Practical Malware Analysis

Any team whose job it is to analyse and prevent malware needs at least one copy of this book. The wide range of topics covered means that the book contains material useful both to beginners in the field and also the experts.

My Rating: yesyesyesyesno





This is a huge book covering a wide range of different topics. While those already working in the field may be able to read quite a way through the book relatively quickly and understand the material covered, for someone just starting out it will take a lot longer. Each chapter of the book covers a fairly complicated subject and when you first come across each it will take quite a while and perhaps several re-readings of the chapter before you really understand what it is about. Not to worry though as each chapter ends with several labs where you get to put the material in the chapter to use by analysing some code in order to determine what sort of malware it contains, so that you will easily know when you have properly understood the chapter's content.

Experts in the field should find this book a useful reference because of the completeness of the coverage which will serve as a reminder for them of how to use techniques that they may not use very often. The information in the appendicies will also serve as a useful reference.

This book contains many examples of how computer instructions can be misused by those writing malware to achieve results that were never intended by those who created those instructions in the first place. In some instances such instructions are actually flagged for removal from the language (such as the JavaScript unescape command mentioned on page 423) but will continue to cause problems until such time as that removal actually takes place. Other misues of instructions is done to deliberately make it harder to analyse the code and the book also contains numerous examples of ways that this can be done and actions that you can take to bypass such attempts. Possibly the simplest of these examples is where a field is set to a known value and then compared with that same value in order to produce a jump that looks like it is dependent on a condition or alternatively using both equal and not equal tests to achieve the same result.

There is way too much information in this book for any review to properly cover what the book contains. There is sufficient material in the book for it to take a very long time to actually work your way through learning everything that the book covers. One thing that does make this book somewhat different from others is the lab exercises at the end of each chapter that allow you to put the techniques into practice. As well as making sure that you know the material in the chapter, the labs also serve to guarantee the correctness of what you learn as you get to see that the techniques described actually work by using them yourself.

More Information from the Publisher

go to top

FaceBook Follow
Twitter Follow