As discussed in our joint SANS webcast last March (“Family Matters: Practical Malware Family Identification for Incident Responders”), identifying and tracking the activity and behavior of these malware families not only accelerates the analysis of individual samples but also helps incident responders think systematically about incoming attacks, achieving a more accurate high-level view of the threats they face.
Every security researcher knows that malware authors are continuously adapting their wares to evade detection and gain a foothold in the network. And when the source code of an established piece of malware is leaked into the public domain, savvy operators will often act quickly to copy and steal the useful parts of the leaked code to improve their own. For this reason, Jake advises that by investing the time to understand the family of origin of a particular malware strain, you’ll be better prepared when a new variant strikes. ...read more!
