350 Chapter 9 · DIY Malware Analysis Introduction It's 3:00 on a Friday afternoon and your phone rings; it's your Security Operations Center (SOC).They tell you that they see an extraordinary amount of traffic going out to the Internet on port 443 from one particular Internet Protocol (IP) address on the network, which belongs to a machine in Santa Clara, California.Your job is to check out this machine to see what is causing this high traffic volume.You don't have physical access to this PC as you're in Boston, Massachusetts. How do you analyze this machine remotely? What tools do you use to accomplish this task? After reading Michael Blanchard's introductory section on "Anti-malware Tools of the Trade 101," you will know the basics of how to scan a machine for the presence of malicious software (malware), what to do once it's identified, and how to perform basic analysis on the malicious program itself, using a variety of tools. Anti-malware software is at a pitch of sophistication that would never have been envisaged a few years ago. Unfortunately, it's never faced the volume and complexity of threats that it does now, and it isn't practical to rely purely on "signature"-based detection. Even where more proactive, generic measures are in place, system administrators in many organizations need to have an understanding of forensics and analysis in order to do their jobs as well as possible. The sheer volume of new variants of bots and other malicious software associated with today's explosion of spam puts a severe strain on the ability of antivirus (AV) vendors to deploy timely reactive and proactive countermeasures.This in turn puts a strain on in-house