Security Basics mailing list archives

Re: seeking advice on how to research adware/spyware/identity theft software

From: zelyah zub <zelyahzub () gmail com>
Date: Wed, 12 Oct 2005 12:21:16 +0100

On 9 Oct 2005 21:15:38 -0000, nix1209 () yahoo com <nix1209 () yahoo com> wrote:

I am a student interested in pursuing research on adware/spyware/identity theft software (trojans/worms/virus in the 
future). Kindly guide me as to how I can do so without compromising the security of my own computing resources.
What layers of defence should I have on my system, so that I can capture the infection without getting infected. 
Moreover, can u suggest any books/tutorials/websites that would help me(as a beginner).
Thank You in advance for your time.



Hi,

Unfortunatelly there are not so many books around that would describe
in-depth process of analysing adware/spyware/identity theft software
and there are only few that describe that for malicious software.

The best you could do is to buy yourself a very good book "The Art of
Computer Virus Research" written by Peter Szor of Symantec. Peter is
one of the best respected virus researchers and his book is
appropriate for technical people trying to learn how to analyse
malicious code.

I would also recommend you to try to learn as much x86 assembler /
processor architecture and about the internals of WIndows operating
system (see Windows Internals by Mark Russinowich). Another useful
book may be Reversing: Secrets of Reverse Engineering by Eldad Eilam.

Once you have a good grasp on that you could download free tools that
are usually used for reverse engineering like IDA or OllyDbg (WinDbg)
and black-box analysis (like various tools from sysinternals.com).

It would be beneficial to have an analysis machine with an operating
system image that can be quickly restored between running of samples
to avoid cross-infection and to test payloads of particular sample.
You would not wish your everyday computer become infected as that
would inevitably happen if you run a sample.

As far as getting samples to analyse that should not be difficult with
the abundance of sites hosting malicious software these days.

I hope that this helps,
Zeleni Zub

Current thread:

seeking advice on how to research adware/spyware/identity theft software nix1209 (Oct 11)
- Re: seeking advice on how to research adware/spyware/identity theft software zelyah zub (Oct 12)
- RE: seeking advice on how to research adware/spyware/identity theft software Vipul Kumra (Oct 12)
- RE: seeking advice on how to research adware/spyware/identity theft software Scott Schappert (Oct 17)
- <Possible follow-ups>
- Re: seeking advice on how to research adware/spyware/identity theft software crazy frog crazy frog (Oct 12)
- Re: seeking advice on how to research adware/spyware/identity theft software jesse . williams (Oct 12)