16

When I was a kid, I want to become a Malware Analyst and work in a Antivirus company. At that time, I love to try out different antivirus solutions and did a research project on Computer virus/antivirus back in High school. I'm interested in knowing how malwares got into my system and malware removal.

Today, I'm unemployed again and looking for a new career and this thought came to my mind. I suddenly have the urge to pursue my childhood dream as a malware analyst. I don't have much computer programming job experience before (only couple of months in a game company) and my previous job was an accountant. (Not related to computer programming).

I got my computer science degree 5 years ago and currently taking some part-time courses in Software QA/Testing in College. (Because I'm also considering to change career into Software QA field)
I also know that in order to work in a security field, you must be an expert in that field first. Do you think working as a Software QA/Tester would be a good starting point for the career path as a Malware Analyst? Or it's totally unrelated?

Would appreciate if anyone can provide some guidance as to pursuing a career in malware analysis.

edit

I heard about Security+, CISSP, CISA, CEH, SSCP etc. But don't know which one is related to malware analysis.

Thanks

Shawn
  • 163
  • 1
  • 5
  • 2
    I want to add to your question - 1 - Which of these certs require prior job experience and/or other certifications/CS degrees? 2 - Arrange the certs in order of difficulty/value in the industry. – FirstName LastName Feb 05 '13 at 10:30
  • http://tuts4you.com/index.php is good website for learning ASM and reversing. – talfiq Feb 28 '13 at 07:15
  • You might like to look at http://zeltser.com/reverse-malware/ – Ubaidah May 24 '14 at 11:56
  • @FirstNameLastName I can answer your additional question (in order from easiest to most difficult): Security+, CEH, SSCP (requires one year of work experience), CISA (requires one year of experience), CISSP (requires 5 years of experience) – Mrdeep Jul 24 '18 at 14:11

7 Answers7

8

There's surely a lot of relationship between Software Quality and Testing and Malware analyst. The basic principals of looking into how something works, testing out it's boundaries of operation, and delving into the extent of its functions are common to both. That being said, it would also depend on the type of software you are looking for.

I know of several people who left college and went out into the 'malware' (perhaps not that specific.. but general computer protection/analysis) field straight out of college, so that is a possibility too.

If you want a leg up, look into colleges that offer Information Assurance, or Computer Forensics degrees. (Perhaps a master's program).

5

You might want to look into the excellent article How to Get Started With Malware Analysis by Lenny Zeltser on SANS. It was written in 2010 but is still relevant today.It covers the Articles, Books, Forums, Blogs and Courses that one could follow to become a Malware Analyst

As mentioned in other answers, you also need to be fundamentally good at x86, C/C++, Assembly

I would suggest a self paced course like eLearnSecurity Advanced Reverse Engineering of Software

Later on, when you've got more hands on experience, other courses I would recommend are

(Google these, my reputation level does not allow me to post more than 2 links in my answer)

  • InfoSec Institute Reverse Engineering Training
  • MANDIANT Introduction to Malware Analysis
  • MANDIANT Customized Malware Analysis
  • MANDIANT Intermediate Malware Analysis
  • MANDIANT Advanced Malware Analysis
  • InfoSec Institute Advanced Reverse Engineering Malware
ZASE
  • 76
  • 1
  • 2
  • I'm looking into breaking into Malware Analysis and I'm a little confused about something in your answer. You mentioned x86 and then mentioned Assembly. Isn't x86 a particular type of instruction sets in Assembly? I ask because I've always steered clear of Assembly but it seems necessary in MA. Just looking for clarification so I know what it is exactly that I need to cut my teeth on, so to speak. – Rincewind May 28 '17 at 19:37
  • 1
    @Rincewind Yes, you are correct. That is a bit confusing to have them both in the same list. – mbomb007 Jul 24 '18 at 13:44
2

This question has been answered, but others may benefit from hearing all sides of this.

I'm a security analyst that does malware incident response for a giant company. Most of these answers seem to lead you down the path of reverse engineering new threats and developing signatures or other inoculations, but I ask you to clarify your question; you may be more interested in what I do.

In my case I get alerts from various sources (AV alerts, in-house tools for process tracking, tier 1 support requests, etc.) and use remote forensic toolsets to gather artifacts from the system and, in conjunction with leveraging network and proxy logs, determine if a system has been compromised. The goal is finding "IOC" (indicators of compromise), such as executed process hashes lighting up VirusTotal.com, finding custom shim databases in the USN Journal installed by a dropper, detecting WMI persistence modules, and on and on. Part of the job is keeping up with all the new techniques and knowing what to look out for, honing your craft.

In this case you don't need any skills in programming (C/C++, ASM, etc.), nor do you necessarily need many/any certifications. The foundation for this field of work is:

  • Knowing systems; get some experience doing tier 1 support or system/network admin at a small or medium business. The requirements for obtaining that job are significantly lower than what I'm listing here, especially with your CS degree.
  • Having a curious, paranoid, and analytical mind
  • Being aware of networking, security principles, and a feel of the popular free or open source tools like Nessus and Wireshark. There is no need to "already be an expert" as you say... the field of malware analysis is evolving too much for that, you just have to be adaptable yourself and keep pace as best you can.

I might be totally off-base, and you would rather disassemble code to develop signatures while working at an antivirus company, but I hope this opens your eyes to the other possibilities you have open to you.

armani
  • 2,658
  • 19
  • 20
1

SANS-GREM is good place for certification; but for the study you need to have good understanding of x86 assembly language, IDA pro tool, also couple of good books. For assembly - Step by step assembly by Jeff Duntemann and Practical Malware Analysis | No Starch Press. Good start and SANS reading room some samples analysis papers.

Also need to setup lab in your PC with virtual machine to do the real world analysis.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
1

UNITE affiliated computer help forums offer training programs (for free) in malware removal which is probably a good place to start. I don't think they go in depth into dissecting malware rather focusing on diagnosis and cleaning.

Andrew Lambert
  • 588
  • 4
  • 12
  • 1
    These programs will require you to commit to spending time on the forum offering the training, volunteering to help people remove malware. So you'll learn how to do first level incident response type work, which may or may not be what you want to do. If it is, then Andrew's suggestion is excellent and cost-free (but not obligation free). – Scott C Wilson Nov 07 '15 at 13:34
1

I believe for Malware research, SANS GREM is the closest and highly regarded: SANS-GREM

talfiq
  • 318
  • 1
  • 7
1

I too had the same question and the answer is join a company which is into malware analysis work and don't loose hope. Have patience for a few weeks/months and realize your dream job.

Learn x86, C/C++, Win32 API, Windows internals, PE file structure basics... Then when you are comfortable with these, try tools like ollydbg and IDA Pro. This will help if you want to learn on your own. You can try tools side by side.

The best option is to join a small company which does malware analysis and learn on the job. Not only will you work on PE files but you will have to deal with other file formats like PDF, doc, web files etc.

Also you will have to learn Android/iOS to stay ahead of the race.

It is a very vast field; the more knowledge you have the better. Linux, shell coding, python, ruby, etc. But this is for experienced guys.

Don't do a certification: they can't teach you reversing in a week's time. You require years to perfect the art.

Luc
  • 31,973
  • 8
  • 71
  • 135
Rebel_87
  • 11
  • 1