Book Review: Malware - Fighting Malicious Code by Ed Skoudis with Lenny Zeltser
One of the great things about general purpose computers is their ability to automate large parts of our life, and remove many of the less interesting tasks from our to-do lists. Unfortunately, this is a double edged sword, as attackers can remove much of the drudgery of compromising systems, as has been happening since the creation of the first viruses in the 1980s. Malware aids all attackers, from those simply looking to have a bit of malicious fun (as seen in many of the early viruses), those who wish to show off their ability to attack and posses many machines, and of course those with even more sinister motives ranging from the financial to the political and militant.
Malware devotes around three-fourths of its pages to discussing the six main categories of malware: viruses, worms, malicious mobile code, trojans, backdoors and rootkits (both usermode and kernel). In the first part of the book you will learn about the motivations of the attackers, the types of attacks that are used to install the malware, how the malware works, and the degree to which it compromises the system. For each major type of malware and attack, a few real life examples are usually included. However, this book goes beyond just examining the manners in which you can be attacked, and for each type of malware recommends strategies for an organization to employ in order to defend against each category. Of course, one of the major mechanisms in every case was to harden the systems (though in every case the area to focus on was given, as well as a justification), but also, where relevant, other suggestions were included.
Where this book really shines is the last few chapters, which examines combo malware (which combines the characteristics of multiple categories) both in its existing form and potential forms, and an analysis of how the very hardware of a system might be infected, in both the bios and microcode. More interesting to some perhaps, will be the chapter discussing how to setup a malware analysis lab, and begin dissecting captured specimens.
Throughout the book, a pragmatic approach is followed, realizing a good balance between describing real life cases and providing an understandable and well ordered description of how each category of malware is defined and works.
How does this stack up to The Art of Computer Virus Research and Defense (which I reviewed some months ago here)?
Malware provides a far better introduction to malware, in part simply because it covers a far greater range of malware, but also because the material is organized in a superior manner. It also takes a more practical approach to many aspects of malware, covering more details about how to defend your systems from malware, as well as providing concrete details as to how to begin analyzing malware.
For anyone looking to learn how to secure their systems from malware, how to begin performing analysis on malware, or just interested in learning about this subject, you should find this a good starting point thanks to its concrete examples, and plentiful suggestions of where to find more (and up-to-date) information online. The only major downside is its age - the only version I find of this book was published in 2003, with the consequence that no cutting edge examples are included, and some of the web links suggested no longer resolve. You can find malware here (Amazon).