Malware Analysis in General

Arttu

Hello! I have been having a converstation with Stephan from F-Secure, and the converstation lead to me wondering how do you actually analyze malware, I'm a reader of the blog, but haven't read long enough to spot http://www.f-secure.com/weblog/archives/00001849.html which Stephan directed me to, I checked the University site for the material, but appears it is not there anymore. I would also like to find a guide (or a book) on how to actually start learning about C++, Java and such, in what programs are usually coded. I'm finishing my upper-secondary school soon, and I am looking for a career with programming, and me being such a security freak, I have thought of F-Secure and I'm in the look-out for some practising, I have both Windows & Mac based computers.

 

So any way you could lead me to the right direction.

 

 

Yours Sincerely,

Arttu

 

[Deleted User]

Hi Arttu,

it's great to know about your interest in the security area. I have forwarded your question to F-Secure Labs and you will be hearing more from them soon.

 

Ania

AnttiT

Hi,

 

I'm Antti, the main lecturer of the university course you mentioned. The slides from the course lectures should be available here:

 

https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot

 

The slides are a good way to get started with what we call "reverse engineering", that is, trying to take apart applications to understand how they work. This is the most fundamental way to analyze malware. You'll find pointers to the tools we use: hex editors like HT (http://hte.sourceforge.net), disassemblers like IDA Pro (http://www.hex-rays.com/idapro/idadownfreeware.htm) and debuggers like OllyDbg (http://www.ollydbg.de).

 

However, starting with reverse engineering is difficult without first knowing the engineering part: programming. Most of the malware we analyze is written in C or C++, so learning at least the basics of those languages is an important start. You could take a look at some of the tutorials here: http://www.cprogramming.com/tutorial.html#ctutorial. For programming on Windows, you may want to try the Visual C++ Express Edition: http://www.microsoft.com/express/Windows/. On Mac, Xcode (http://developer.apple.com/xcode/) offers something similar. 

 

A "softer" start to programming could be a language like Python. You'll get something useful done quicker, and you can move onto C and C++ and then reverse engineering as you go along. There are lots of nice tutorials on getting started with Python, like this from Google: http://code.google.com/edu/languages/google-python-class/

 

Good luck!