Malware: Fighting Malicious Code

The book focuses both on attacks and defenses, reveals how attackers install malicious code and evade detection, and shows how to defeat their schemes, secure systems and protect networks from being affected by malware. The book discusses both Windows level attacks and UNIX type attacks and uses examples of recent kernel rootkits (keep in mind that the book was published in November 2003) that are analyzed for both platforms.

The book also introduces new ideas and theories such as the discussions on new attacks to BIOS and Microcode, where the authors explain how these attacks are conducted , the results that might be sought after, and how to protect from it. In chapter 11 for instance, the authors present on reverse engineering and studying Malware. They present many examples of a lab setup to dissect Malware and discuss some common tools and approaches to use, and provide a checklist for preparation and verification of your own lab. They basically provide instructions for building your own malware code analysis lab to allow you to get familiar with attack and defensive tools. I thought this was a nice feature especially for people who would like to know more on this subject but they are not necessarily security experts. This will allow them to get some hands-on experience in the comfort of their own lab.

The book provides great information for beginners to gain a better understanding, and provides in-depth information for the more advanced users. It is well written and fun to read. The writing style is simple but elegant allowing readers from different backgrounds to follow the explanations and discussion. In addition, the authors have put a lot of efforts into making complex topics and concepts very understandable, especially with the use of analogies to help explain the difficult sections and scenarios.

"Malware: Fighting Malicious Code" is a must read and an excellent resource. It covers everything you need to know about malware, understanding it and defeating it with practical actions that you can take to secure your systems and networks.

Rating:
Summary: Very Good Book on Understanding and Fighting Malware
Review: "Malware: Fighting Malicious Code" is the most comprehensive book to date on malicious code. The book devotes a full chapter to each type of malware: viruses, worms, malicious mobile code, backdoors, Trojan horses, user-mode rootkits, kernel rootkits, etc. Each chapter presents the characteristics and methods of attack, evolutionary trends, and how to defend against each type of these attack. In addition, in each chapter you will find various scenarios in which malicious code has been planted in systems and concludes with how to safely and effectively analyze potential and real malware. The chapters are covered in great details and include many charts and diagrams that help illustrate the concepts presented, and they come with a summary and a list of references for further research on the topic.

The book focuses both on attacks and defenses, reveals how attackers install malicious code and evade detection, and shows how to defeat their schemes, secure systems and protect networks from being affected by malware. The book discusses both Windows level attacks and UNIX type attacks and uses examples of recent kernel rootkits (keep in mind that the book was published in November 2003) that are analyzed for both platforms.

The book also introduces new ideas and theories such as the discussions on new attacks to BIOS and Microcode, where the authors explain how these attacks are conducted , the results that might be sought after, and how to protect from it. In chapter 11 for instance, the authors present on reverse engineering and studying Malware. They present many examples of a lab setup to dissect Malware and discuss some common tools and approaches to use, and provide a checklist for preparation and verification of your own lab. They basically provide instructions for building your own malware code analysis lab to allow you to get familiar with attack and defensive tools. I thought this was a nice feature especially for people who would like to know more on this subject but they are not necessarily security experts. This will allow them to get some hands-on experience in the comfort of their own lab.

The book provides great information for beginners to gain a better understanding, and provides in-depth information for the more advanced users. It is well written and fun to read. The writing style is simple but elegant allowing readers from different backgrounds to follow the explanations and discussion. In addition, the authors have put a lot of efforts into making complex topics and concepts very understandable, especially with the use of analogies to help explain the difficult sections and scenarios.

"Malware: Fighting Malicious Code" is a must read and an excellent resource. It covers everything you need to know about malware, understanding it and defeating it with practical actions that you can take to secure your systems and networks.

Rating:
Summary: Nearly everything you need to know about malware
Review: Ed Skoudis does a great job of detailing just about everything you need to know about malware.

The problem is that many users unknowingly and unwittingly open their computers to malicious code via viruses, worms, P2P programs, trojan horses and more.

The book provide step by step solutions on how to prevent malware from infecting your system, and what to do in the event it does.

Malware: Fighting Malicious Code is written in a technical but easy to digest style. The book is great for system and security administrators and anyone interested in ensuring their systems are protected from the vastly underrated threat of malware.

Rating:
Summary: Massive, magnificient, mischievous, machiavelian, Malware!
Review: Eds latest book is his best and most fun to read. This tome is an amazing treatise on malicious code. Ed has outdone himself in his categorization, and in depth analysis of evil code. This book addresses the full gamut of types of malware, from trojans to kernel and user level root kits.

I highly recommend this book to anyone wanting to know more about how malicious code works, and how to defend against it. This should be required reading for software engineers, so that they truly understand the very nature of how attackers ply their craft.

Put on your tinfoil hats, this book is a great read!

Rating:
Summary: Massive, magnificient, mischievous, machiavelian, Malware!
Review: Eds latest book is his best and most fun to read. This tome is an amazing treatise on malicious code. Ed has outdone himself in his categorization, and in depth analysis of evil code. This book addresses the full gamut of types of malware, from trojans to kernel and user level root kits.

I highly recommend this book to anyone wanting to know more about how malicious code works, and how to defend against it. This should be required reading for software engineers, so that they truly understand the very nature of how attackers ply their craft.

Put on your tinfoil hats, this book is a great read!

Rating:
Summary: Awesome!
Review: I rarely label something a 'masterpiece', but Ed Skoudis's "Malware: Fighting Malicious Code" is nothing short of that. The book is an amazing combination of depth and breadth, which I always love in a security book. Moreover, it combines the above with lively and easy to follow presentation style as well as Ed's trademark humor (featuring the traditional overuse of the word "evil" :-) ) In many regards, the book is more fun to read and more packed of material than his previous work "Counterhack". The book also emanates the excitement that the author obviously feels about this field.

The book covers the wide scope of malicious code (viruses, worms, mobile code, rootkits, Trojans, backdoors) in a logical and well-structure fashion. This is not your grandmother's "virus book", as it covers all sorts of malicious programming and scripting. Chapter summaries, reasons 'why do you need to know', examples, clear diagrams, accurate analogies (something which is often abused in other security books) are all there to educate and entertain. In the very beginning I thought that some of the examples are a bit simplistic, but later I noticed that they work extremely well, especially for some of the technologies I was not intimately familiar with (such as Windows kernel).

The book starts with a nice and clear definition of "malicious code", which helps to set the frame for the rest of the book. It then goes to cover all the types of malware outlines above. Here are some of the chapter highlights, that I liked the most. "Worms" chapter has some exciting material on future worms and possible trends in worm activity. Mobile code chapter covers various browser-based attacks, including evil plugins, ActiveX and XSS (as utilized by malware). Backdoor chapter presents sniffing backdoors and fun tricks on using VNC. Trojan chapter shines in its coverage of source Trojans (with detailed analysis of recent attacks against common open-source software) and some neat data hiding tricks. Rootkits (two chapters for application and kernel-level) are my favorite. They are very well written and present this malicious technology in a logical fashion. Moreover, the material starts with brief but useful overviews of Linux and Windows kernels, which then continues as "five ways to manipulate a kernel" for malicious purpose. The material on Windows rootkits and kernel tricks is fascinating. Several examples of fairly recent kernel rootkits are analyzed for both platforms.

If the rest of the book is exciting, the chapter 9 is simply awesome. The author studies the possibility for BIOS and CPU microcode malware. Next chapter covers some end-to-end malware related attacks scenarios, which are lots of fun to read.

The book is topped with a chapter on analyzing malware, complete with suggestions for a lab setup and structured presentation of various~~ analysis approaches (static and dynamic). Analysis template is there as well.

Overall, the book is a great read for any security professional, system admin or an aspiring hacker. It focuses equally on attacks and defenses, with a slight bias towards attack (it also often touches on "defenses against defense" tricks, utilized by malicious software). UNIX and Windows platforms are both covered in almost equal level of detail.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

Rating:
Summary: Another tour de force from one of the community's best
Review: I reviewed Ed's "Counter Hack" in Nov 2001, giving it five stars as the perfect introduction for newcomers to the security field. 2 1/2 years later I'm happy to say "Malware" delivers the same quality, clarity, and insight that made "Counter Hack" a winner. My only regret is not having read and reviewed "Malware" sooner!

One of the impressive aspects of this book is the degree to which it is "future-proofed." Ed looks at current threats like worms, viruses, trojans, and user- and kernel-mode rootkits, like any author might. He then takes malicious software to the next level, from the kernel to BIOS and finally to CPU microcode. These BIOS- and microcode-level attacks are still largely theoretical (aside from BIOS-destroying code), at least as far as the public knows. When the world sees these threats emerge, "Malware" will be waiting to explain their capabilities.

Ed writes exceptionally well, bringing coverage of Linux and Windows kernel internals to the masses. I enjoyed learning about the trojaned Tcpdump distribution, anti-forensics, DLL injection, and API hooking. Lenny Zeltser's chapters on malware analysis were helpful as well, and I recommend attending his reverse engineering classes. The book also shines with respect to skillful use of tables and diagrams to explain key points.

The only technical inaccuracy I found was the proposition that UNIX filesystems maintain a c_time as "creation time" (p. 319 and elsewhere). c_time is "change of inode time," like changing permissions on a file. Windows' NTFS "c_time" is indeed "creation time," however. I also found myself skipping many of the author's analogies, like the king, knights, castle, etc. story in the BIOS/microcode discussion. Ed's writing is clear enough that anyone with some technical experience should be able to understand his points without falling back on analogies.

I highly recommend "Malware" to anyone who wants to understand the capabilities of our digital enemies. Many other security books are vulnerability-focused, spending time explaining ways to subvert, breach, or abuse poorly designed or deployed applications. "Malware" is threat-oriented, showing the capabilities of intruders and their code. This knowledge will change the way you think about security and the trustworthiness of your systems -- especially those exposed to the harsh reality of the Internet.

Rating:
Summary: Another tour de force from one of the community's best
Review: I reviewed Ed's "Counter Hack" in Nov 2001, giving it five stars as the perfect introduction for newcomers to the security field. 2 1/2 years later I'm happy to say "Malware" delivers the same quality, clarity, and insight that made "Counter Hack" a winner. My only regret is not having read and reviewed "Malware" sooner!

One of the impressive aspects of this book is the degree to which it is "future-proofed." Ed looks at current threats like worms, viruses, trojans, and user- and kernel-mode rootkits, like any author might. He then takes malicious software to the next level, from the kernel to BIOS and finally to CPU microcode. These BIOS- and microcode-level attacks are still largely theoretical (aside from BIOS-destroying code), at least as far as the public knows. When the world sees these threats emerge, "Malware" will be waiting to explain their capabilities.

Ed writes exceptionally well, bringing coverage of Linux and Windows kernel internals to the masses. I enjoyed learning about the trojaned Tcpdump distribution, anti-forensics, DLL injection, and API hooking. Lenny Zeltser's chapters on malware analysis were helpful as well, and I recommend attending his reverse engineering classes. The book also shines with respect to skillful use of tables and diagrams to explain key points.

The only technical inaccuracy I found was the proposition that UNIX filesystems maintain a c_time as "creation time" (p. 319 and elsewhere). c_time is "change of inode time," like changing permissions on a file. Windows' NTFS "c_time" is indeed "creation time," however. I also found myself skipping many of the author's analogies, like the king, knights, castle, etc. story in the BIOS/microcode discussion. Ed's writing is clear enough that anyone with some technical experience should be able to understand his points without falling back on analogies.

I highly recommend "Malware" to anyone who wants to understand the capabilities of our digital enemies. Many other security books are vulnerability-focused, spending time explaining ways to subvert, breach, or abuse poorly designed or deployed applications. "Malware" is threat-oriented, showing the capabilities of intruders and their code. This knowledge will change the way you think about security and the trustworthiness of your systems -- especially those exposed to the harsh reality of the Internet.

Rating:
Summary: best of it's kind
Review: I've read a few books on viruses, worms, and malware. This is the best by far. Prior to reading this text I considered myself pretty well versed in the subject area of all but a couple of chapters. I was pleasantly suprised to uncover a ton of new knowledge, tools, and tricks in each chapter. Now that I've finished reading this book, my only regret is that the experience is over.

The 12 chapters of this book include the following major topics: Viruses, Worms, Malicious Mobile Code, Backdoors, Trojan Horses, User Mode RootKits, Kernel-Mode RootKits, Going Deeper, Scenarios, and Malware Analysis. At first glance this all seems like pretty standard fare. However, Skoudis really digs into each subject. He includes in-depth analysis of many live and current malware specimines. I even learned a lot of not so well documented things about Unix and Windows from this book.

Ed is able to explain complex technical material in a way that's easy to digest and enjoyable to the reader. While it's written more for a techie, this book can also be read and appreciated by a novice.

The chapters on Malicious Mobile Code and RootKits were particularly enlighning. The chapter entitled "Going Deeper" explores possibilities for malware at the BIOS and CPU microcode levels in addition to combo-malware. The chapter on "Malware Analysis" is a nice intorduction to revers engineering and analyzing malware.

I attended a SANS track instructed by the the author recently. I told him how much I enjoyed reading "Counter Hack" a couple of years back. He said that "Counter Hack" was like an InfoSec 101/102 course and "Malware" is like InfoSec 103/104. I agree that this is a great follow "Counter Hack". This is not a rerun or revision of the first book. Nor is it the same exact material he teaches with SANS (which is also very good stuff). Malware is a new and fresh book that will sit on the top shelf of my InofSec bookcase with the other books that I refer to frequently. This book easily earns my highest rating and recommendation.

Rating:
Summary: best of it's kind
Review: I've read a few books on viruses, worms, and malware. This is the best by far. Prior to reading this text I considered myself pretty well versed in the subject area of all but a couple of chapters. I was pleasantly suprised to uncover a ton of new knowledge, tools, and tricks in each chapter. Now that I've finished reading this book, my only regret is that the experience is over.

The 12 chapters of this book include the following major topics: Viruses, Worms, Malicious Mobile Code, Backdoors, Trojan Horses, User Mode RootKits, Kernel-Mode RootKits, Going Deeper, Scenarios, and Malware Analysis. At first glance this all seems like pretty standard fare. However, Skoudis really digs into each subject. He includes in-depth analysis of many live and current malware specimines. I even learned a lot of not so well documented things about Unix and Windows from this book.

Ed is able to explain complex technical material in a way that's easy to digest and enjoyable to the reader. While it's written more for a techie, this book can also be read and appreciated by a novice.

The chapters on Malicious Mobile Code and RootKits were particularly enlighning. The chapter entitled "Going Deeper" explores possibilities for malware at the BIOS and CPU microcode levels in addition to combo-malware. The chapter on "Malware Analysis" is a nice intorduction to revers engineering and analyzing malware.

I attended a SANS track instructed by the the author recently. I told him how much I enjoyed reading "Counter Hack" a couple of years back. He said that "Counter Hack" was like an InfoSec 101/102 course and "Malware" is like InfoSec 103/104. I agree that this is a great follow "Counter Hack". This is not a rerun or revision of the first book. Nor is it the same exact material he teaches with SANS (which is also very good stuff). Malware is a new and fresh book that will sit on the top shelf of my InofSec bookcase with the other books that I refer to frequently. This book easily earns my highest rating and recommendation.