Security Basics mailing list archives
Re: seeking advice on how to research adware/spyware/identity theft software
From: zelyah zub <zelyahzub () gmail com>
Date: Wed, 12 Oct 2005 12:21:16 +0100
On 9 Oct 2005 21:15:38 -0000, nix1209 () yahoo com <nix1209 () yahoo com> wrote:
I am a student interested in pursuing research on adware/spyware/identity theft software (trojans/worms/virus in the future). Kindly guide me as to how I can do so without compromising the security of my own computing resources. What layers of defence should I have on my system, so that I can capture the infection without getting infected. Moreover, can u suggest any books/tutorials/websites that would help me(as a beginner). Thank You in advance for your time.
Hi, Unfortunatelly there are not so many books around that would describe in-depth process of analysing adware/spyware/identity theft software and there are only few that describe that for malicious software. The best you could do is to buy yourself a very good book "The Art of Computer Virus Research" written by Peter Szor of Symantec. Peter is one of the best respected virus researchers and his book is appropriate for technical people trying to learn how to analyse malicious code. I would also recommend you to try to learn as much x86 assembler / processor architecture and about the internals of WIndows operating system (see Windows Internals by Mark Russinowich). Another useful book may be Reversing: Secrets of Reverse Engineering by Eldad Eilam. Once you have a good grasp on that you could download free tools that are usually used for reverse engineering like IDA or OllyDbg (WinDbg) and black-box analysis (like various tools from sysinternals.com). It would be beneficial to have an analysis machine with an operating system image that can be quickly restored between running of samples to avoid cross-infection and to test payloads of particular sample. You would not wish your everyday computer become infected as that would inevitably happen if you run a sample. As far as getting samples to analyse that should not be difficult with the abundance of sites hosting malicious software these days. I hope that this helps, Zeleni Zub
Current thread:
- seeking advice on how to research adware/spyware/identity theft software nix1209 (Oct 11)
- Re: seeking advice on how to research adware/spyware/identity theft software zelyah zub (Oct 12)
- RE: seeking advice on how to research adware/spyware/identity theft software Vipul Kumra (Oct 12)
- RE: seeking advice on how to research adware/spyware/identity theft software Scott Schappert (Oct 17)
- <Possible follow-ups>
- Re: seeking advice on how to research adware/spyware/identity theft software crazy frog crazy frog (Oct 12)
- Re: seeking advice on how to research adware/spyware/identity theft software jesse . williams (Oct 12)