Building an Automated Behavioral Malware Analysis Environment using Open Source Software

The first question one might ask is why build our own analysis environment when there are a growing number of services (free and otherwise) such as the Norman Sandbox, CWSandbox, Anubis, ThreatExpert, etc. that will do the analysis for us. The primary answer is that, for privacy and policy reasons, there are some samples of malware that we encounter on a regular basis that we simply are not at liberty to share with other entities or organizations with which we do not have privacy or non-disclosure agreements.