Book of the Month – The Art of Computer Virus Research and Defense

This is one of the book which i read long back but it still makes one of the best and descriptive text available on Virus.
Written by the Peter Szor – the virus expert – “The Art of Computer Virus Research and Defense” presents great material for wanna be experts in Virus research.



Here is the core information about the book,

  • Title: The Art of Computer Virus Research and Defense
  • Author: Peter Szor
  • Publisher: Addison-Wesley Professional
  • Hardcover: 744 pages
  • Release Date: February 13, 2005
  • Rating(Amazon):


Here is the table of contents

Part: I Strategies of the Attacker

Chapter 1. Introduction to the Games of Nature
Chapter 2. The Fascination of Malicious Code Analysis
Chapter 3. Malicious Code Environments
Chapter 4. Classification of Infection Strategies
Chapter 5. Classification of In-Memory Strategies
Chapter 6. Basic Self-Protection Strategies
Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits
Chapter 8. Classification According to Payload
Chapter 9. Strategies of Computer Worms
Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

Part: II Strategies of the Defender

Chapter 11. Antivirus Defense Techniques
Chapter 12. Memory Scanning and Disinfection
Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention
Chapter 14. Network-Level Defense Strategies
Chapter 15. Malicious Code Analysis Techniques


Book is divided into 2 parts, first part is focusing on history, inner workings, classification of virus and second part gives you state of art techniques to defend/detect viruses. First 2 chapters goes with early story of viruses, definitions and basic analysis (more to the point). Chapter 4 & 6 are interesting – explaining how virus infects file systems/memory to put itself into action. It explains some of the core windows concepts while throwing light on PE file modification, Kernel infection etc.


Next it mentions how viruses use Anti-Debugging, Encoding, Encryption, Polymorphism etc techniques to protect themselves from being detected and draws on how virus creator kits have simplified jobs of creating state of art viruses in few clicks. Chapter 9 gives special attention to worms – how they are different from Virus, the way they spread over networks & their execution etc.

Second part is very interesting for those who wanna know how Anti-virus work under the hood. It explains how signature based scanning works, Dynamic Decryption, Tracing of Virus code using Emulation, Heuristic scanning methods. It also throws light on various disinfection techniques, integrity-checking methods, virtualization based virus analysis, scanning of virus code etc. Next it goes on describing virus/worm blocking or detection techniques using host/network intrusion detection systems, firewalls, honeypots,  behavioral analysis techniques.
On negative side, this book does not show you how to write virus/worm program for obvious reasons. The book is filled with code snippets (most of them in x86 assembly) justifying the concepts but you will be disappointed if you want to code your own virus. Also this book is little old (published in 2005) as per current trends but it still remains great book when it comes to understanding virus & worms.

This is by far the most comprehensive text available on Virus straight from the expert !

eBook Link :

Similar posts
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]

Leave a Reply