Malware analysis is essential for contemporary crimeware analysis in the enterprise. There are too many crimeware variants with too many tricks to obscure their real intent. There were eight million new variants in the first quarter alone, according to McAfee. Anti-malware and IPS can only do so much—even with the right resources or deep pockets to farm it out, it is expensive and time consuming. The immediate goal is to contain the intrusion. http://alrt.co/TeuUUG
Takeaway: Sometimes, simply blocking firewall ports or an IPS signature is just not enough; you have to get into some serious reverse engineering, which requires some education. You need to understand assembly language and know what to identify.