AcknowledgmentsContact InformationPart I. STRATEGIES OF THE ATTACKERChapter 1. Introduction to the Games of Nature Section 1.1. Early Models of Self-Replicating Structures Section 1.2. Genesis of Computer Viruses Section 1.3. Automated Replicating Code: The Theory and Definition of Computer VirusesReferencesChapter 2. The Fascination of Malicious Code Analysis Section 2.1. Common Patterns of Virus Research Section 2.2. Antivirus Defense Development Section 2.3. Terminology of Malicious Programs Section 2.4. Other Categories Section 2.5. Computer Malware Naming Scheme Section 2.6. Annotated List of Officially Recognized Platform NamesReferencesChapter 3. Malicious Code Environments Section 3.1. Computer Architecture Dependency Section 3.2. CPU Dependency Section 3.3. Operating System Dependency Section 3.4. Operating System Version Dependency Section 3.5. File System Dependency Section 3.6. File Format Dependency Section 3.7. Interpreted Environment Dependency Section 3.8. Vulnerability Dependency Section 3.9. Date and Time Dependency Section 3.10. JIT Dependency: Microsoft .NET Viruses Section 3.11. Archive Format Dependency Section 3.12. File Format Dependency Based on Extension Section 3.13. Network Protocol Dependency Section 3.14. Source Code Dependency Section 3.15. Resource Dependency on Mac and Palm Platforms Section 3.16. Host Size Dependency Section 3.17. Debugger Dependency Section 3.18. Compiler and Linker Dependency Section 3.19. Device Translator Layer Dependency Section 3.20. Embedded Object Insertion Dependency Section 3.21. Self-Contained Environment Dependency Section 3.22. Multipartite Viruses Section 3.23. ConclusionReferencesChapter 4. Classification of Infection Strategies Section 4.1. Boot Viruses Section 4.2. File Infection Techniques Section 4.3. An In-Depth Look at Win32 Viruses Section 4.4. ConclusionReferencesChapter 5. Classification of In-Memory Strategies Section 5.1. Direct-Action Viruses Section 5.2. Memory-Resident Viruses Section 5.3. Temporary Memory-Resident Viruses Section 5.4. Swapping Viruses Section 5.5. Viruses in Processes (in User Mode) Section 5.6. Viruses in Kernel Mode (Windows 9x/Me) Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP) Section 5.8. In-Memory Injectors over NetworksReferencesChapter 6. Basic Self-Protection Strategies Section 6.1. Tunneling Viruses Section 6.2. Armored Viruses Section 6.3. Aggressive RetrovirusesReferencesChapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits Section 7.1. Introduction Section 7.2. Evolution of Code Section 7.3. Encrypted Viruses Section 7.4. Oligomorphic Viruses Section 7.5. Polymorphic Viruses Section 7.6. Metamorphic Viruses Section 7.7. Virus Construction KitsReferencesChapter 8. Classification According to Payload Section 8.1. No-Payload Section 8.2. Accidentally Destructive Payload Section 8.3. Nondestructive Payload Section 8.4. Somewhat Destructive Payload Section 8.5. Highly Destructive Payload Section 8.6. DoS (Denial of Service) Attacks Section 8.7. Data Stealers: Making Money with Viruses Section 8.8. ConclusionReferencesChapter 9. Strategies of Computer Worms Section 9.1. Introduction Section 9.2. The Generic Structure of Computer Worms Section 9.3. Target Locator Section 9.4. Infection Propagators Section 9.5. Common Worm Code Transfer and Execution Techniques Section 9.6. Update Strategies of Computer Worms Section 9.7. Remote Control via Signaling Section 9.8. Intentional and Accidental Interactions Section 9.9. Wireless Mobile WormsReferencesChapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks Section 10.1. Introduction Section 10.2. Background Section 10.3. Types of Vulnerabilities Section 10.4. Current and Previous Threats Section 10.5. SummaryReferencesPart II. STRATEGIES OF THE DEFENDERChapter 11. Antivirus Defense Techniques Section 11.1. First-Generation Scanners Section 11.2. Second-Generation Scanners Section 11.3. Algorithmic Scanning Methods Section 11.4. Code Emulation Section 11.5. Metamorphic Virus Detection Examples Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses Section 11.7. Heuristic Analysis Using Neural Networks Section 11.8. Regular and Generic Disinfection Methods Section 11.9. Inoculation Section 11.10. Access Control Systems Section 11.11. Integrity Checking Section 11.12. Behavior Blocking Section 11.13. Sand-Boxing Section 11.14. ConclusionReferencesChapter 12. Memory Scanning and Disinfection Section 12.1. Introduction Section 12.2. The Windows NT Virtual Memory System Section 12.3. Virtual Address Spaces Section 12.4. Memory Scanning in User Mode Section 12.5. Memory Scanning and Paging Section 12.6. Memory Disinfection Section 12.7. Memory Scanning in Kernel Mode Section 12.8. Possible Attacks Against Memory Scanning Section 12.9. Conclusion and Future WorkReferencesChapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention Section 13.1. Introduction Section 13.2. Techniques to Block Buffer Overflow Attacks Section 13.3. Worm-Blocking Techniques Section 13.4. Possible Future Worm Attacks Section 13.5. ConclusionReferencesChapter 14. Network-Level Defense Strategies Section 14.1. Introduction Section 14.2. Using Router Access Lists Section 14.3. Firewall Protection Section 14.4. Network-Intrusion Detection Systems Section 14.5. Honeypot Systems Section 14.6. Counterattacks Section 14.7. Early Warning Systems Section 14.8. Worm Behavior Patterns on the Network Section 14.9. ConclusionReferencesChapter 15. Malicious Code Analysis Techniques Section 15.1. Your Personal Virus Analysis Laboratory Section 15.2. Information, Information, Information Section 15.3. Dedicated Virus Analysis on VMWARE Section 15.4. The Process of Computer Virus Analysis Section 15.5. Maintaining a Malicious Code Collection Section 15.6. Automated Analysis: The Digital Immune SystemReferencesChapter 16. ConclusionFurther ReadingIndex
لطفا منتظر باشید ...
