Study of W32/NetSky.Q worm and malicious website detection using packed malware string search

New malwares are released everyday infecting numerous systems daily. The Internet is still vulnerable and swarmed with malicious websites. Antivirus companies compete every moment to tackle every piece of malware by releasing new signatures, scanning techniques and generic removal tools. Tackling new malware is a tedious task while the internet is still infected with the traces of older worms. And the infection count only seems to increase every day. This situation demands for new offensive strategies to erase the traces of such worms while also strengthening the defensive strategies for the evolved variants of these worms. This thesis proposes a new approach to malicious website detection and gives an insight into one of the older yet popular worms, win32:NetSky.Q Worm. This thesis essentially began as an in-depth analysis of win32:NetSky.Q Worm. NetSky.Q is a mass emailing worm but is still among the top email worms today. By reverse engineering this worm and analyzing its properties, this thesis attempts to gain an insight of NetSky.Q. This thesis also focuses on the insecurities of today's websites which makes them vulnerable for malware attacks. Finally, a simple yet very effective technique to detect malicious websites is proposed. This thesis also discusses the possible future pragmatic approach.