Book review: Practical Malware Analysis

Filed Under: Malware, SophosLabs

Earlier this year, no starch press, sent SophosLabs an unrequested copy of the book Practical Malware Analysis: The hands-On Guide to Dissecting Malicious Software with a letter saying "If you do enjoy the book, I hope that you will consider posting a review ...". Well I enjoyed the book and so here is the review :)

Both authors, Michael Sikorsji and Andrew Honig, have impressive resumes (NSA, MIT and DoD) and list of reviewers looks impressive including: Sal Solfo (Columbia University) and Ilfak Guilfanov (IDA).

The book is well written and, like an academic textbook, each chapter ends with a series of questions and lab exercises. What is more, unlike text books, the teacher's answer copy is in the Appendix - it accounts for nearly *half* the book.

The book consists of 6 parts plus the Appendices:

  • Part 1: Basic Analysis
  • Part 2: Advanced Static Analysis
  • Part 3: Advanced Dynamic Analysis
  • Part 4: Malware Functionality
  • Part 5: Anti-reverse-engineering
  • Part 6: Special Topics
  • Appendix A: Important Windows Functionality
  • Appendix B: Tools for malware analysis
  • Appendix C: Solutions to Labs

The book is a great primer on malware analysis, but there are more topics it could have covered (non-Windows and ARM analysis). Also, some of the topics that are covered could benefit from a bit more detail. As an example of this, Chapter 2: Malware Analysis in a Virtual Machine focuses on VMWare. It's certainly well written and edited, but it didn't touch VirtualBox or discuss how to use virtual machines to automate analysis. Which is a shame.

With the rise of eReaders and tablets, this could be one of the last books of this type. Monolithic book likes these means that you need to buy the next edition of the book to get any updates. Electronic books allow for small and incremental updates to the content at little or no cost to the user and to the publishers.

Once you have read Practical Malware Analysis, you will be able to top up your knowledge quite easily using the powers of the internet.

Would I buy this book if I saw it sitting in a shop window? Probably not. But go back 15 years when I was just starting out in the field, this would have been a goldmine of information.

So, if you're starting out in malware analysis (like our SophosLabs' intern Julian), or if you are are coming to analysis from another discipline, I'd recommend having a nose.


, , ,

You might like

3 Responses to Book review: Practical Malware Analysis

  1. Miles B. · 776 days ago

    They sell an Ebook version: $47.95 Ebook (PDF, Mobi, and ePub)

  2. Juan Carlos · 773 days ago

    I liked this book too. Even for me that I just know anything about Malware,...

  3. Peter Zandbergen · 745 days ago

    Book look good and I am considering buying it. But from the author I would like to hear his recommendations, which from your review I have the impression that you have some.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul O Baccas (aka pob) joined Sophos in 1997 after studying Engineering Science at Oxford University. After nearly 16 years, he has left Sophos to pastures new and will be writing as an independent malware researcher. Paul has: published several papers, presented at several Virus Bulletins and was a technical editor for "AVIEN Malware Defense Guide". He has contributed to Virus Bulletin and is a frequent contributor to the NakedSecurity blog.