• E-mail
• Print
• Share

Michael Sikorski and Andrew Honig
No Starch Press

The subtitle of this 750-page volume claims that it’s the hands-on guide to dissecting malicious software. This description perfectly encapsulates the book’s contents, which carefully guides you through the process of breaking open, dissecting, and understanding the parts of various malware items. It covers the full gamut of nefarious software from viruses, to rootkits, to key loggers. The authors, who, based on the careful sequence of the information and the lucid writing, appear to have taught this material more than once, explain the tools you’ll need in great depth, including important topics such as how to set up a virtual machine for malware analysis. Then, they work through the chapters on getting around malware defensive measures, such as special packers, anti-disassembly, and anti-debugging measures, which are used by hackers to make it difficult to analyze the type of carnage they’re going to cause.

Once you get to the actual malware executable bits, the authors explain how to do the disassembly, what to look for, and how to detect patterns that indicate specific symptoms of infection and venues for attack.

If you're not up to speed on x86 assembly language, the book thoughtfully includes a tutorial that presents "just what you need to know," as well as the assembly tools that let you walk the code to identify the activities. As malware typically looks for specific openings, the need for a deep understanding of assembler is not needed to be able to ride along. However, this does not prevent the authors from getting into a deep explanation of kernel debugging (for Windows) and how it’s used to watch the action unfold.

The explanation of the tools is clear, the presentation of the process is lucid, and the actual detective work fascinating. All presented clearly and hitting just the right level so that developers with no previous experience in this particular area can participate fully. Highly recommended. — A. Binstock