There was an email thread circulating here at GFI Sunbelt Labs listing good books about malware analysis. Someone said: “we should blog this.”
Here is a list of everybody’s picks:
“Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code,” by Steven Adair, Blake Hartstein, Michael Lighand and Matthew Richard, (2010) http://www.amazon.com/gp/product/0470613033/
“Malware Forensics: Investigating and Analyzing Malicious Code,” by James M. Aquilina, Eoghan Casey and Cameron H. Malin (2008) http://www.amazon.com/Malware-Forensics-Investigating-Analyzing-Malicious/dp/159749268X
In-depth reads on malcode analysis and disassembling techniques:
“Reversing: Secrets of Reverse Engineering,” by Eldad Eilam (2005)
http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817
“The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler,” by Chris Eagle (2008)
http://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593271786
“Disassembling Code: IDA Pro and SoftICE,” by Vlad Pirogov (2005)
http://www.amazon.com/Disassembling-Code-IDA-Pro-SoftICE/dp/1931769516
“Rootkits: Subverting the Windows Kernel,” by Jamie Butler and Greg Hoglund (2005)
http://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319
The classics:
“The Art of Computer Virus Research and Defense,” by Peter Szor (2005)
http://www.amazon.com/Art-Computer-Virus-Research-Defense/dp/0321304543
(Although this is five years old, it’s something of a classic. It’s a nice history of malicious code, detection techniques and just a really good all-around read.)
“Malware: Fighting Malicious Code,” by Ed Skoudis and Lenny Zeltser (2003)
http://www.amazon.com/Malware-Fighting-Malicious-Ed-Skoudis/dp/0131014056
Zeltser also has a web site with great information:
http://zeltser.com/reverse-malware-paper/ (2001)
http://zeltser.com/combating-malicious-software/ (updated)
Thanks Alex and Eric
Tom Kelchner