Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 11-11-2010, 04:03 PM
blackburgpchelp blackburgpchelp is offline
 
Join Date: Apr 2009
Location: Blacksburg, VA
Posts: 140
blackburgpchelp is an unknown quantity at this point
Default Malware Analyst's Cookbook

I just got this book in from Amazon:
Malware Analyst's Cookbook and DVD and I have to say it is fantastic so far. The DVD alone is worth the price of the book, with many custom analyst tools. The book is meant for forensic analysis of malware rather than specifically for removal. But it covers setting up a malware lab with honeypot and analysis techniques to classify and see the actions of specific malware.

I've also been studying this book: Rootkits: Subverting the Windows Kernel which I know has been mentioned on this forum before. I also highly recommend it.

If we're going to stay at the top of our game in malware removal, we have to learn how malware works. It is constantly evolving, and written by some of the best coders out there. We can't rely on scanners to do the work for us, nor can we rest on our laurels in our tried and true techniques of manual removal.

Would love to know if other folks have been using these books or any others to stay on top of malware?

-Rance
Reply With Quote
  #2  
Old 11-11-2010, 06:30 PM
joydivision's Avatar
joydivision joydivision is offline
 
Join Date: Jul 2009
Location: Manchester, UK
Posts: 3,093
joydivision is on a distinguished road
Default

Nearly bought the second book as it is only 20 but as it was published in 2005 is not out of date?
Reply With Quote
  #3  
Old 11-11-2010, 06:39 PM
blackburgpchelp blackburgpchelp is offline
 
Join Date: Apr 2009
Location: Blacksburg, VA
Posts: 140
blackburgpchelp is an unknown quantity at this point
Default

It is and was even when it was released. The methods it covers are so fundamental and basic that they should be studied all the same, in my opinion. Even though new techniques have developed, the fundamentals are important to understand. And without these fundamentals under our belts, it is harder to follow the blogs, and websites that we can use to keep us up to date on the cutting edge malware.

How many of us can say we really understand how a rootkit works or what one is? I know there are some on here that do and can, but I bet they are the minority. That's not meant to be a troll or flame-inducing comment, but an honest assessment into our normal techniques as computer techs.

-Rance
Reply With Quote
  #4  
Old 11-11-2010, 06:46 PM
joydivision's Avatar
joydivision joydivision is offline
 
Join Date: Jul 2009
Location: Manchester, UK
Posts: 3,093
joydivision is on a distinguished road
Default

I don't have anything like enough understanding hence me wanting to study this in a lot more detail. It is a skill I can hopefully take with me beyond the desktop operating system.
Reply With Quote
  #5  
Old 11-11-2010, 06:49 PM
Martyn's Avatar
Martyn Martyn is online now
Administrator
 
Join Date: Apr 2010
Location: Bedfordshire UK
Posts: 5,275
Martyn has a spectacular aura aboutMartyn has a spectacular aura about
Default

Thanks it looks a good book.
Reply With Quote
  #6  
Old 11-11-2010, 06:59 PM
joydivision's Avatar
joydivision joydivision is offline
 
Join Date: Jul 2009
Location: Manchester, UK
Posts: 3,093
joydivision is on a distinguished road
Default

The malware cookbook is only 26 inc delivery and I can claim tax of that too Will order it tonight.
Reply With Quote
  #7  
Old 11-12-2010, 07:27 AM
MobileTechie's Avatar
MobileTechie MobileTechie is online now
 
Join Date: Oct 2009
Location: UK
Posts: 4,169
MobileTechie has a spectacular aura aboutMobileTechie has a spectacular aura about
Default

So in terms of helping a tech in malware removal, what sort of things does it teach that we don't already do - i.e. checking common reg and file locations and using reporting tools like autoruns, OTL, HJT and the common scanning tools?
Reply With Quote
  #8  
Old 11-12-2010, 01:56 PM
blackburgpchelp blackburgpchelp is offline
 
Join Date: Apr 2009
Location: Blacksburg, VA
Posts: 140
blackburgpchelp is an unknown quantity at this point
Default

Mostly I'd say it teaches how the tools work and not just how to use them. You'll see a lot of how malware, rootkits especially, hide. Particularly how they can hide their registry and file entries using alternate data streams. Programs like GMER and such check for this kind of thing.

The Malware cookbook will show you how many of the viruses accomplish what they accomplish. I've already learned a few new techniques for manual removal that I had no clue of before.

Mostly I think its an issue of knowing why we're running a particular scan rather than just because it's a standard procedure. Or what we might miss in a purely manual removal. Most of all, how can you tell that the system is 100% absolutely clean?

I find myself realizing how ignorant I am about how some of the tools I use work or just how sneaky some rootkits/malware really are.
Reply With Quote
  #9  
Old 11-12-2010, 07:18 PM
othersteve othersteve is offline
 
Join Date: Feb 2010
Posts: 506
othersteve is on a distinguished road
Default

This is my favorite subject related to computer repair. I have read quite a lot on the topic and am very familiar with tools such as OTL, ComboFix, etc. I have also built some of my own manual diagnosis tools to help me do some stuff I wouldn't normally be able to do remotely.

However this looks like a great reference--I may give it a shot next!
__________________
-Steve

Born a technician, though always willing to learn and improve. :)

Managing Editor, DigitalChumps.com
Senior Editor, Notebookcheck
Owner/Sole Proprieter, Triple-S Computers
Reply With Quote
  #10  
Old 11-12-2010, 07:59 PM
blackburgpchelp blackburgpchelp is offline
 
Join Date: Apr 2009
Location: Blacksburg, VA
Posts: 140
blackburgpchelp is an unknown quantity at this point
Default

Nice Steve,

I'd love to hear about some of the stuff you've done. I think that's my point here, long and rambling as its been. I'd love to hear about things other people have done to learn more about virus removal from a technical standpoint.

I'm working on getting my own honeypot and lab set up and can't wait to start catching some live ones from the wild.

-Rance
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:44 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.