This tool will let you check sites you don't know, or are not sure about. Just plug the URL into the address box on the page.

The Flash security settings panel, particularly the microphone and Webcam setting.

Similar to VirusTotal, but this one does an activity check, looking for dangerous operations.

Many antispam sites tell you not to provide your email address. This advice, however, doesn't work too well if you need to advertise your address so that people can contact you. This site provides some practical advice on ways to hide your address from robots and spiders, but still make it accessible to people.

Most of these techniques would also work in HTML formatted email, but, as a malware specialist, I can hardly encourage people to use HTML formatted email. For those of a malware research frame of mind, a number of these techniques are also used to hide malicious content.

A series of PDFs, the course teaches what malicious code is and how it can be analyzed. Topics include malware taxonomy,reverse engineering, code emulation fundamentals, basic cryptoanalysis of malicious crypto, and antivirus engine basics. The full course includes lectures.

A collection of resources (mostly online) that will help those interested get started working towards an understanding of how to pick apart malware, see what it does, and how to protect against it.

This paper describes an attack on the Intel SMM (System Management Module). This is a very low level attack, and therefore would be able to circumvent almost all common software defences, and some that rely on hardware, as well.

After Macmillan refused to update the book, David and I got the copyright back, and planned to update it and release in online. Somebody beat us to it. This appears to be a blackhat site, so be careful, but the information appears to be there.

This paper provides an overview explanation of fast flux and double flux activities related to hiding malicious Websites, or avoiding takedown (particularly related to botnets. It also suggests certain actions which could mitigate such activity. The essay uses a lot of jargon and is not always clear, but does provide a decent basic explanation.

The tracking (and scope) of GhostNet, a significant example of the use of malware and botnets for espionage. Some items of this were given in a story in the New York Times (http://www.nytimes.com/2009/03/29/technology/29spy.html ). There is also related work in a report out of Cambridge (http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.html and full report at http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf )(which, like everything else Ross Anderson has written, is worth reading regardless of your level of interest).