Using DIARIO Through FOCA For Malware Analysis

Carlos Ávila    19 May, 2021
Using DIARIO Through FOCA For Malware Analysis

Web servers are one of the main channels for the spread of malware on the internet. They are frequently attacked in search of security flaws that allow them to be infected, so that they, in turn, serve as agents for spreading malware, controlling botnets and mining cryptocurrencies, among other malicious activities.

For this purpose, one of the moves made by attackers is to upload infected files to servers in order to deploy such malicious code to users. In this article we focus on files (office and pdf) that could be infected and hosted on compromised web servers.

This is where, through the FOCA tool (opensource), we can use the DIARIO plugin to analyse whether or not these files contain malware in embedded macros and thus prevent the spread of such files on the internet or to your own users.

DIARIO, How to Detect Malware While Protecting Your Privacy

But what is DIARIO? DIARIO is a platform that incorporates Artificial Intelligence specifically trained to detect malware that generally eludes traditional antivirus solutions and, to do so, performs a process of analysis of the documents without the need to access the content of the same, which is essential in the case of files of a private or sensitive nature.

Through the FOCA tool (opensource), and after searching the documents on the web server, you can use DIARIO to periodically analyse the files uploaded to your web servers to find out whether they contain malware or not (at macro level) so that you can carry out some mitigation and control action on this risk.

The analysis can be run individually or for all the files crawled or found by FOCA and its search methods. At the end, you can also get a tabulated summary of the results.

The truth is that these files should not even be on web servers, as they should be checked before they reach the server. But criminals keep updating and improving their techniques, so in case you want to give it a try, you have one more tool to analyse your documents from a different perspective in order to defend yourself against this type of threat.

Leave a Reply

Your email address will not be published.