AUTHORITATIVE SOURCES OF INFORMATION
Malware evolves and morphs at neck-breaking speed, and it is almost impossible to keep up with new developments. Therefore, any book or article in a scholarly journal on malware and its commercialization will become obsolete by the time it is released off the press.
Having said that, Hacking: The Next Generation by Nitesh Dhanjani, Billy Rios, and Brett Hardin71 provides software code examples and a good technical background on the most common types of malware, attack vectors, and defense mechanisms. In addition, the book by Jeffrey Carr, Inside Cyber Warfare: Mapping the Cyber Underworld,72 is probably the most comprehensive information available on understanding cyberwarfare and its actors.
The most authoritative, up-to-date sources on the topic of commercial malware are the same people and organizations that make their living fighting it. Blogs and articles from cybersecurity and antivirus organizations like Symantec (www.symantec.com), McAfee (http://blogs.mcafee.com/), Kaspersky (www.kaspersky.com/), and TrendMicro (http://blog.trendmicro.com/) provide the most up-to-date information on commercially available malware, how it functions, how it is distributed, and how to fight it.
Interesting and new knowledge is shared at special conferences, such as InfoSec,73 DerbyCon,74 DEF CON,75 and Black Hat™.76 Although DEF CON and Black Hat™ are dubbed as “hacker” conferences, these conferences are actually about researching and explaining how malware works, how it is distributed and used, and how it can be fought.
The speakers at these conferences are usually the sources of the new information and knowledge. One of the utmost experts and prolific authors on everything concerning malware – its design, development, and commercialization – is Gunter Ollmann, VP of Research of Damballa.77 He presents at cybersecurity-related conferences and publishes a blog and numerous white papers on his corporate website.
Finally, an internationally renowned security technologist and author, Bruce Schneier,78 provides very comprehensive and candid cybersecurity information and commentary.
71 Dhanjani, Nitesh, Billy Rios, Brett Hardin. Hacking: The Next Generation. O'Reilly Media, 2009.
72 Carr, Jeffrey. Inside Cyber Warfare: Mapping the Cyber Under world. O'Reilly Media, 2009.
73 Central Ohio InfoSec Summit. www.infosecsummit.com/.
74 DerbyCon conference. www.derbycon.com/.
75 DEF CON conference. www.defcon.org/.
76 Black Hat™ conference. www.blackhat.com/.
77 Damballa. www.damballa.com, and http://technicalinfodotnet.blogspot.com/ (accessed May 21, 2011).
78 Schneier, Bruce. Schneier on Security. www.schneier.com/blog/archives/2007/06/cyberwar.html