1

Sorry if this is posted in the wrong section.

A little about me: I'm going to be a sophomore in the fall at university, my major is Computer Science (Information Assurance). I've been interested in malware/antivirus since the sixth grade. I remember removing the McAfee security software from my family computer and replacing it with other vendors (kaspersky, bitdefender, eset, etc). I also used to watch youtube reviews of said vendors and other antimalware software, and have just recently acquired my own Virtual Machine and I install malware on there and use different products to see which can best remove the malware.

Anyway, how would you suggest I go about becoming a malware analyst? I've made a list of books to study (pratical malware analysis, art of memory forensics, malware rootkits, botnets: a beginners guide, etc). I also like to read kaspersky's theatpost and malwarebytes' blog, any other tips to get me started in my dream career?

Also, I plan on getting my Masters in Information Assurance, how much will that help me in terms of material learned and job competitiveness?

Nick Williams
  • 47
  • 1
  • 4
  • 1
    possible duplicate of [What are ways I can analyze malware in an infected machine, not just clean it?](http://security.stackexchange.com/questions/84681/what-are-ways-i-can-analyze-malware-in-an-infected-machine-not-just-clean-it) – RoraΖ Jun 10 '15 at 18:11
  • Best way is to get hired by Symantec or another company that does this on a routine basis. If you are a good programmer in the first place they will help you learn the reverse-engineering process. – SDsolar May 18 '17 at 08:35

3 Answers3

1

The two previous posts give great advice.

Here are the areas I would focus on:

1. C and Assembly Languages - Critical you know Assembly like a second language
2. Debuggers - WinDBG and gdb - A debugger will be your best friend
3. Windows and Linux Internals - You must know exactly how the target system works so you can identify exactly what the malware is trying to perform
4. Experience - do anything you can to show you know your stuff competitions, exercises, blog posts etc.

p.s. check out Cyberwarrrior Academy they offer a free 2 week class on Windows internals and malware development/analysis for qualified U.S. participants

Karmic
  • 317
  • 1
  • 5
0

A malware analyst is supposed to be able to perform deep analysis of a malware and provide a signature so that the antivirus software can detect that malware. (This is the reason why antivirus software companies would like to hire you)

In order to analyse a malware you might need to have knowledge of reverse engineering. Reverse engineering is a huge topic including but not limited to possess knowledge of Assembly and C languages. Basically in reverse engineering you shall disassemble the malware and perform code analysis. You shall try to find what this malware is supposed to do to the system, is it going to make network connections, is it going to send system information to someone, is it going to download something etc....

Also in order to perform your malware anylsys you would need to know to use some of the reverse engineering tools like IDA pro, OllyDbg etc.

I would recommend to have a look at what are the job specifications for a Malware analyst and then plan your strategy.

Also some antivirus companies have some offers too ;) For eg: ESET has a challenge here.

ρss
  • 344
  • 2
  • 8
0

Your book list is a great start. pss' advice to look at the job specs is great as well as his other points.

There is nothing like doing, though. To start doing, I suggest starting with crackme (reverse engineering) exercises and some packet analysis exercises. Not only will you learn about malware analysis, you will learn a whole lot about related technology (commands, tools, file formats, Operating Systems, languages).

Resources for crackmes / reverse engineering:

Resources for packet analysis:

good luck

mcgyver5
  • 6,807
  • 2
  • 24
  • 45