Blog Archive

Monday, 25 October 2010

So, ya want to read up on malware analysis?

There was an email thread circulating here at GFI Sunbelt Labs listing good books about malware analysis. Someone said: “we should blog this.”

Here is a list of everybody’s picks:

“Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code,” by Steven Adair, Blake Hartstein, Michael Lighand and Matthew Richard, (2010) http://www.amazon.com/gp/product/0470613033/

“Malware Forensics: Investigating and Analyzing Malicious Code,” by James M. Aquilina, Eoghan Casey and Cameron H. Malin (2008) http://www.amazon.com/Malware-Forensics-Investigating-Analyzing-Malicious/dp/159749268X

In-depth reads on malcode analysis and disassembling techniques:

“Reversing: Secrets of Reverse Engineering,” by Eldad Eilam (2005)
http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817

“The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler,” by Chris Eagle (2008)
http://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593271786

“Disassembling Code: IDA Pro and SoftICE,” by Vlad Pirogov (2005)
http://www.amazon.com/Disassembling-Code-IDA-Pro-SoftICE/dp/1931769516

“Rootkits: Subverting the Windows Kernel,” by Jamie Butler and Greg Hoglund  (2005)
http://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319

The classics:

“The Art of Computer Virus Research and Defense,” by Peter Szor (2005)
http://www.amazon.com/Art-Computer-Virus-Research-Defense/dp/0321304543

(Although this is five years old, it’s something of a classic. It’s a nice history of malicious code, detection techniques and just a really good all-around read.)

“Malware: Fighting Malicious Code,” by Ed Skoudis and Lenny Zeltser (2003)
http://www.amazon.com/Malware-Fighting-Malicious-Ed-Skoudis/dp/0131014056

Zeltser also has a web site with great information:

http://zeltser.com/reverse-malware-paper/ (2001)

http://zeltser.com/combating-malicious-software/ (updated)

Thanks Alex and Eric

Tom Kelchner

No comments:

Post a Comment