virus, created a limited account, and went hunting. I stored a few of the links that were now appearing on her (now infected) Facebook account.
Rather than bore you here with all of the details, here's a short, graphic-laden summary of what transpired. The short answer is that it appears that Windows 7, when run on a limited account, is a much tougher nut to crack than I thought. Considering that I converted to Linux just last year, that's saying something.

No comments: