Malware represents one of the greatest threats that organizations face today and IT departments are coming to understand that their AV tools can only do so much to protect them. When malware is discovered on their systems, they want to know what it might have done, if the threat is still ongoing, and what they might have lost to the infection. Answers can be very tough to find, but reverse engineering the malware might just be the way to provide them.
While reverse engineering malware may not be something you've ever even considered, after a three day class, I can say that, yes, it's difficult, but also that it's well within the grasp of ordinary mortals (at least those ordinary mortals who wan wrap their brains around assembly language and system calls) -- especially if they take the right class, get the right tools, and practice.
What is it?
Reverse engineering malware is the process of taking a captured executable (a stand-alone executable or a library file, such as a DLL) and doing the computer equivalent of an MRI. You should always take some care in where and how you do this kind of work. Analyzing malware in a "safe" environment -- such as a virtual system on a machine that isn't connected to your network -- would be the option of choice. At least this would allow you to snapshot your OS and revert to it whenever you inadvertently kick the malware under your microscope into action.
