Chapter Eight · Hostile Software Up Close

Malware and Analysis Basics

The intruder drops malware on the Meridian foothold to keep access and spread. This chapter goes deeper than Security for Beginners — how malware is built to persist, hide, and evade, and how a defender analyzes a suspicious file safely to understand it. The point is not to write malware but to recognize, analyze, and defend against it.

5 topics

Malware is the attacker's way of keeping and extending a foothold — code that persists across reboots, hides from the administrator, and phones home for instructions. This chapter goes past the beginner catalog of virus, worm, and trojan into how that code is actually built to survive and evade, and how a defender pulls a suspicious file apart in a lab to understand what it does and produce indicators to hunt with.

Five topics: classifying malware by behavior, how it persists and hides, static and dynamic analysis in an isolated lab, indicators of compromise, and the evasion that fights the whole detection stack. The recurring lesson is that the control channel and the behavior — not the specific file — are what a defender should build detection around.

What malware does, and how a defender answers it
What it does
Persist · hide · command-and-control · act
The answer
Analyze in a lab · extract IOCs · detect behavior

Topics in This Chapter