Finding Malware with Coding Factory, F-Secure

F-Secure Life, Security & Privacy

Have you ever wondered if you have what it takes to hunt down malware? Last Friday at aTalent’s annual Coding Factory event, researchers from F-Secure Labs asked participants to put their security skills to the test by hunting down simulated “malware” planted in test computers.

Coding Factory is an event that connects IT companies with young IT talents. Rather than a job fair, the event aims to let jobseekers learn about the culture, working methods, and personnel at different companies.

It’s for people that care just as much about their working environments as their daily work. And it’s for companies that want employees to have meaningful roles and love not just their paycheck, but their colleagues, working environments, and time spent on the job.

For F-Secure, Coding Factory is a great way to put coders, programmers, and computer scientists to the same test researchers at F-Secure Labs face every single day: can you spot potentially malicious processes?

F-Secure Labs created a brief challenge to reproduce this situation for Coding Factory participants.

malware-hunting

“The desktop you’re given is exploited, and an attacker plants malware in your machine. Five times, to be more exact. Your challenge is to find the executed payload from the file system using various tools.”

Obviously, I use security software for this. But researchers are the people who discover and analyze the new pieces of malware to make sure the products give people the best possible protection. And while fellows working at F-Secure Labs do a fair bit of coding and regular software development, they don’t always rely on programming to solve security problems. While previous knowledge of cyber security and computer programming are invaluable to this type of work, the challenge was designed to so that participants could find the malware without knowledge of programming or Windows internals. Security is just as much a mindset as it is a technical skill.

So where did participants start?

Well, participants were provided with “hints” to help them learn more about hunting malware. Little nuggets of wisdom from F-Secure Labs such as:

-The malware dropped a new file to the system. Maybe check the newly created files?

-Running Process Explorer as Administrator provides more intel on restricted processes.

And so on.

F-Secure Labs

While Coding Factory attracts participants from a wide variety of backgrounds, F-Secure Labs researcher Päivi Tynninen was, overall, impressed with how well the participants handled the challenge. Everyone made it to the third part of the challenge (by finding the first 2 pieces of simulated malware). About three quarters made it to the fourth, and only 3 pairs were able to complete the entire challenge.

“I’m very happy with this outcome, as it shows the challenge was doable, but still remained challenging,” says Päivi. She was also glad to see people not depending too much on the hints she provided to them. Instead, they came up with their own ways of solving the problems. After all, cyber security is like a cat and mouse game between the industry and attackers. Cyber criminals, hacktivists, and advanced persistent threat groups responsible for spreading malware are constantly trying to outsmart the security that protects people and companies. So out-of-the-box thinking is always welcome.

“I’m also pleased with the participants as they were trying to solve the challenges by themselves as well with their innovative approaches, and didn’t just blindly trust the provided hints,” adds Päivi.

Anyone interested in joining Päivi and the team at F-Secure Labs can find open positions here.

0 Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like