NINJA BLOG

Marcell Csendes | 2022.08.12. |
Malware Detection - Set up, schedule, catch and quarantine with BitNinja

Malware Detection – Set up, schedule, catch and quarantine with BitNinja

BitNinja Security Starting Point – A Short Educational Program

Here at BitNinja we think that cyber security should be simple. So, we’ve designed BitNinja to make your life easier. We’ve built features and capabilities that can greatly simplify your work.

Here is a short guide to our product with tips and helpful hints. These educational articles should help you properly utilise BitNinja’s features to grow your company while having a clear understanding of how it works!

1. Network Attacks – What are they and how can you filter them with BitNinja?
2. Malware Detection – Set up, schedule, catch and quarantine with BitNinja
3. WAF- Managing patterns and testing the BitNinja WAF
4. IP filtering – Blacklists, whitelists, greylists and the BitNinja logic

In this article you will get to know more about:

  1. What is Malware?
  2. What is Malware Detection and what is it for?
  3. Setting up and scheduling your Malware Scans
  4. Creating a user level signature
  5. Malware catches and quarantine

What is Malware?

Malware is the short version of the word “Malware Software”. It’s generally intended to cause damage, harm, track data or give remote access to hackers. They are a real headache, which is why BitNinja can help you here.

What is Malware Detection and what is it for?

One way that cybercriminals can access a server is by using a backdoor. Backdoors are typically installed as malware, and it’s essential to block and remove the infected malware file as soon as possible.

💎 Structure Analysis
The latest threat to server security is obfuscated malware. Traditional malware detection can’t find these infected files. That’s why we analyze the structure of the code, which helps us eliminate more sophisticated malware.

The scan will identify various malwares and backdoors that are spying on you and your customers. 

The tool we are using (inotify-tools or auditd) is looking for any file changes, so whenever an attacker targets your website using malware files the BitNinja MalwareDetection module will be there waiting to catch that. You can also trust us with root cause analysis: our Defense Robot finds the backdoor and the attacking IP, block the attack and prevent any further infections on the server.

Setting up and scheduling your Malware Scans

BitNinja automatically checks for file-changes, but you may also do Manual Scans from CLI or the Dashboard. It is also possible to restrict the scan to a custom folder.

Using the Command-Line Interface:

Command: bitninjacli –module=MalwareScanner –scan=/var/www


Using the Dashboard:

For example, running a Malware Scan immediately after you have installed BitNinja on the server is an excellent idea.

You may also schedule Malware scans every week on specific weekdays. Using Cron Jobs you can also do the same more frequently, that is your choice.

Creating a user-level signature

You can create your own user level signatures on the Local Malware Signatures page.This is useful in many ways: you can detect infections that are not catalogued in BitNinja’s database, and if you are being targeted by a specific type of malware, you can fight it head-on. You can also publish malware files on your own servers that you believe are dangerous.

Malware catches and quarantine

On the Anti-Malware Overview page you will see Catches, e.g. the number of incidents that occurred on your account. We offer a lot of flexibility and control Catches. BitNinja cleans critical malware files, but there is an option for getting only reports of malware catches. With our approach, you can see every infection cleaned by BitNinja across your servers.

As every module is customizable, MalwareDetection also comes with some options under the hood.

  • Max File Size to Watch
  • Quarantine Mode (Log only or quarantine)
  • Replace Malware to Honeypot file
  • Whitelist directories, extensions
  • Performance settings (CPU/IO Scheduling)

Similar to scans, restoring files from quarantine can be done both from CLI or the Dashboard.

Command: bitninjacli –restore=/path/to/file

📌 You can find the technical details and customizations here: Documentation – MalwareDetection

BUILD YOUR SECURITY

Start the 7-day free trial with full functionality without spending a cent.

TOP ARTICLES