The short version:
Buy Michael Feathers' book, Working Effectively with Legacy Code.
The longer version:
The biggest challenge when maintaining (changing) such an application is doing it without breaking something. This means you need to understand the behaviour of the application, and the easiest way to do this is to get tests around it. As you've noted, this can be daunting at first, but it is not impossible. It requires discipline and patience.
You don't have to start with unit tests. It's usually easier to get an automation framework, such as NUnitForms or White, to drive the application as a black box first. Build up a suite of tests around the area you need to change to give you enough confidence to change it without breaking something. Then go in and start refactoring towards unit testability.
If it's anything like the application I'm working on, it mainly involves:
- deleting unused code (it's a distraction).
- removing public static method calls and replacing them with interfaces (Dependency Injection is a key technique here).
- extracting duplicated code into classes.
- hiding file handling, network IO, and user interface code behind adapters (these can be very thin wrappers at first, just enough so that you can replace them with stubs when testing).
- looking for opportunities to extract behaviour into small classes.
Sometimes it will be easier to rewrite sections of the code rather than refactor them, but that requires an understanding of the behaviour, either through testing or by referring to a spec (if one exists).
Apart from any practical advice, if you're part of a team working on this make sure you are working together. It will make the work easier, more enjoyable and ensure that changes you make today aren't undone tomorrow by someone who didn't understand what you were working on.
I could write all day on this topic, but Mr Feathers is much better at it, and I'm hungry. Good luck!