Malware: Fighting Malicious Code

The book begins with a chapter defining Malware. It covers Trojans, Backdoors, Viruses, Worms and Malicious Applets. Ed and Lenny give a history lesson on each of these nasties to demonstrate that many of these Malware started out quit innocently. He digs deeper into the world of malicious software and touches on Rootkits. Ed does an excellent job of discussing both Windows level attacks and UNIX type attacks.

One thing Ed does that simply pushes this book out in front of the competition, is that he introduces new ideas and theories. As an example, he introduces new attacks to BIOS and Microcode. This is a new concept that he gives an explanation of how it might be done, the results that might be sought after, and how to protect yourself. His vision of the future is what sets him above and beyond anyone else in this field.

One of the last chapters of the book entitled "Malware Analysis" demonstrates the expertise of Lenny Zeltser. Lenny is a subject matter expert when it comes to reverse engineering and studying Malware. He gives great examples of a lab setup to dissect Malware as well as common tools and approaches that he uses. He even goes as far to give checklist for Preparation and verification of your own lab!

This book is a must for anyone in the Technology Industry. Managers will find use in it as it explains what each of these Malware has the capability of doing to their environment. Technologist and System Administrators will learn how to differentiate from the different types of Malware and proper defenses for each. Information Security Administrators will learn the history and quite possibly the future of Malware.

5 out of 5 stars.

Rating:
Summary: Must Buy!!!
Review: Once again, Ed has captured the essence of exactly what makes him one of the greatest educators I have ever had the privilege to meet. In his most recent book, Malware, he discusses a topic that has been in the headlines for the last year or so. Starting with SQL Slammer worm, and adding the flurry of worms and viruses that soon followed, Malware raised everyone's eyebrows at the new threats that haunt us today.

The book begins with a chapter defining Malware. It covers Trojans, Backdoors, Viruses, Worms and Malicious Applets. Ed and Lenny give a history lesson on each of these nasties to demonstrate that many of these Malware started out quit innocently. He digs deeper into the world of malicious software and touches on Rootkits. Ed does an excellent job of discussing both Windows level attacks and UNIX type attacks.

One thing Ed does that simply pushes this book out in front of the competition, is that he introduces new ideas and theories. As an example, he introduces new attacks to BIOS and Microcode. This is a new concept that he gives an explanation of how it might be done, the results that might be sought after, and how to protect yourself. His vision of the future is what sets him above and beyond anyone else in this field.

One of the last chapters of the book entitled "Malware Analysis" demonstrates the expertise of Lenny Zeltser. Lenny is a subject matter expert when it comes to reverse engineering and studying Malware. He gives great examples of a lab setup to dissect Malware as well as common tools and approaches that he uses. He even goes as far to give checklist for Preparation and verification of your own lab!

This book is a must for anyone in the Technology Industry. Managers will find use in it as it explains what each of these Malware has the capability of doing to their environment. Technologist and System Administrators will learn how to differentiate from the different types of Malware and proper defenses for each. Information Security Administrators will learn the history and quite possibly the future of Malware.

5 out of 5 stars.

Rating:
Summary: Excellent treatment of the subject matter...
Review: One of the most comprehensive books I've seen lately on malware is the title Malware: Fighting Malicious Code by Ed Skoudis with Lenny Zeltser (Prentice Hall).

Chapter list: Introduction; Viruses; Worms; Malicious Mobile Code; Backdoors; Trojan Horses; User-Mode Rootkits; Kernal-Mode Rootkits; Going Deeper; Scenarios; Malware Analysis; Conclusion; Index

In each of these chapters, the authors give a brief history of that malware type, an in-depth explanation as to how they work, and complete coverage on how you can help prevent getting damaged by it. Each chapter wraps up with a conclusion, a summary, and the list of references for the chapter. For readers looking to find detailed information, they won't be disappointed. For readers looking at receiving their first exposure to the material, the writing style is easy to follow and doesn't overwhelm.

I personally enjoyed the chapters on Malware Analysis and Scenarios. The Analysis chapter gives you an excellent outline for setting up a malware analysis lab. You'll learn how to set up the hardware, protect yourself against leakage to other networks, and what software is needed to do your analysis. Following this outline, you'll be well-prepared to track down bugs like a pro. The Scenario chapter is also excellent. The authors set up three malware scenarios with actual people and configurations, and show how certain choices and mistakes can lead to disaster. There's lots of good learning material here.

Great book, excellent material, and a definite must for your security bookshelf.

Rating:
Summary: One of a kind....must read for security professionals
Review: This book is an excellent resource on Malware of all types! I highly recommend that all security professionals read this book. This book brings to light in great depth how Malware works and the possible damages of such. This is the only book i know of that goes into great detail on exactly how differnt types of malware function.

Each chapter is almost like a mini book/whitepaper devoted to a particular topic (trojans, rootkits, worms, microcode etc)complete with a summary and references (which makes it easier to research topics later). Every topic is throughly covered in detail including the what,why,how and diagrams to help illustrate certain concepts. The book builds up chapter by chapter at the complexity that hackers are resorting to compromise computers including potential future areas of malware that attackers could begin to use in the near future.

The book has an even approach to both Windows and *nix enviroments. As Ed goes over the how and why of the different malware types he also gives great insight to practical defenses to help prevent such attacks. The information is very current/"bleeding edge". There is even a chapter on how to get started on reverse-engineering malware in your own lab.

Ed has done a great job of taking very complex topics and making them very understandable. Ed makes excellent parallels and great analogies to help explain the more difficult sections. There is some humor weaved through out the book that makes it that much more enjoyable to read.

5 stars!

Rating:
Summary: Best available
Review: This book provides the best review of malicious software that is presently available. If you need a comprehensive reference then this is the book for you. The author is a well-known and respected security analyst and this book provides solid information at a level suitable for the system administrator. Unlike so many books of this type, it is not a camouflaged endorsement of some vendor's products or a simplistic and alarmist text.

Topics covered include:
- viruses, with a brief history and description of the various types and their mechanisms;
- worms, again with a brief history and description of the various types and their mechanisms;
- mobile code, including browser scripts, ActiveX controls, Java applets and mobile code as it occurs in email clients and distributed applications. Given the increasing amount of mobile code, this is particularly valuable;
- backdoors, particularly Netcat and VNC but covering some others as well;
- trojans inlcuding wrappers, source poisoning and browser co-option;
- rootkits for Unix andWindows;
- kernel-mode rotkits for linux and Windows;
- possible modes, including BIOS and microcode attacks.

"Encyclopediac" is the only description I can give, but be warned that it's not for the general reader, or for newbies.

Rating:
Summary: All you need to know about this book
Review: This is a very good book. If you are interested in the subject of application security then I would buy it, borrow it from a friend..whatever..just read it, as these guys really understand their subject and are prepared to give you that understanding.
I have a feeling this book will be a benchmark in the future.

Rating:
Summary: Levels the Playing Field
Review: Utterly fascinating. It comprehensively surveys the field of malware. It clearly explains viruses, worms and Trojans. Plus, given the universal prevalence of browsers on computers these days, careful attention is given to infiltrations via buggy browsers.

The authors write in an easy to follow style, aimed at the programmer. Though if you are not such, but know the rudiments of computers as a user, you can follow most of the discussion.

If you have ever wondered at the brief explanations of viruses or worms that appear in the general media, or even in the technical magazines, then this is an instructive book. For example, you have probably heard of "buffer overflows". But due to the constraints of space or audience type, the explanations left you unsatisfied. Turn instead here.

Some of you may look with askance upon this book. After all, haven't the authors just written a HowTo for new malware wretches? Strictly, perhaps so. But before you berate the authors, consider this. The top malware writers probably devote the bulk of their formidable intellectual creativity to malware. But if you want to guard against it, and you are a programmer or sysadmin, typically this is not your only responsibility. Without a book like this, it is much harder to come up to speed. You then face a very unlevel playing field.

The only strange thing about this book is that there should be more like it, at its level of detail. If you survey the field of computer books, it can seem like there are multiple books on most topics, not matter how obscure. But on THIS topic, which is of broad, pervasive import to most users, there exists little.

Until now.

Rating:
Summary: Parts of this book should be a must read for EVERYONE!
Review: Working with a computer that doesn't want to behave on its own is frustrating enough. Between buggy code and the blue screen of death, many of us have wanted to throw our computers against the wall. Unfortunately, not only do we need to deal with these wonderful, little problems, but we also need to deal with programs that are intentionally trying to inflict problems on or through our computers.

These programs, collectively called "malware", include many different categories; however, we know them best as the "virus", "Trojan horse", "rootkits", "backdoors", and a lot of others. These malware tools (based on "mal", the Latin word for "bad" or "evil") are the bane not only of system administrators but also of the average home user who just doesn't know any better.

"Malware: Fighting Malicious Code" by Ed Skoudis is meant to educate the reader not only of the dangers of malware but also of ways to combat malware.

"To defeat your enemy, you first must know him." - Sun Tzu

This phrase is the core philosophy of this book. This 647-page fighter's manual is the computer-age version of Tzu's "The Art of War", except in this case the war is between you and the low-life morons who create the programs that facilitated the need for Skoudis to write this book.

I found this book to be far more fascinating than I thought it would be. After all, how exciting can a book about virii and Trojan horses really be? "Malware" is written with a surprising amount of detailed, historical facts, real-world examples, and light-hearted humor that help to keep your attention. The author also takes extra steps to differentiate between the various types of malware. After all, how many people do you know who continually (and incorrectly) use "virus", "Trojan horse", and "worm" interchangeably? How many of you are guilty of it yourselves?

"Malware" covers a lot more than you would probably expect such a book to cover. Not only does it cover the more commonly-know malware, such as virii, Trojn horses, and worms, but it also covers topics like ActiveX Controls, Java applets, JavaScript, backdoors, and many others. It also contains a great deal of information on root kits, both user and kernel modes.

Sections of the book even go deeper into the possibilities of malware attacks against the system BIOS and microcode.

Those who expect this book to deal primarily with Windows will likely be surprised in the amount of detail that is given to UNIX (primarily Solaris) and Linux as well as Windows. In fact, each of these have their own chapters with respect to rootkits and kernel attacks. These chapters can be very dry, but there is a great deal of information in these chapters that any serious system administrator who is interested in security (as we all should be) should read.

The author goes into respectable detail regarding how the various types of malware attack and propagate, not only from a basic functional point of view but also from a detailed step-by-step method to explain exactly what each type of malware does at any given step.

An entire chapter is dedicated to analyzing malware. He gives solid theories on how to best set up an environment that will help you to detect, analyze, and build up a defense again malware before you introduce it into your organization. As many system administrators have found out at one time or another, sometimes spending time to find a prevention is much better than wasting time to fix a problem that is allowed to propagate. More often than not, playing "clean up" takes far, far more time than the time it takes to prevent an outbreak in the first place.

With the exception of the excessive dryness of and technical knowledge needed for the various rootkit chapters, I actually ate this book up. The majority of the book is not a difficult read, and I found it fascinating to read how these programs have evolved. In fact, malware has been around a lot longer than most people suspect.

The only problem that I had with the book is that the author was very clearly trying to not anger anyone, which I think forced him to not be straightforward on some issues. In particular, he has a whole chapter about ActiveX malware, yet he very blatantly neglects to mention the easiest and most obvious method of avoiding ActiveX problems - STOP USING INTERNET EXPLORER AND OUTLOOK! These are the only two major tools that use ActiveX since ActiveX is a Microsoft-proprietary component. So, to defend yourself against Internet Explorer and Outlook malware, such as plug-ins that take control of IE, STOP USING THEM! Mozilla, Netscape, and Eudora are free and work beautifully! There is no shame, anger, or bias in telling the truth that the best way to avoid ActiveX problems is to use tools that do not use ActiveX. I'm sure that he knows very well that this is the truth, considering the huge amount of detail that the book entails; but I am very certain that he neglected to say it because he (or the publisher) was skittish about upsetting the All-Powerful, All-Mighty Bill, which is completely unfair to the reader. Yes, I'll admit that I'm being anally retentive on that, but there is nothing wrong with saying, "Hey, folks! There are more secure alternatives out there that (gasp!) have nothing to do with Microsoft!"

Regardless, this book is a must-read for any security administrator who thinks he's knowledgeable about these matters. If you're a security administrator who thinks that you know just about all there is to malware or that a firewall and a virus scanner are all that you need, I can just about guarantee that this book will have your intelligence ego eating humble pie. The fact is that the enemy is far more complicated and intelligent than most network administrators will admit, and this book definitely helps you to know your enemy.

And just consider that the enemy will only get more intelligent and devious in the future.