UC-30 Malware Analysis Using Reverse Engineering

Cybercrimes are a billion-dollar industry that is rapidly growing by the day. One of the biggest threats faced by companies is the infection of malware. New forms of malware are created daily and ever evolving to evade detection methods. Understanding how malware infects your system and how it eludes detection is crucial to keeping a company\u27s network and devices safe. During this project we will be using reverse engineering methods to better understand the functionality of malware, as well as how it eludes detection. We will be using IDAPro and WiDbg to perform the reverse engineering. Using this knowledge, we will create a set of security standards to help companies to protect themselves from these infections. We will also create a document on how to secure a virtual machine for malware analysis. This will help future students who also are interested in analyzing malware themselves. Our preliminary results include understanding some of the most used forms of malware evasion techniques. These techniques include stalling delays, which is when a piece of malware remains idle to defeat time-based antivirus scans. Another technique is action required delays, which is when a piece of malware will only execute once an action or group of actions are performed this will trigger the malware to execute. Another way that malware is able to evade detection is fragmentation. In this technique the malware will split into multiple different fragments, which alone do not raise flags as suspicious, then rejoin and execute.Advisors(s): Dr. Hossain ShahriarTopic(s): SecurityIT 498

Bivalves as indicators of environmental variation and potential anthropogenic impacts in the southern Barents Sea

Author Posting. © Elsevier B.V., 2009. This is the author's version of the work. It is posted here by permission of Elsevier B.V. for personal use, not for redistribution. The definitive version was published in Marine Pollution Bulletin 59 (2009): 193-206, doi:10.1016/j.marpolbul.2009.02.022.Identifying patterns and drivers of natural variability in populations is necessary to gauge potential effects of climatic change and the expected increases in commercial activities in the Arctic on communities and ecosystems. We analyzed growth rates and shell geochemistry of the circumpolar Greenland smooth cockle, Serripes groenlandicus, from the southern Barents Sea over almost 70 years between 1882 and 1968. The datasets were calibrated via annually-deposited growth lines, and growth, stable isotope (δ18O, δ13C), and trace elemental (Mg, Sr, Ba, Mn) patterns were linked to environmental variations on weekly to decadal scales. Standardized growth indices revealed an oscillatory growth pattern with a multi-year periodicity, which was inversely related to the North Atlantic Oscillation Index (NAO), and positively related to local river discharge. Up to 60% of the annual variability in the Ba/Ca could be explained by variations in river discharge at the site closest to the rivers, but the relationship disappeared at a more distant location. Patterns of δ18O, δ13C, and Sr/Ca together provide evidence that bivalve growth ceases at elevated temperatures during the fall and recommences at the coldest temperatures in the early spring, with the implication that food, rather than temperature, is the primary driver of bivalve growth. The multi-proxy approach of combining the annually integrated information from the growth results and higher resolution geochemical results yielded a robust interpretation of biophysical coupling in the region over temporal and spatial scales. We thus demonstrate that sclerochronological proxies can be useful retrospective analytical tools for establishing a baseline of ecosystem variability in assessing potential combined impacts of climatic change and increasing commercial activities on Arctic communities.We gratefully acknowledge past financial support from Norsk Hydro, and continuing financial support from StatoilHydro, the Norwegian Research Council, and the Howard Hughes Medical Institute through Bates College. This publication was made possible, in part, by NIH Grant Number P20 RR-016463 from the INBRE Program of the National Center for Research Resources