Malware analysis: tools and methodologies for Apple Mac OS X and iOS devices

Methusela Cebrian Ferrer Microsoft

The increasing reliance on the global inter-connectivity of devices, data and people brings a new and ever-changing set of security challenges. For instance, malicious and potentially unwanted tools are widely available - relatively easy to acquire and weaponize. However, a more tempting target may lie in the rich opportunity of data and information stored and shared in connected digital space.

Apple Mac OS X and iOS users are not isolated in this case; in fact, in recent years, we have discussed how these platforms are affected and how they share the same security concerns. However, investigating and conducting analysis of malicious code can be very challenging on Apple devices, due to the fact that there is limited published research in this field.

This paper proposes to discuss how to set up a multi-user threat research lab environment for these platforms. The study includes an evaluation of available and open-source tools for the purpose of identifying, dissecting and monitoring malicious behaviour, examining why they are useful, and detailing relevant system artifacts - files and directories where users' valuable data and information are stored. It provides analysis of real threats from the wild as examples to emphasize the utility of static and dynamic analysis. Furthermore, it outlines the limitations and provides recommended options for users to consider. Overall, this paper aims to provide useful guidance and a starting point for individuals and the research community who may be pursuing an interest in malware on this platform.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

Malware Prevalence
Adware-misc |##########|
Java-Exploit |########|
Autorun |#####|
BHO/Toolbar-misc |####|
Conficker/Downadup |###|
 View this month's full report

Virus Bulletin currently has 231,312 registered users.