First Step

• Mainly rely on

  • a database of identifiable pieces of known suspicious code (file signatures)

  • behavioral and pattern-matching analysis (heuristics)

• It can be useful to run several different antivirus programs against the same piece of suspected malware

• Malware can easily change its signature and fool the antivirus

• VirusTotal is convenient, but using it may alert attackers that they’ve been caught