From the book lists at Adware Report:

All information current as of 02:23:46 Pacific Time, Thursday, 17 March 2005.

Malware: Fighting Malicious Code

   by Ed Skoudis / Lenny Zeltser

    Prentice Hall PTR
    09 November, 2003


   Usually ships in 24 hours

Click the button below to . . .

(which will add the book to your Amazon U.S.A. "Shopping Cart")

. . . or use your browser's Back button to return to the search-list page.

Editorial description(s):

From Book News, Inc.
Intended for system administrators, this security guide characterizes the latest wave of malicious code attacks being used to invade commercial computer systems based on Windows and UNIX--worms, mobile code on the web, backdoors, Trojan horses, and kernel-mode rootkits--recommends defenses to protect systems against each type of attack, and provides instructions for building an experimental network to analyze malicious code and the associated defenses.Copyright © 2004 Book News, Inc., Portland, OR

From the Back Cover

"This is a truly outstanding book-enormous technical wealth and beautifully written."
—Warwick Ford

"Ed does it again, piercing the veil of mystery surrounding many of the more technical aspects of computer security!"
—Harlan Carvey, CISSP

"This book is entertaining and informative, while justifiably scaring you. Luckily it also tells you how to protect yourself, but makes you realize it's going to be a permanent spy-vs-spy struggle."
—Radia Perlman, Distinguished Engineer, Sun Microsystems

Keep control of your systems out of the hands of unknown attackers

Ignoring the threat of malware is one of the most reckless things you can do in today's increasingly hostile computing environment. Malware is malicious code planted on your computer, and it can give the attacker a truly alarming degree of control over your system, network, and data-all without your knowledge! Written for computer pros and savvy home users by computer security expert Edward Skoudis, Malware: Fighting Malicious Code covers everything you need to know about malware, and how to defeat it!

This book devotes a full chapter to each type of malware-viruses, worms, malicious code delivered through Web browsers and e-mail clients, backdoors, Trojan horses, user-level RootKits, and kernel-level manipulation. You'll learn about the characteristics and methods of attack, evolutionary trends, and how to defend against each type of attack. Real-world examples of malware attacks help you translate thought into action, and a special defender's toolbox chapter shows how to build your own inexpensive code analysis lab to investigate new malware specimens on your own. Throughout, Skoudis' clear, engaging style makes the material approachable and enjoyable to learn. This book includes:

Malware: Fighting Malicious Code is intended for system administrators, network personnel, security personnel, savvy home computer users, and anyone else interested in keeping their systems safe from attackers.

About the Author

ED SKOUDIS is a computer security consultant with International Network Services. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed secure network architectures, and responded to computer attacks. A frequent speaker on issues associated with hacker tools and effective defenses, Ed has published several articles, as well as the highly acclaimed Counter Attack: A Step-by-Step Guide to Computer Attacks and Effective Defenses (Prentice Hall PTR, 2001).

Excerpt. © Reprinted by permission. All rights reserved.


Several years ago I attended a special conference on intrusion detection in McLean, Virginia. Each attendee was assigned to one of four teams charged with assessing the state of the art and making recommendations for future research in various areas related to intrusion detection. At the end, a representative from each team presented the output of that team's work to all attendees. Although each team's report was very interesting and worthwhile, the malicious code team's assessment of progress in that area particularly caught my attention. This team's conclusion was that not much genuine progress in characterizing and identifying malicious code had been made over the years. Given that viruses have been in existence for at least two decades and that all kinds of malicious code has been written and deployed "in the wild," it would not at all have been unexpected to hear that great strides in understanding malicious code have occurred to the point that sophisticated programs can now accurately and efficiently identify almost every instance of malicious code. But such was not the case. Some researchers who were not at the conference would undoubtedly disagree with the malicious code team's assessment, but I am confident that they would be in the minority. A considerable amount of work to better identify and deal with malware is underway, but genuine progress in understanding and detecting malware has indeed been frustratingly slow.

The irony of it all is that today's computing world is saturated with malware. Viruses and worms are so prevalent that newspaper, magazine, and television accounts of the "latest and greatest" virus or worm are now commonplace. Even young computer users typically understand basically what a virus is and why viruses are undesirable. "Create your own virus" toolkits have been available for years. Public "hacker tool" sites, relatively rare ten years ago, are now prevalent on the Internet. Going to a "hacker tool" site to obtain malware is not, however, necessary for someone to obtain malware. In August 2002, the Computer Emergency Response Team Coordination Center (CERT/CC) reported that a perpetrator had modified copies of the source code for OpenSSH such that they contained Trojan horse routines. Unsuspecting users went to the OpenSSH site and mirror sites to download OpenSSH in the expectation that they would be tightening security by encrypting network traffic between hosts. Instead, they introduced routines within the OpenSSH source that allowed attackers to gain remote control of their systems. And even Ed Skoudis, one of the few people in the world who can identify virtually every type of attack and also the author of this book, Malware: Fighting Malicious Code, reports in the first chapter that he found several Trojan horse programs that performed brute force password cracking in one of his systems. Malware is not a rarity; it is prevalent, and the problem is getting worse.

Malware does not exist in a vacuum--it cannot magically infuse itself into systems and network devices. Just as biological parasites generally exploit one or more weaknesses in the host, malware requires special conditions if it is to execute and then produce the intended results. Today's computing world, fortunately for the authors of malware but unfortunately for the user community, provides a nearly ideal environment. Why? Primarily, it is because of the many vulnerabilities in software that is commonly used today. Too many software vendors typically rush the software development process in an attempt to cut development costs and to get a competitive edge for their software products, thereby maximizing profits. The code they produce is often not carefully designed, implemented, or adequately tested. The result is bug-riddled software--software that behaves abnormally or, worse yet, causes the system on which it runs to behave ab normally, in many cases allowing perpetrators a chance to execute malware that exploits abnormal conditions and/or install more malware that does what perpetrators need it to do (such as capture keyboard output). With virtually no government regulation of the software industry and a user community that naively continues to purchase and use bug-riddled software and too often fails to patch the bugs that are discovered in it, malware truly has a "target rich" environment in which it can flourish.

Worse yet, a major change in the usability of cracking utilities has transpired. Not all that long ago, anyone who obtained a copy of a cracking utility usually had to struggle to learn how to use it. Most of the user interfaces were command line interfaces with a cryptic syntax that often only the author of a particular tool could master. Help facilities in these utilities was virtually unheard of. The result was difficult or impossible to use tools, tools that could be used by only "the few, the proud." The level of security-related threat was thus not really very high. The usability of cracking utilities has, however, improved substantially over time. A large number of tools are now so easy to use that they are often sarcastically called kiddie scripts. All a would-be attacker needs to do with such tools is download them, enter a little information (such as an answer to "What IP address do you want to attack?"), move a pointer to Go and then click a mouse button. The emergence of kiddie scripts has had much of the same effect that guns had centuries ago. Before guns were widely used in battle, a large individual, all things considered, had a huge advantage over a small individual. The gun became the "great equalizer." Kiddie scripts likewise are a great equalizer, although in a somewhat different sense. Someone who uses a kiddie script may not be able to do all the things that a very experienced attacker might be able to do, but the inexperienced person might at least be able to do many or most of these things.

The types of motivation to deploy malware are also eye opening. Traditional "hackers" are now only a part of the potential force of cyber world adversaries. Organized crime has moved into the computing arena, looking for opportunities such as making unauthorized funds transfers. Industrial espionage agents, disgruntled or greedy insiders, "information warfare" specialists within the military and government arenas, jilted lovers, sexual predators, identity thieves, and even cyber terrorists are among the many categories of individuals who are likely to use malware to breach security in systems and networks. Computer security professionals are taught that attacks are the by-products of capabilities, means, and opportunity. Malware translates to capabilities. The opportunities are truly mind-boggling when one considers just how diverse computing environments are today and how many different types of people can potentially obtain access to systems and networks.

All is not lost, however. The war against malware has at least a few bright sports. Anti-virus software is widely available today, for example, and, if it is updated regularly, it is effective in detecting and eradicating quite a few types of malware, especially (but not limited to) viruses and worms on Windows and Macintosh systems. The success of antivirus software represents some degree of victory in the war against malware. But the overwhelming majority of this type of software is pretty simplistic, as you'll see in Chapter 2 of this book, and, worse yet, there are many users who still do not run antivirus software on their Windows and Macintosh systems, or if they do, they may fail to update it as necessary. Other kinds of malware detection and eradication software have been developed, as covered in various chapters throughout this book, but once again the lack of deployment (often by organizations that need this type of software the most) is a major limitation with this type of software.

The problem of the existence of many types of m alware and the fact that malware seems to become increasingly sophisticated so quickly has created a huge gap between malware as we know it and our capabilities of dealing with it. If we are ever going to reduce the size of this gap, we need to leap ahead instead of taking minute steps in understanding and dealing with malicious code. The availability of a detailed, comprehensive work on the types of malware that exist, how they work, and how to defend against them would be one of the best catalysts for such a leap. Malware: Fighting Malicious Code is such a work. Ed Skoudis presents the necessary groundwork for understanding malware in Chapter 1 with a neat little taxonomy, then proceeds to cover each major type of malicious code--viruses, worms, malicious mobile code, backdoors, Trojan horses, user-mode rootkits, kernel rootkits, and deeper levels of malicious code and hybrid malware, in the subsequent chapters. He then presents scenarios in which malicious code has been planted in systems and concludes with how to safely and effectively analyze potential and real malware. My favorite chapter is chapter eight (on kernel-mode rootkits) because Ed takes a topic in which there is at best scattered knowledge and puts it together into a highly detailed and comprehensible framework. I must admit that I was the most uncomfortable after reading this particular chapter, too, because I for the first time realized just how many clever ways there are to subvert kernels. I poked around one of my own Linux systems afterwards to try the things that Ed covered in an attempt to assure myself that the system had not been subverted at the kernel layer. I found that after reading this chapter, I was able to do this surprisingly well for someone who spends most of his time dealing with Windows, not Linux systems. Chapter 10 (on scenarios), applies what Ed has covered in the first nine chapters. Scenarios and case studies are the best way to "bring concepts home," and Ed has done that in a very nice way in the scenarios chapter. It is always interesting to learn about malicious code, but if you do not know what to do about it when you are through reading, you really haven't benefited. This whole book establishes that effective, proven, and workable solutions against this threat are available and describes in great detail how these solutions can be implemented.

I have never seen such a group of issues of the nature of the ones covered in Malware: Fighting Malicious Code so clearly and systematically presented. Ed is a top-rated SANS faculty member, and if you have any doubt that he can write as well as he can lecture, reading this book should completely remove it. His ability to present all the relevant technical details so understandably but without diluting the technical content is one that few authors have. His frequent injection of humorous statements is "topping on the cake," keeping the interest level high no matter how technical the subject matter. I keep thinking about how much more students who have taken various computer security courses from me over the years would have gotten out of these courses had this book been available earlier.

--E. Eugene Schultz, Ph.D., CISSP, CISM

Reader review(s):

Levels the Playing Field, December 13, 2003
Utterly fascinating. It comprehensively surveys the field of malware. It clearly explains viruses, worms and Trojans. Plus, given the universal prevalence of browsers on computers these days, careful attention is given to infiltrations via buggy browsers.

The authors write in an easy to follow style, aimed at the programmer. Though if you are not such, but know the rudiments of computers as a user, you can follow most of the discussion.

If you have ever wondered at the brief explanations of viruses or worms that appear in the general media, or even in the technical magazines, then this is an instructive book. For example, you have probably heard of "buffer overflows". But due to the constraints of space or audience type, the explanations left you unsatisfied. Turn instead here.

Some of you may look with askance upon this book. After all, haven't the authors just written a HowTo for new malware wretches? Strictly, perhaps so. But before you berate the authors, consider this. The top malware writers probably devote the bulk of their formidable intellectual creativity to malware. But if you want to guard against it, and you are a programmer or sysadmin, typically this is not your only responsibility. Without a book like this, it is much harder to come up to speed. You then face a very unlevel playing field.

The only strange thing about this book is that there should be more like it, at its level of detail. If you survey the field of computer books, it can seem like there are multiple books on most topics, not matter how obscure. But on THIS topic, which is of broad, pervasive import to most users, there exists little.

Until now.

Parts of this book should be a must read for EVERYONE!, April 17, 2004
Working with a computer that doesn't want to behave on its own is frustrating enough. Between buggy code and the blue screen of death, many of us have wanted to throw our computers against the wall. Unfortunately, not only do we need to deal with these wonderful, little problems, but we also need to deal with programs that are intentionally trying to inflict problems on or through our computers.

These programs, collectively called "malware", include many different categories; however, we know them best as the "virus", "Trojan horse", "rootkits", "backdoors", and a lot of others. These malware tools (based on "mal", the Latin word for "bad" or "evil") are the bane not only of system administrators but also of the average home user who just doesn't know any better.

"Malware: Fighting Malicious Code" by Ed Skoudis is meant to educate the reader not only of the dangers of malware but also of ways to combat malware.

"To defeat your enemy, you first must know him." - Sun Tzu

This phrase is the core philosophy of this book. This 647-page fighter's manual is the computer-age version of Tzu's "The Art of War", except in this case the war is between you and the low-life morons who create the programs that facilitated the need for Skoudis to write this book.

I found this book to be far more fascinating than I thought it would be. After all, how exciting can a book about virii and Trojan horses really be? "Malware" is written with a surprising amount of detailed, historical facts, real-world examples, and light-hearted humor that help to keep your attention. The author also takes extra steps to differentiate between the various types of malware. After all, how many people do you know who continually (and incorrectly) use "virus", "Trojan horse", and "worm" interchangeably? How many of you are guilty of it yourselves?

"Malware" covers a lot more than you would probably expect such a book to cover. Not only does it cover the more commonly-know malware, such as virii, Trojn horses, and worms, but it also covers topics like ActiveX Controls, Java applets, JavaScript, backdoors, and many others. It also contains a great deal of information on root kits, both user and kernel modes.

Sections of the book even go deeper into the possibilities of malware attacks against the system BIOS and microcode.

Those who expect this book to deal primarily with Windows will likely be surprised in the amount of detail that is given to UNIX (primarily Solaris) and Linux as well as Windows. In fact, each of these have their own chapters with respect to rootkits and kernel attacks. These chapters can be very dry, but there is a great deal of information in these chapters that any serious system administrator who is interested in security (as we all should be) should read.

The author goes into respectable detail regarding how the various types of malware attack and propagate, not only from a basic functional point of view but also from a detailed step-by-step method to explain exactly what each type of malware does at any given step.

An entire chapter is dedicated to analyzing malware. He gives solid theories on how to best set up an environment that will help you to detect, analyze, and build up a defense again malware before you introduce it into your organization. As many system administrators have found out at one time or another, sometimes spending time to find a prevention is much better than wasting time to fix a problem that is allowed to propagate. More often than not, playing "clean up" takes far, far more time than the time it takes to prevent an outbreak in the first place.

With the exception of the excessive dryness of and technical knowledge needed for the various rootkit chapters, I actually ate this book up. The majority of the book is not a difficult read, and I found it fascinating to read how these programs have evolved. In fact, malware has been around a lot longer than most people suspect.

The only problem that I had with the book is that the author was very clearly trying to not anger anyone, which I think forced him to not be straightforward on some issues. In particular, he has a whole chapter about ActiveX malware, yet he very blatantly neglects to mention the easiest and most obvious method of avoiding ActiveX problems - STOP USING INTERNET EXPLORER AND OUTLOOK! These are the only two major tools that use ActiveX since ActiveX is a Microsoft-proprietary component. So, to defend yourself against Internet Explorer and Outlook malware, such as plug-ins that take control of IE, STOP USING THEM! Mozilla, Netscape, and Eudora are free and work beautifully! There is no shame, anger, or bias in telling the truth that the best way to avoid ActiveX problems is to use tools that do not use ActiveX. I'm sure that he knows very well that this is the truth, considering the huge amount of detail that the book entails; but I am very certain that he neglected to say it because he (or the publisher) was skittish about upsetting the All-Powerful, All-Mighty Bill, which is completely unfair to the reader. Yes, I'll admit that I'm being anally retentive on that, but there is nothing wrong with saying, "Hey, folks! There are more secure alternatives out there that (gasp!) have nothing to do with Microsoft!"

Regardless, this book is a must-read for any security administrator who thinks he's knowledgeable about these matters. If you're a security administrator who thinks that you know just about all there is to malware or that a firewall and a virus scanner are all that you need, I can just about guarantee that this book will have your intelligence ego eating humble pie. The fact is that the enemy is far more complicated and intelligent than most network administrators will admit, and this book definitely helps you to know your enemy.

And just consider that the enemy will only get more intelligent and devious in the future.

best of it's kind, March 9, 2004
I've read a few books on viruses, worms, and malware. This is the best by far. Prior to reading this text I considered myself pretty well versed in the subject area of all but a couple of chapters. I was pleasantly suprised to uncover a ton of new knowledge, tools, and tricks in each chapter. Now that I've finished reading this book, my only regret is that the experience is over.

The 12 chapters of this book include the following major topics: Viruses, Worms, Malicious Mobile Code, Backdoors, Trojan Horses, User Mode RootKits, Kernel-Mode RootKits, Going Deeper, Scenarios, and Malware Analysis. At first glance this all seems like pretty standard fare. However, Skoudis really digs into each subject. He includes in-depth analysis of many live and current malware specimines. I even learned a lot of not so well documented things about Unix and Windows from this book.

Ed is able to explain complex technical material in a way that's easy to digest and enjoyable to the reader. While it's written more for a techie, this book can also be read and appreciated by a novice.

The chapters on Malicious Mobile Code and RootKits were particularly enlighning. The chapter entitled "Going Deeper" explores possibilities for malware at the BIOS and CPU microcode levels in addition to combo-malware. The chapter on "Malware Analysis" is a nice intorduction to revers engineering and analyzing malware.

I attended a SANS track instructed by the the author recently. I told him how much I enjoyed reading "Counter Hack" a couple of years back. He said that "Counter Hack" was like an InfoSec 101/102 course and "Malware" is like InfoSec 103/104. I agree that this is a great follow "Counter Hack". This is not a rerun or revision of the first book. Nor is it the same exact material he teaches with SANS (which is also very good stuff). Malware is a new and fresh book that will sit on the top shelf of my InofSec bookcase with the other books that I refer to frequently. This book easily earns my highest rating and recommendation.

Very Good Book on Understanding and Fighting Malware, March 8, 2004
"Malware: Fighting Malicious Code" is the most comprehensive book to date on malicious code. The book devotes a full chapter to each type of malware: viruses, worms, malicious mobile code, backdoors, Trojan horses, user-mode rootkits, kernel rootkits, etc. Each chapter presents the characteristics and methods of attack, evolutionary trends, and how to defend against each type of these attack. In addition, in each chapter you will find various scenarios in which malicious code has been planted in systems and concludes with how to safely and effectively analyze potential and real malware. The chapters are covered in great details and include many charts and diagrams that help illustrate the concepts presented, and they come with a summary and a list of references for further research on the topic.

The book focuses both on attacks and defenses, reveals how attackers install malicious code and evade detection, and shows how to defeat their schemes, secure systems and protect networks from being affected by malware. The book discusses both Windows level attacks and UNIX type attacks and uses examples of recent kernel rootkits (keep in mind that the book was published in November 2003) that are analyzed for both platforms.

The book also introduces new ideas and theories such as the discussions on new attacks to BIOS and Microcode, where the authors explain how these attacks are conducted , the results that might be sought after, and how to protect from it. In chapter 11 for instance, the authors present on reverse engineering and studying Malware. They present many examples of a lab setup to dissect Malware and discuss some common tools and approaches to use, and provide a checklist for preparation and verification of your own lab. They basically provide instructions for building your own malware code analysis lab to allow you to get familiar with attack and defensive tools. I thought this was a nice feature especially for people who would like to know more on this subject but they are not necessarily security experts. This will allow them to get some hands-on experience in the comfort of their own lab.

The book provides great information for beginners to gain a better understanding, and provides in-depth information for the more advanced users. It is well written and fun to read. The writing style is simple but elegant allowing readers from different backgrounds to follow the explanations and discussion. In addition, the authors have put a lot of efforts into making complex topics and concepts very understandable, especially with the use of analogies to help explain the difficult sections and scenarios.

"Malware: Fighting Malicious Code" is a must read and an excellent resource. It covers everything you need to know about malware, understanding it and defeating it with practical actions that you can take to secure your systems and networks.

One of a kind....must read for security professionals, January 4, 2004
This book is an excellent resource on Malware of all types! I highly recommend that all security professionals read this book. This book brings to light in great depth how Malware works and the possible damages of such. This is the only book i know of that goes into great detail on exactly how differnt types of malware function.

Each chapter is almost like a mini book/whitepaper devoted to a particular topic (trojans, rootkits, worms, microcode etc)complete with a summary and references (which makes it easier to research topics later). Every topic is throughly covered in detail including the what,why,how and diagrams to help illustrate certain concepts. The book builds up chapter by chapter at the complexity that hackers are resorting to compromise computers including potential future areas of malware that attackers could begin to use in the near future.

The book has an even approach to both Windows and *nix enviroments. As Ed goes over the how and why of the different malware types he also gives great insight to practical defenses to help prevent such attacks. The information is very current/"bleeding edge". There is even a chapter on how to get started on reverse-engineering malware in your own lab.

Ed has done a great job of taking very complex topics and making them very understandable. Ed makes excellent parallels and great analogies to help explain the more difficult sections. There is some humor weaved through out the book that makes it that much more enjoyable to read.

5 stars!

Another tour de force from one of the community's best, June 13, 2004
I reviewed Ed's "Counter Hack" in Nov 2001, giving it five stars as the perfect introduction for newcomers to the security field. 2 1/2 years later I'm happy to say "Malware" delivers the same quality, clarity, and insight that made "Counter Hack" a winner. My only regret is not having read and reviewed "Malware" sooner!

One of the impressive aspects of this book is the degree to which it is "future-proofed." Ed looks at current threats like worms, viruses, trojans, and user- and kernel-mode rootkits, like any author might. He then takes malicious software to the next level, from the kernel to BIOS and finally to CPU microcode. These BIOS- and microcode-level attacks are still largely theoretical (aside from BIOS-destroying code), at least as far as the public knows. When the world sees these threats emerge, "Malware" will be waiting to explain their capabilities.

Ed writes exceptionally well, bringing coverage of Linux and Windows kernel internals to the masses. I enjoyed learning about the trojaned Tcpdump distribution, anti-forensics, DLL injection, and API hooking. Lenny Zeltser's chapters on malware analysis were helpful as well, and I recommend attending his reverse engineering classes. The book also shines with respect to skillful use of tables and diagrams to explain key points.

The only technical inaccuracy I found was the proposition that UNIX filesystems maintain a c_time as "creation time" (p. 319 and elsewhere). c_time is "change of inode time," like changing permissions on a file. Windows' NTFS "c_time" is indeed "creation time," however. I also found myself skipping many of the author's analogies, like the king, knights, castle, etc. story in the BIOS/microcode discussion. Ed's writing is clear enough that anyone with some technical experience should be able to understand his points without falling back on analogies.

I highly recommend "Malware" to anyone who wants to understand the capabilities of our digital enemies. Many other security books are vulnerability-focused, spending time explaining ways to subvert, breach, or abuse poorly designed or deployed applications. "Malware" is threat-oriented, showing the capabilities of intruders and their code. This knowledge will change the way you think about security and the trustworthiness of your systems -- especially those exposed to the harsh reality of the Internet.

Awesome!, December 29, 2003
I rarely label something a 'masterpiece', but Ed Skoudis's "Malware: Fighting Malicious Code" is nothing short of that. The book is an amazing combination of depth and breadth, which I always love in a security book. Moreover, it combines the above with lively and easy to follow presentation style as well as Ed's trademark humor (featuring the traditional overuse of the word "evil" :-) ) In many regards, the book is more fun to read and more packed of material than his previous work "Counterhack". The book also emanates the excitement that the author obviously feels about this field.

The book covers the wide scope of malicious code (viruses, worms, mobile code, rootkits, Trojans, backdoors) in a logical and well-structure fashion. This is not your grandmother's "virus book", as it covers all sorts of malicious programming and scripting. Chapter summaries, reasons 'why do you need to know', examples, clear diagrams, accurate analogies (something which is often abused in other security books) are all there to educate and entertain. In the very beginning I thought that some of the examples are a bit simplistic, but later I noticed that they work extremely well, especially for some of the technologies I was not intimately familiar with (such as Windows kernel).

The book starts with a nice and clear definition of "malicious code", which helps to set the frame for the rest of the book. It then goes to cover all the types of malware outlines above. Here are some of the chapter highlights, that I liked the most. "Worms" chapter has some exciting material on future worms and possible trends in worm activity. Mobile code chapter covers various browser-based attacks, including evil plugins, ActiveX and XSS (as utilized by malware). Backdoor chapter presents sniffing backdoors and fun tricks on using VNC. Trojan chapter shines in its coverage of source Trojans (with detailed analysis of recent attacks against common open-source software) and some neat data hiding tricks. Rootkits (two chapters for application and kernel-level) are my favorite. They are very well written and present this malicious technology in a logical fashion. Moreover, the material starts with brief but useful overviews of Linux and Windows kernels, which then continues as "five ways to manipulate a kernel" for malicious purpose. The material on Windows rootkits and kernel tricks is fascinating. Several examples of fairly recent kernel rootkits are analyzed for both platforms.

If the rest of the book is exciting, the chapter 9 is simply awesome. The author studies the possibility for BIOS and CPU microcode malware. Next chapter covers some end-to-end malware related attacks scenarios, which are lots of fun to read.

The book is topped with a chapter on analyzing malware, complete with suggestions for a lab setup and structured presentation of various~~ analysis approaches (static and dynamic). Analysis template is there as well.

Overall, the book is a great read for any security professional, system admin or an aspiring hacker. It focuses equally on attacks and defenses, with a slight bias towards attack (it also often touches on "defenses against defense" tricks, utilized by malicious software). UNIX and Windows platforms are both covered in almost equal level of detail.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal

Must Buy!!!, February 12, 2004
Once again, Ed has captured the essence of exactly what makes him one of the greatest educators I have ever had the privilege to meet. In his most recent book, Malware, he discusses a topic that has been in the headlines for the last year or so. Starting with SQL Slammer worm, and adding the flurry of worms and viruses that soon followed, Malware raised everyone's eyebrows at the new threats that haunt us today.

The book begins with a chapter defining Malware. It covers Trojans, Backdoors, Viruses, Worms and Malicious Applets. Ed and Lenny give a history lesson on each of these nasties to demonstrate that many of these Malware started out quit innocently. He digs deeper into the world of malicious software and touches on Rootkits. Ed does an excellent job of discussing both Windows level attacks and UNIX type attacks.

One thing Ed does that simply pushes this book out in front of the competition, is that he introduces new ideas and theories. As an example, he introduces new attacks to BIOS and Microcode. This is a new concept that he gives an explanation of how it might be done, the results that might be sought after, and how to protect yourself. His vision of the future is what sets him above and beyond anyone else in this field.

One of the last chapters of the book entitled "Malware Analysis" demonstrates the expertise of Lenny Zeltser. Lenny is a subject matter expert when it comes to reverse engineering and studying Malware. He gives great examples of a lab setup to dissect Malware as well as common tools and approaches that he uses. He even goes as far to give checklist for Preparation and verification of your own lab!

This book is a must for anyone in the Technology Industry. Managers will find use in it as it explains what each of these Malware has the capability of doing to their environment. Technologist and System Administrators will learn how to differentiate from the different types of Malware and proper defenses for each. Information Security Administrators will learn the history and quite possibly the future of Malware.

5 out of 5 stars.

All you need to know about this book, November 27, 2003
This is a very good book. If you are interested in the subject of application security then I would buy it, borrow it from a friend..whatever..just read it, as these guys really understand their subject and are prepared to give you that understanding.
I have a feeling this book will be a benchmark in the future.

Massive, magnificient, mischievous, machiavelian, Malware!, March 4, 2004
Eds latest book is his best and most fun to read. This tome is an amazing treatise on malicious code. Ed has outdone himself in his categorization, and in depth analysis of evil code. This book addresses the full gamut of types of malware, from trojans to kernel and user level root kits.

I highly recommend this book to anyone wanting to know more about how malicious code works, and how to defend against it. This should be required reading for software engineers, so that they truly understand the very nature of how attackers ply their craft.

Put on your tinfoil hats, this book is a great read!

{end of page}

(Page code from the SEO Tools, Toys, and Packages site)