Anti-virus, malware, botnets and the like are becoming larger and larger parts of our daily lives. Are there any resources that discuss creating anti-virus tools, security tools and such? Seems like an interesting topic, but I have not been able to find any real source to refer to in order to learn more.
Suggestions? (Good and bad?)
I assume most languages used for this are C++ or assembly? Or are there others that work well for these sort of items?
For a holistic view on security, anything by Bruce Schneier comes highly recommended -- not the threat-specific focus you have in mind, but a background that will make you more effective at security issues in whatever role you play, whatever background you have.
For more specific views, I would recommend this book (and just about every book I've looked at in depth in the same series, but I can't personally vouch for all of them, they're dozens!-).
Alex's suggestion of Bruce Schneier's work is excellent, and everyone should read his stuff, but probably won't address what you're talking about. Even so, you should read it. He's the clearest writer on security topics today, and a voice of sanity in an often hysterical industry.
A free place to start for the bare bones is the SANS reading room. It's far from enough, but it's the basics.
I was fairly pleased with The Shellcoder's Handbook. It's a good introduction with some practical code to work with. It shows how real exploits are written, which is the first step in understanding how to protect against them.
Exploit work is done in a variety of things, but for the classic stack-smashing attacks, you need to know C and the assembler of the target platform (generally Intel). C++ is much less common in this world. It's too twisty-turny by the time the compiler gets done with it, and too bloated for the kinds of things needed. Objective-C is almost more useful in my opinion so that you can understand Mac reverse engineering. But that isn't where security is usually done. In this I'm speaking of exploits themselves. Many security tools are of course written in C++.
For the security tools side, you probably want to ask on serverfault. There are many, and the SANS link above should have links to some of the common tools (Nessus, nmap, hping, metasploit and the like). sectools.org maintains a big list that I like.
If you're going to be a security developer, you need a lot of breadth and a lot of depth. You need to understand the network protocols as well as the code that talks to them. You should be reasonably comfortable in languages from assembler to ruby. Much of it is more a way of thinking than an actual skill set, but those who are good at it tend to have broad skills and pick up new things quickly and often.
Since you noted specifically detecting and monitoring for exploits, you should dig into tools like snort (for learning how to detect) and metasploit (for generating the attacks to detect).