Henry Dalziel | Hacker Hotshots, Information Security Careers, Resources and Tutorials | July 12, 2013
Defining Malware Analysis
There are many types of malware including: viruses, worms, trojans, backdoors, spyware, rootkits etc – and the job of a Malware Analyst is to better understand the malware threat and offer defenses, or better still, remove it! Understanding the threat is vital since a better appreciation of the purpose of the malware will ensure a more solid defense. Being a Malware Analyst falls into the scope of being a Security Incident Responder, and part of their responsibility is reverse engineering the actual malware that infected a network or computer(s). Point being made here is: that if you are serious about Malware Analysis then get to know and learn how to Reverse Engineer!
We had an excellent Hacker Hotshot presentation a few months back with Michael Boman titled: “Malware Analysis on a shoe-string budget.” If you are reading this post with a view to a career as a Malware Analyst, or to compliment your job prospects, then this would certainly be a great place to start. In the web show (20 minute video) Michael explains how he can process nearly 10,000 malware samples a week which equates to one every minute of the week – all from his home computer. Impressive stuff…
Being able to analyze malicious programs allows the community at large to assess damage from an intrusion and – importantly – share findings, therefore creating a defense through numbers. As an analyst, your research will allow the intrusion detection expert to discover and catalog indicators of compromised and infected machines, (i.e. catalog the infected machines behavior post infection).
Your research as a Malware Analyst will also include being able to determine the sophistication level of the malware author. Is the author a script-kiddy or is there something larger behind the attack? All of the above are fundamentals of the job and will expose security vulnerabilities that compromised a network. Furthermore, there are major benefits for all within the InfoSec community, not least to software developers who can in turn build better software to protect against these ‘discovered’ vulnerabilities.
To understand the sheer scope and depth of malware threats out there, we also encourage you to listen to another Hacker Hotshot web show we had this week (July 11th 2013) with Gary Miliefsky titled: “NSA Spying Concerns? Learn Counterveillance!” Amongst a lot of other information (the video is an hour long) Gary demonstrates the sheer volume of malware in the wild, and put it this way, it’s scary!
Malware Analyst Resources
Like anything on the Internet, you can find yourself drinking from a proverbial InfoSec firehouse when you start your research in to becoming a Malware Analyst, but here are a few resources to get you going.
Slides from a recent TakeDownCon, July 2nd 2013 titled: “Malware Analysis: N00b to Ninja in 60 Minutes.” The presentation would be helpful – owing to its’ up to date material, but we’d recommend it because it covers several analysis environment options and three quick steps that allows anyone with a general technical background to understand the subject.
Understanding Reverse Engineering is also key to a career within Malware Analysis, and the guys behind this site have done a great job curating tons of helpful and information articles, videos and posts.
Videos from SecurityTube and OpenSecurityTraining will certainly also help you with your quest. Here is a list of helpful videos:
If forums are your thing then here are three that you might find helpful:
Let us know how you get on! If you would like to add any resources here please add a comment below.