Want to get into malware analysis

[dphull at trustedsignal.com (Dave Hull)]

2009/1/23 matt donovan <kitchetech at gmail.com>:
> I am already planning to buy Applied Cryptography, 2nd Edition to learn
> about some Cryptography.

Great book, but I don't know how helpful it will be for learning about
malware. You may be better served with a book on assembly and reverse
engineering. There are two common approaches to studying malware:
behavioral analysis and reverse engineering. Behavioral analysis
involves creating a controlled, air-gapped environment to run your
samples in with appropriate monitoring systems installed (network and
process sniffers). As you learn more about the code and how it
behaves, you'll modify the environment it runs in. For example, if it
tries to connect to some server via http or irc, you can set up that
service and add an entry to a hosts file to point to your new service.
Fire up the malware again and see what it does when it connects to
those services...

Behavioral analysis is only going to get you so far. Eventually you'll
want to disassemble the code to find out what it's really capable of,
this is where things get more complicated, for me at least. I know the
basics and have studied this a little, but unfortunately I'm no master
of assembly (yet) which I believe is a requirement for hardcore
reversing. Others may not agree.

Good luck, I think it's a really interesting field and wish I had more
time for it... and all the other things I find interesting.

-- 
Dave