Book Review: Practical Malware Analysis

I’ve been dying to get this review out for a while now. There’s so much good and deep content in this book, that reading it on nights after work and weekends took longer than expected! I’ll tell you now that if you’re into computers and computer security, this book won’t let you down. This book is like having your very own personal malware analysis teacher without the expensive training costs.

About the Book

The book material is exhaustingly complete with 21 chapters + appendices covering everything from static analysis, environment setup, x86 assembly to anti-disassembly and anti-virtual machine practices. Total book content, minus lab solutions comes in at an enormous 475 pages (with lab solutions, 732 pages) . Let’s just say that you better be prepared to eat, breathe, and live malware analysis for quite some time.

The skill level for the book is targeted at someone with experience in programming and security although an ambitious beginner should do fine.

My Review & Recommendation

The authors, Michael Sikorski and Andrew Honig, do a great job of teaching the concepts and not just the tools. They want you to develop the skills necessary to think on your own as a malware analyst so that when new techniques come out that aren’t in the book, you’ll have the mental tools to figure out the challenges. Don’t worry though, this book isn’t filled with boring theory like those books you read back in school, the concepts taught have actual practical uses.

Better yet, the book gives you the opportunity to apply the concepts with labs at the end of each chapter. You’ll actually be dissecting “real malware” written by the authors for the purposes of this book.

Equally as awesome is that each lab comes with a “quick solution” and a “detailed solution.” I learn best when I can fight through a tough problem and check with the solution when I’m stuck.

The book is entirely centered around Windows based malware, particularly malware written for Windows XP. This was a good learning experience for me because I’m not familiar with the internal Windows APIs and features. It’d actually be very interesting if the authors included a section on Linux-based and/or Mac-based malware. On that note, I did actually try to run some of the lab malware on Windows 7 32 and 64 bit thinking that it would be no big deal but I received an APPCRASH error every time. I spoke with one of the authors over email and he was very helpful. He said that the malware was designed for Windows XP for teaching purposes that will be revealed when reading the book. With this slight limitation comes some positive: it leaves room for a 2nd edition of the book focused on the newer Vista/7 features as malware becomes more prominent on these machines.

Book content aside, the physical paperback book itself is a pleasant surprise. NoStarch Press is one of my favorite publishers because they use the “lay-flat” type binding (they also published one of my other favorite books: Hacking the Art of Exploitation. You’ll be praising this when you want to set the book down and copy some code.

The book does also come in digital formats. I used a combination of both for the review. You won’t be an expert in malware analysis when you’re done with this book but it sure as hell will give you the information you need to get there.

This book is broad, covering a ton of topics. Each Chapter could have likely been a book in and of itself. As I’ve said in a previous post, this book will become the de facto standard for learning about malware analysis.

Thanks to No Starch Press for the review copy, this book is awesome!