Anti-Malware , Forensics , Technology

Building a Career on Taking Apart Malware Cyphort's Marschalek Describes Reverse Engineering
Building a Career on Taking Apart Malware
Marion Marschalek of Cyphort (Photo by Mathew Schwartz)

Malware: How does it work, who built it and what - or who - is it designed to target? Answering these types of questions is a job for Marion Marschalek, who reverse-engineers malicious code for a living.

"I love to take things apart, so I'm a malware analyst, which means I frequently look at - and into - malicious binaries," she says in an interview with Information Security Media Group.

Marschalek says she entered the field after working in a job focused on compiling "big data" analyses of larger malware trends. But increasingly, she wondered how the individual pieces of malware that she was cataloging actually worked. Two years ago, she decided to enter a women-only malware reverse-engineering challenge - meant to encourage more female engineers to enter the field - and took first prize, which was a ticket to attend the Syscan Singapore 2013 conference and present her findings. She was hooked, and before long, she landed a job with the advanced persistent threat detection firm Cyphort, where she's now part of a security research team that analyzes malware intercepted by the company's products.

"I swear, doing [this] job, I've never felt bored. It's always been a challenge, and it's always interesting to dig into binaries," she says. "You don't usually stare at assembly code all the time, but you get to know the inner workings of a piece of binary [code], and with that you also get to know the thoughts that the author had who implemented it ... which is a little bit creepy sometimes. But mostly it's fascinating."

In this interview (see audio link below photo) Marschalek also discusses:

  • The rise in malware attacks that don't just target financial assets but also intellectual property;
  • The myth that malware needs to be complex to be successful;
  • The alleged French espionage Trojan Babar and how it compares with Regin and Stuxnet.

Marschalek, senior malware researcher at Cyphort, is a member of the Black Hat Europe conference review board and teaches a women-only malware analysis course at Austria's University of Applied Sciences St. Pölten. She's also worked as a malware analyst at Vienna-based Ikarus Security Software and as a database engineer and developer at Sistemas de Información in Mexico.

Around the Network