Becoming a malware analyst?

Question

So, I'm currently 16 and am considering a career in IT when I finish school. The thing that has intrigued me the most while growing up is malware. I've come across it so often and have often had to clean it up for family and friends (I also did it temporarily at a PC store I worked at).

Sometimes I reverse engineer malware that are coded in a .NET language that might be obfuscated and require manual IL code analysis. I like a bit of a challenge and I find reverse engineering "fun". I also have some knowledge in x86 assembly and code primarily in C++ and C#.

I was actually a part of one of the UNITE training programs for a period time but decided to drop it because I was more interested in pulling malware apart rather then diagnosing and performing cleanup from logs.

Anyway, I'm not sure where exactly to go about becoming a malware analyst but I know that I will probably need a degree in Computer Science. The thing that I noticed most of the "Malware Analyst" positions I looked up online required some previous experience as a mawlare analyst and I was wondering what other jobs would you'd probably need to have for this "previous experience". Lately, I've been really thinking about and I could see myself working at an anti-virus company in the future.

Perhaps someone who is knowledgable about this could shed some light? Also, if it makes a difference, I live in Australia (I know that many anti-virus companies are based in the US or Europe).

Answer 1

For studying malware, you will be doing a lot of reverse engineering to understand what it does as well as a lot of analyzing systems for weaknesses to try to predict which ways malware development might go.

A Computer Science degree will be critical and you will want to focus on decompiling and low level development (assembly and C/C++). Understanding embedded systems wouldn't be a bad idea either since one of the scary future places that malware will likely go is firmware and other places it can hide from current virus scanners.

A graduate level degree will probably be helpful (but not necessarily critical) as most bachelors programs focus more broadly on computer science as a whole and graduate work in reverse engineering will be beneficial. I'd also suggest it is worth paying for a "good" technical/engineering school because a lot of cheaper Computer Science programs tend to focus more on what is needed for developing business applications than going in to the details of low level programing and decompiling.

Answer 2

Degree-wise, I'd recommend Computer Science with a strong grounding in code development - the average software engineering classes, with extra effort in lower level languages that touch the system more intimately (C,C++, assembly) and compiler theory. As an add on - ways of breaking through higher level web based technologies is also becoming a trend - so having experience in and around web development, in particular client side applications like applets, flash, etc. could be a great position to be in over the next 10 years. Both would be killer.

As a side line, or concentration - get into the Info Sec courses. Malware analysis needs to happen in isolation from protected network assets, so knowing something about working on an isolated LAN, proper handling of malware, basic incident response, risk analysis and remediation, and digital forensics - it's all part of the world you want to work in. If you aren't the guy responsible for this side, you're still going to be working intimately with that guy.

In all honesty - I haven't worked with a malware analyst, but in my impression, you'll see them most in places that build protections for a living - anti-virus software, application firewalls, maybe even WAFs - but the companies utilizing these controls will tend to rely on the vendors of the controls for malware expertise in all but a few very high end situations.

Security in general these days has a really unfortunate trend towards saying in any job "previous experience required". In a very general sense, they want someone who at least knows proper security procedure and who will think with a careful mindset. Almost any job in a secure environment, with high risk assets to be protected, is a good basis. Better yet - something in either a software field or an info sec field.

Answer 3

Malware analysis is one of the IT fields in which you don't need a previous job for show your experience. You can investigate about current malware and show your research to the world using the appropriate mean.

It is like penetration test for example. If you are able to find vulnerabilities on recognized sites and get your CVE number, when applying for a job although you hadn't worked never as pentester the recruiter will know that you know what has to be done because you have a proven CVE number that identify you as the finder of the vulnerability.

After school, go for a Bachelor's Degree, you need it. Check the content of the different degrees and choose the one with more programming, assembly and so.

Answer 4

You need experience in a variety of languages, including C/C++ and Assembly basics, for sure (let's assume that knowledge is prerequisite and that you're already planning on studying it), but the most important thing is to read a TON of other people's code, both benign and malicious. You should be reading code daily, finding new approaches to solving problems, as well as finding problems in the code itself.

If you want to analyze, then you need THAT background. The ability to think like a compiler, to recognize programming patterns and common programmer mistakes. If you want to analyze, then analyze.

People will suggest degrees, but the degree is NOT important: the classes are. Choose classes and books and teachers that will push yourself into new areas and new ideas. The ability to think on your feet and be creative is the key here while being grounded in solid technical knowledge. This is one area where you certainly don't need a degree. If you want a degree, get one, but you could study culinary arts while developing yourself into an analyst.

Answer 5

I have first hand experience as a malware researcher so I can say something on your queries. Firstly its good to complete your foundational degree in Computer Science. Though most courses wont encourage you to go deep into assembly or binary reversing, nothing should stop you from learning them on your own, I am sure most guys who come to this are all self taught.

Go over the books Malware Analysts cookbook and practical malware analysis. Also Secrets of Reversing. Once you get the hang of cracking crackmes and shareware for fun, not profit, you can graduate to malware. Also you have to do a lot of programming in terms of system apis and file format parsing and analysis. IDA PRo and Olly DBG along with WinDBG should prepare you for whats in store. And try to diversify as well, I mean do programming in AI, graphics 2D, 3D, numerical programming, data mining etc. There really is no domain that your cant use in reversing.

After you are confident enough you can start applying for apprenticeship in an av company. Showcase your work and try to get their attention. Of course now the bars are raised a lot more and you have to get some publications out or speaking engagements to garner more points in terms of recruitment. Also everyone in IT knows that the AV industry sees itself as something special and niche and there are actually a lot of politics to get the hand of once you join the industry. You might even like it who knows ; )

Answer 6

If you are good enough you don't really need a degree to work as a malware analyst. But chance is that in certain position for example, Data Scientist which relates to malware domain, you may need a research degree (for e.g: PhD in Computer Science) to secure that position.

Unless you want to stick in the analyst position forever...