Pattern-matching tools for chasing down malicious software

The words virus and malware are often used in the same breath, although they refer to different things. Malicious software (typically shortened to "malware") covers a vast array of unwelcome software threats that fall into multiple categories. The term malware essentially refers to any code designed to cause harm. A virus, on the other hand, is a type of malware that generally becomes active when a legitimate piece of software is executed. Like a real virus, a software virus has a way of replicating, allowing it to spread to any system it is capable of infecting.

In this article, I will look at software that allows anyone familiar with Linux and a willingness to learn to create rules for detecting and classifying malware.

YARA

YARA [1] is provided by VirusTotal [2] and is released under the permissive BSD 3-Clause "New" License, which means that you can use it for commercial purposes [3]. Google acquired VirusTotal in 2012 [4]. The name YARA apparently stands for "Yet Another Ridiculous Acronym"!

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Malware Analysis

    Forensic experts can't just delete a sketchy file – sometimes the challenge is to see what is in it without triggering an attack. Learn about some of the tools investigators use for analyzing suspicious files.

    more »
  • Rasp Pi Security

    Analyze malware on hacked Raspberry Pis and create a signature to detect malware in log entries.

    more »
  • MITRE ATT&CK Workshop

    The MITRE ATT&CK website keeps information on attackers and intrusion techniques. We'll show you how to use that information to look for evidence of an attack.

    more »
  • News

    Updates on Technologies, Trends, and Tools

    more »
  • News

    In the news: Linux Mint 20.3 Now Available; Linux Gets an Exciting New Firmware Feature; elementary OS 6.1 Has Been Released; Intel Releases Linux Patch for Alder Lake Thread Director; New Multiplatform Backdoor Malware Targets Linux, macOS, and Windows; and WhiteSource Releases Free Log4j Detection Tool.

    more »
comments powered by Disqus