|
Involvements:
Microsoft
Technologies/Products
Consumer Security
& Anti-Malware Community Activities
Personal &
Professional Details:
Please refer to
my LinkedIn Profile for complete details about my personal and
professional engagements:
http://www.linkedin.com/in/rajdeepchakraborty
Examples of
Online/Offline Community Activities:
On a voluntary
basis I have been analyzing various kinds of Malwares for over
3 years and it has been more than a year and half now that I
have seriously started to help out the end users and the
Anti-Malware Community in all possible ways. Also, we have
very less participation from India in the Anti-Malware Front.
There is very less awareness about the subject of Malwares. So
this is my endeavor to spread awareness and make more and more
people interested in this subject, which in turn will help the
community as a whole.
Member of
Microsoft India Marketing IT Pro
Panel:
I got selected as
Microsoft India IT Pro Marketing Panel
member. Here I participate in email surveys and discussion
topics sent to me by Microsoft. I am actively involved in
increasing the awareness and usage of Microsoft products,
especially security oriented products, within the Indian IT Community.
Analysis of New
Malware Samples:
I carry out
Static Analysis & Dynamic Analysis (Behavioral Analysis in
Windows environment) of these Malware Binaries. Example of the
Behavioral Analysis of new malicious binaries in Windows
environment that I have carried out can be referred to from
the below links:
http://www.malwareanalysis.org/analyze-malwares-f8.html
http://www.malwareinfo.org/archive/ArchiveIndex.html
Undetected &
New Malware Submission:
On a regular
basis, I analyze new unknown viruses and Malwares and
coordinate with the Security Response teams of various
Antivirus Vendors, including Microsoft Malware Protection
Center. I take active participation in submitting these new
and undetected threats and Malwares to the various AV Vendors
which includes MMPC as well.
MMPC
Submissions:
Till date I have
submitted more than 1000 genuine and undetected Malware
samples, till now, to the MMPC and an equal number of
submissions to other Antivirus Vendors as well. For my active
participation in Malware Submission, I have been provided a
personal Malware Submission email address by MMPC (chakraborty@submit.microsoft.com) last year.
An example of a few MMPC Submissions can be referred to from
the below link:
http://www.malwareinfo.org/MMPCFileSubmission.htm
Taking into
account the number of files that I submit to MMPC for
analysis, I have stopped keeping track of the individual
submission IDs and their response. However, I do receive their
response for every single submission and have archived those
in my personal mailbox for future reference or follow
up.
CastleCops MIRT
Participation:
Also I have
analyzed Malware samples posted by users and members of
CastleCops in the MIRT Forum with the alias
‘MaliciousBrains’. I was also a Premium Member of their
MIRT Team till CastleCops existed.
Tracking of
Malware Hosting Domains:
I keep a constant
watch for the Malware Hosting Domain Names and keep it updated
as much as possible. A Long list of such domain names
can be referred to from the below link:
http://www.malwareinfo.org/MalwareLinks.txt
Website:
Started my
website http://www.malwareinfo.org/.
MalwareInfo.Org is my online presence and through this
website I try to make the user community aware about Malwares
and how to fight this menace. Also this site contains other
useful information like:
Useful
Links: http://www.malwareinfo.org/LinkGallery.htm
AV
Comparisons: http://www.malwareinfo.org/files/AV-Comparision.xls
RSS Feed
Support: http://feeds.feedburner.com/blogspot/BBAK?format=xml
Report a Malware:
http://report.malwareinfo.org/
Malware
Submission:
http://www.malwareinfo.org/submit.html
AV Support
Forums:
Virus
Encyclopedias:
Virus Hoax
Info:
Online Malware
Scan & Analysis:
Forum:
Started http://www.malwareanalysis.org/ and it is an
extension of MalwareInfo.Org where people can come and
participate with intent to share knowledge and work positively
to fight the ever increasing menace of Malwares. This forum
also has sections where users can publish their analysis
results.
Blog:
I am also running
a Blog called http://maliciousbrains.blogspot.com/. I keep
this Blog updated with news about latest threats, critical
patch releases, new tools and utilities available etc.
Articles:
Published various
articles about various types of Malwares, procedure involved
in Analyzing Malwares, ways to Identify and terminate Malwares
etc. Also I have started a boot camp section from where users
can learn about, how to use some of the most important tools
of the trade. Mentioned below are some of the Articles that I
have written:
Malware Analysis
How To…: http://www.malwareinfo.org/malwareinfo.org/malwareinfo.org/files/WhitePaper.pdf
Well Known
Malwares: http://www.castlecops.com/t220378-Malware_Celebrities_Some_Well_Known_Malwares.html
Analyzing
Malicious SWF Files: http://www.castlecops.com/t220423-Analyzing_Malicious_SWF_Files.html
Rogue
Anti-Spywares: http://www.malwareinfo.org/files/RogueAntiSpyware.pdf
USB Infecting
Malwares: http://www.malwareinfo.org/files/USBInfectingMalwares.pdf
W32Conficker/Downadup
Threat: http://www.malwareinfo.org/files/W32.DownadupThreat.pdf
Boot Camp
1: http://www.malwareinfo.org/bootcamp/LearnIt.htm
Boot Camp 2:
http://www.malwareinfo.org/bootcamp/LearnIt2.htm
RootKit Analysis:
http://www.castlecops.com/p1066512-RootKit_Hunting_They_can_run_but_cannot_hide.html#1066512
Trojans
Explained: http://www.malwareinfo.org/articles/Trojans%20Explained.htm
Spywares &
Adwares: http://www.malwareinfo.org/articles/SpyWares&AdWares.htm
Browser Helper
Objects: http://www.malwareinfo.org/articles/Browser%20Helper%20Objects.htm
Malware
Identification & Removal Presentation:
For beginners and
novice users, there is also a presentation in my website that
teaches about the basics of Malware Identification &
Removal. The presentation can be referred to from the given
link:
http://www.malwareinfo.org/files/Malware%20Identification%20&%20Removal.zip
Applications
& Utilities:
For the
Anti-Malware Community I have created various useful
applications and utilities that can be used to easily identify
and remediate a Malware infection. I continuously keep these
applications and utilities updated and bug free. A list of
these applications is mentioned below. Complete details about
these applications can be referred to from the Utilities
section in http://www.malwareinfo.org/.
Advance
Malware Identification & Removal (AMIR): AMIR is an
application that will help us to quickly identify any unwanted
process running in the system. It also shows PE Details,
actual Memory Dumps of the running process, DLL Hooks, various
Resources used by the binary and a lot more. AMIR can be
downloaded from:
http://www.malwareinfo.org/Utilities/AMIR.zip
Also AMIR’s
architecture can be referred to from the below link:
http://www.malwareinfo.org/images/AMIR%20Architecture.jpg
Command Line
Enumeration Tool (ENUM): Command Line tool to Enumerate
running processes, Process paths, Kill running processes with
PID, port to process, PE Details of binaries, Version
Information of Binaries, Enumerate all system files or non
Microsoft system files etc. Enum can be downloaded from:
http://www.malwareinfo.org/Utilities/Enumerate.zip
Personal
Malware Database: Personal Malware Database helps us to
automatically download undetected malware binaries from the
internet and scan them and generate reports on the fly, record
these information in a backend database and in the end
automatically submit these binaries with the analysis reports
to the Antivirus vendors. Personal Malware Database can be
downloaded from:
http://www.malwareinfo.org/Utilities/PersonalMalwareDataBase.zip
USB
Protect: USB Protect runs in the background silently and
will watch for USB Drives getting plugged in. Once it detects
a new removable drive, it will ensure that the USB Malwares
are not infecting the system. It even gives a voice
confirmation on a positive detection. USB Protect can be
downloaded from:
http://www.malwareinfo.org/Utilities/USBProtect.zip
Unknown
Malware Remover (UMR): A small utility that can remove any
binary once the MD5 signature of the binary is provided to it.
It creates a small stand alone Scanner with the supplied MD5
signatures embedded and can be run on any system. This comes
handy when the Antivirus is not detecting a Malware but we are
sure that a particular binary or process is malicious. UMR can
be downloaded from:
http://www.malwareinfo.org/Utilities/UMR.zip
Apart from these
there are a few of more utilities viz.
USB Monitor
Activity: http://www.malwareinfo.org/Utilities/USBActivityMonitor.zip
Malware
Activity Watcher: http://www.malwareinfo.org/Utilities/MalwareActivityWatcher.zip
LinkedIn Malware
Analysis Group:
Started Malware
Analysis Group in LinkedIn with members from all around the
world, including people from the Security Response Teams of
almost all the major Antivirus Vendors. The group’s link is
provided below:
http://www.linkedin.com/groups?gid=135559&trk=hb_side_g
Google Code
Project:
Started a Google
Project where people around the world can actively participate
in Anti-Malware activities: The link to the project area is
given below:
http://code.google.com/p/malwareinfo/
WikiPedia
Information Page:
Created WikiPedia
information page for sharing ideas and knowledge so that more
and more people become aware of the processes involved in
Malware Analysis and the actual steps required to safeguard
their own systems and incase of a infection they can quickly
remediate the incident themselves. The links to the Wiki
information page is given below:
http://en.wikipedia.org/wiki/User_talk:Maliciousbrains
|