Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recommended Reading for Malware Removal


  • Please log in to reply
15 replies to this topic

#1 zamiel963

zamiel963

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:09:52 PM

Posted 20 June 2011 - 12:09 PM

I wanted to see if some of the individuals from the Malware removal team or other administrators of Bleeping Computer could recommend any books that would be a helpful as an introduction to the skills necessary to understand how to remove malware. Obviously some books would be focused on the underlying basics such as the registry and programming language but I think it would be helpful to see the consensus of the professionals of what books they believe are useful in building this knowledge. Anyone else interested in building this kind of resource?

BC AdBot (Login to Remove)

 


#2 zamiel963

zamiel963
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:09:52 PM

Posted 26 June 2011 - 11:29 AM

Anyone... Bueller?

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 AM

Posted 26 June 2011 - 01:00 PM

Hi zamiel963,

It depends a bit on what you mean with "skills necessary to understand how to remove malware". If you mean by that how to remove malware actively (either on a forum, or in face of the computer), then I have to say that books will not very helpful; malware changes every day, becomes more advanced and exploits other Windows components. There is no book that can keep up with that. Of course a good basic understanding of Windows and the registry is a huge advantage, but most of it is best learned through experience (or at least, in my opinion).

If you mean, how to learn to create/adapt tools to combat malware, you'll need to know some programming. Since I'm not into that field, I can't give you any useful information about that.

I hope this answers your question. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 zamiel963

zamiel963
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:09:52 PM

Posted 01 July 2011 - 09:10 AM

I think the main thing I'm looking for is knowledge on how to recognize what malware looks like in regards to running things like HiJack This and what someone reviewing it would look for. I guess what I'm really looking for is reference, for instance, if someone was assisting an individual with malware, upon reviewing their HJT or Combofix, would they be referencing a book about the registry, some kind of book on security exploits or just using their own base knowledge without the need to make a reference to other materials. If they are just using thier own base knowledge, where did they learn that information, were there books they read, classes they took or did other people train them. Maybe there is not an easy answer to my question but thanks for responding. It was starting to get eerie in here just listening to the voices in my head.

#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:52 PM

Posted 01 July 2011 - 09:27 AM

There is also this: Malware Removal Training Program Learn about it here, and join the program!

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 AM

Posted 01 July 2011 - 09:29 AM

Now I see what you mean. Tools like HJT are developed mainly with the purpose of forum usage. There are a lot of sites offering online malware removal training, which includes the usage of tools like HJT. There are no books explaining how to analyze logs though. A solid registry knowledge is a very good thing of course, but in order to be useful in malware removal, it has to be combined by practical knowledge and most importantly, experience.

This is taught at different malware removal schools (see for example the Unite banner link in my signature). More information about BleepingComputer's malware removal training can be found here

What we (and any other malware removal school) try to teach our trainees, is using the available tools to diagnose and remove malware. Because malware constantly changes, there are no books available on the subject that would be of much help (a book that comes out today, would be outdated next week).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 wiczjr

wiczjr

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 July 2011 - 03:34 PM

Now I see what you mean. Tools like HJT are developed mainly with the purpose of forum usage. There are a lot of sites offering online malware removal training, which includes the usage of tools like HJT. There are no books explaining how to analyze logs though. A solid registry knowledge is a very good thing of course, but in order to be useful in malware removal, it has to be combined by practical knowledge and most importantly, experience.

This is taught at different malware removal schools (see for example the Unite banner link in my signature). More information about BleepingComputer's malware removal training can be found here

What we (and any other malware removal school) try to teach our trainees, is using the available tools to diagnose and remove malware. Because malware constantly changes, there are no books available on the subject that would be of much help (a book that comes out today, would be outdated next week).


Not to knock the "malware removal buddies" that I see on certain forums spread through the internet, but do you have actual accredited certifications/education like sans silver certified for example, and are you actual professionals with real hands on field experience or is it more of a hobby?
Both faith and fear may sail into your harbour, but only allow faith to drop anchor.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 AM

Posted 01 July 2011 - 04:08 PM

Our community is 100% run by volunteers, which includes the malware removal section. The training we offer is not based on any certification; we aim to educate people in such a way that everyone willing to learn, can go through our program and learn how to recognize and remove malware.

I am afraid I fail to see why "hands-on field experience" and "hobby" would exclude one another. I do this as a hobby, but I think I can safely say I have quite some hands-on field experience at the same time. For me "professional" is not a synonym for "getting paid", but rather an expression that refers to the quality of any work, whether that is paid or on a voluntary basis. :whistle:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 wiczjr

wiczjr

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 July 2011 - 04:20 PM

[img]http://http://graphjam.files.wordpress.com/2009/05/song-chart-memes-repair-shop.jpg[/img]

There is a huge difference between hobby and real world experience. 1 or 2 computers being fixed on an online forum once every day or 2 is different than dozens of PC's coming to you on a daily basis, and developing efficient ways to fix the problems you see time and time and time and time again on a daily basis. Professional is a synonym for getting paid, because you meet the criteria (proper, accredited education and certifications) to repair a system or appliance. There is a lot of liability involved, and we can be sued if we don't have certain certifications which properly qualify us to work on servers and appliances like cisco and watchguard. Data is a big liability, and wipe-reformat-reinstall if you mess it up isn't an option in 99% of cases unless you're willing to shell out hundreds of man-hours in labor.

I was just curious as to the scope of the malware removal team's work, I meant no harm. A big thank you to all of the people you help for free as a hobby is in order. I'm sure you've saved a lot of people a lot of money.
Both faith and fear may sail into your harbour, but only allow faith to drop anchor.

#10 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:52 PM

Posted 01 July 2011 - 04:21 PM

Add to that many of the as you like to say so called 'hobbyists' do have real world experience and share their expertise to train those who want to learn.

Our and other 'malware schools' are founded and staffed by many Microsoft MVP's https://mvp.support.microsoft.com/communities/mvp.aspx?product=1&competency=Consumer+Security

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#11 wiczjr

wiczjr

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 July 2011 - 04:23 PM

Right on, thanks for the link animal. I hope someday between sans certifications I'll have time to go through a malware removal program as well :)
Both faith and fear may sail into your harbour, but only allow faith to drop anchor.

#12 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:52 PM

Posted 01 July 2011 - 05:15 PM

You're quite welcome. :thumbup2:

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#13 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,258 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:52 PM

Posted 02 July 2011 - 03:14 AM

Posted Image



Some very back of the envelope and generalized calculations* indicate that a Malware Response Team member here at BC has seen on average more than 2,000 infected computers (or the some computer again if the owner got re-infected.) This is not taking into account their activities outside of BC. How many truly notable computer or computer security experts hold an A+ cert? :P



*take the number of MRL Forum topics, minus the number of as yet unresolved topics, divided by the average number of active MRT members at any given time.

#14 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:10:52 PM

Posted 02 July 2011 - 04:55 AM

Some very back of the envelope and generalized calculations* indicate that a Malware Response Team member here at BC has seen on average more than 2,000 infected computers (or the some computer again if the owner got re-infected.) This is not taking into account their activities outside of BC. How many truly notable computer or computer security experts hold an A+ cert? :P


>>>*take the number of MRL Forum topics, minus the number of as yet unresolved topics, divided by the average number of active MRT members at any given time<<<

Wow, now that's one helluva "hobby" It's a wonder you **Malware Removal Buddy Hobbyists** manage to keep your collective sanity intact.


Oh wait....:P

**Henceforth to be commonly referenced as M.R.B.H**

Edited by Union_Thug, 02 July 2011 - 05:01 AM.


#15 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,258 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:52 PM

Posted 02 July 2011 - 05:32 AM

It's a wonder you **Malware Removal Buddy Hobbyists** manage to keep your collective sanity intact.


Oh wait....:P

Indeed. The staff psychologist went insane after speaking to several MRT members.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users