MSU students study Chinese cyberspies' malware

Contact: Leah Barbour

STARKVILLE, Miss.--As news networks around the nation report the damage done by alleged state-backed Chinese cyberspies, Mississippi State University computer science and engineering students will learn directly from the malware.

Mandiant Inc., a security vendor based in Virginia, released a report on Feb. 19 listing major Chinese cyberattacks against 141 entities, most of which are in the United States. A military unit in Shanghai most likely comprised the cyberspy team which stole sensitive information, especially as it relates to infrastructure.

Even in the face of bad news, Wesley McGrew, a research associate who teaches reverse engineering at MSU, is excited about how this information will benefit his students. He plans to use malware samples identified in Mandiant's report.

"By providing them with real malware samples and teaching them all the proper safety procedures for handling, we allow them to have the expertise of looking at real malicious software," he said.

Using real malware to teach students has garnered the attention of Techworld, an industry leader in enterprise information technology, in its goal of providing resources to help IT managers do their jobs more efficiently and develop their careers more effectively.

In writer Jeremy Kirk's article "US students get cracking on Chinese malware," McGrew emphasized his goal of ensuring that his MSU students get the real-world experience they need to succeed in the cybersecurity profession after they graduate.

Because some malware is less complex than others, McGrew plans to use samples that are not particularly complicated, he said. Students with basic malware-analysis skills will get to learn exactly what they will be looking for when they enter the cybersecurity field.

Mandiant identified numerous malware samples, as well as families of related malware. McGrew is working to analyze the samples in hopes of linking them to particular families. He is especially interested in the simpler ones, since not only do they lack complexity, they are more likely to be used.

Advanced malware, because it's blocked once it's detected, is often a last resort for hackers, so teaching students using the simpler samples will better prepare them to identify and deal with their functions.

"The importance of having malware that has an impact on the economic advantage of one company over another or the security of a nation is priceless," McGrew said. "This is exactly what (students) should be learning to look at."

Many students in McGrew's class have scholarships that allow them to work for government agencies following graduation, whether the National Science Foundation's Scholarship for Service program or the U.S. Department of Defense's Information Assurance Scholarship Program.

"We have a room with highly motivated students absolutely looking to get into this field," McGrew said. "It puts them in positions that the country is desperately trying to fill right now."

For more information about Mississippi State University, visit

Mon, 02/25/2013 - 06:00