This is a forum based learning class where we learned about malware.
Malware is short for Malicious Software. It refers to any software that is specifically designed and used in order to either gain access to unauthorized sensitive information or cause disruptions in the system it is attacking. The definition specifically states that malware is characterised by its intent hence software that unintentionally causes disruptions are not classified as Malware. Examples of malware include trojans, viruses and worms
There are a number of approaches that network forensics can use to detect malware. An example would be SIEM which stands for Security information and event management. This method attempts to log and monitor multiple traffic and activities to see anomalies which could be attributed to malware. Key features that it has includes Monitoring of traffic parameters deviation, Behavioral analysis,Operating system audit log monitoring of unauthorized software setup and Operating system audit log monitoring of a soaring number of endemic modifications in the file system.
C&C refers to command and control. Which is the server or workstation where cybercriminals receive and send commands to systems that is compromised by malware