A simple malware test environment

Malware does not need to compromise the operating system kernel in order to provide an untrustworthy browsing experience for the user. This paper describes a simple, virtual machine-based, malware test environment built using freeware and open source software. The system was designed to allow the high-level behaviour of a piece of malware to be studied quickly and conveniently by monitoring network, process and file activity. The system proved effective when trialled against different samples of the well-known malware Zeus and was verified further by tests conducted with the commercially available anti-malware products PC-Tools and Trusteer. Although tests were conducted with variants of the Zeus malware, the techniques discussed in this paper are equally applicable to any other malware and can be used to quickly assess the effectiveness of potential anti-malware solutions. Also, the system is portable and simple, requiring only a general level of technical knowledge to operate, allowing it to be used as a convenient platform for a wide student and professional audience.