THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] - نسخه متنی

Peter Szor

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Acknowledgments

    Contact Information

    Part I. STRATEGIES OF THE ATTACKER

    Chapter 1. Introduction to the Games of Nature

    Section 1.1. Early Models of Self-Replicating Structures

    Section 1.2. Genesis of Computer Viruses

    Section 1.3. Automated Replicating Code: The Theory and Definition of Computer Viruses

    References

    Chapter 2. The Fascination of Malicious Code Analysis

    Section 2.1. Common Patterns of Virus Research

    Section 2.2. Antivirus Defense Development

    Section 2.3. Terminology of Malicious Programs

    Section 2.4. Other Categories

    Section 2.5. Computer Malware Naming Scheme

    Section 2.6. Annotated List of Officially Recognized Platform Names

    References

    Chapter 3. Malicious Code Environments

    Section 3.1. Computer Architecture Dependency

    Section 3.2. CPU Dependency

    Section 3.3. Operating System Dependency

    Section 3.4. Operating System Version Dependency

    Section 3.5. File System Dependency

    Section 3.6. File Format Dependency

    Section 3.7. Interpreted Environment Dependency

    Section 3.8. Vulnerability Dependency

    Section 3.9. Date and Time Dependency

    Section 3.10. JIT Dependency: Microsoft .NET Viruses

    Section 3.11. Archive Format Dependency

    Section 3.12. File Format Dependency Based on Extension

    Section 3.13. Network Protocol Dependency

    Section 3.14. Source Code Dependency

    Section 3.15. Resource Dependency on Mac and Palm Platforms

    Section 3.16. Host Size Dependency

    Section 3.17. Debugger Dependency

    Section 3.18. Compiler and Linker Dependency

    Section 3.19. Device Translator Layer Dependency

    Section 3.20. Embedded Object Insertion Dependency

    Section 3.21. Self-Contained Environment Dependency

    Section 3.22. Multipartite Viruses

    Section 3.23. Conclusion

    References

    Chapter 4. Classification of Infection Strategies

    Section 4.1. Boot Viruses

    Section 4.2. File Infection Techniques

    Section 4.3. An In-Depth Look at Win32 Viruses

    Section 4.4. Conclusion

    References

    Chapter 5. Classification of In-Memory Strategies

    Section 5.1. Direct-Action Viruses

    Section 5.2. Memory-Resident Viruses

    Section 5.3. Temporary Memory-Resident Viruses

    Section 5.4. Swapping Viruses

    Section 5.5. Viruses in Processes (in User Mode)

    Section 5.6. Viruses in Kernel Mode (Windows 9x/Me)

    Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP)

    Section 5.8. In-Memory Injectors over Networks

    References

    Chapter 6. Basic Self-Protection Strategies

    Section 6.1. Tunneling Viruses

    Section 6.2. Armored Viruses

    Section 6.3. Aggressive Retroviruses

    References

    Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits

    Section 7.1. Introduction

    Section 7.2. Evolution of Code

    Section 7.3. Encrypted Viruses

    Section 7.4. Oligomorphic Viruses

    Section 7.5. Polymorphic Viruses

    Section 7.6. Metamorphic Viruses

    Section 7.7. Virus Construction Kits

    References

    Chapter 8. Classification According to Payload

    Section 8.1. No-Payload

    Section 8.2. Accidentally Destructive Payload

    Section 8.3. Nondestructive Payload

    Section 8.4. Somewhat Destructive Payload

    Section 8.5. Highly Destructive Payload

    Section 8.6. DoS (Denial of Service) Attacks

    Section 8.7. Data Stealers: Making Money with Viruses

    Section 8.8. Conclusion

    References

    Chapter 9. Strategies of Computer Worms

    Section 9.1. Introduction

    Section 9.2. The Generic Structure of Computer Worms

    Section 9.3. Target Locator

    Section 9.4. Infection Propagators

    Section 9.5. Common Worm Code Transfer and Execution Techniques

    Section 9.6. Update Strategies of Computer Worms

    Section 9.7. Remote Control via Signaling

    Section 9.8. Intentional and Accidental Interactions

    Section 9.9. Wireless Mobile Worms

    References

    Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

    Section 10.1. Introduction

    Section 10.2. Background

    Section 10.3. Types of Vulnerabilities

    Section 10.4. Current and Previous Threats

    Section 10.5. Summary

    References

    Part II. STRATEGIES OF THE DEFENDER

    Chapter 11. Antivirus Defense Techniques

    Section 11.1. First-Generation Scanners

    Section 11.2. Second-Generation Scanners

    Section 11.3. Algorithmic Scanning Methods

    Section 11.4. Code Emulation

    Section 11.5. Metamorphic Virus Detection Examples

    Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses

    Section 11.7. Heuristic Analysis Using Neural Networks

    Section 11.8. Regular and Generic Disinfection Methods

    Section 11.9. Inoculation

    Section 11.10. Access Control Systems

    Section 11.11. Integrity Checking

    Section 11.12. Behavior Blocking

    Section 11.13. Sand-Boxing

    Section 11.14. Conclusion

    References

    Chapter 12. Memory Scanning and Disinfection

    Section 12.1. Introduction

    Section 12.2. The Windows NT Virtual Memory System

    Section 12.3. Virtual Address Spaces

    Section 12.4. Memory Scanning in User Mode

    Section 12.5. Memory Scanning and Paging

    Section 12.6. Memory Disinfection

    Section 12.7. Memory Scanning in Kernel Mode

    Section 12.8. Possible Attacks Against Memory Scanning

    Section 12.9. Conclusion and Future Work

    References

    Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

    Section 13.1. Introduction

    Section 13.2. Techniques to Block Buffer Overflow Attacks

    Section 13.3. Worm-Blocking Techniques

    Section 13.4. Possible Future Worm Attacks

    Section 13.5. Conclusion

    References

    Chapter 14. Network-Level Defense Strategies

    Section 14.1. Introduction

    Section 14.2. Using Router Access Lists

    Section 14.3. Firewall Protection

    Section 14.4. Network-Intrusion Detection Systems

    Section 14.5. Honeypot Systems

    Section 14.6. Counterattacks

    Section 14.7. Early Warning Systems

    Section 14.8. Worm Behavior Patterns on the Network

    Section 14.9. Conclusion

    References

    Chapter 15. Malicious Code Analysis Techniques

    Section 15.1. Your Personal Virus Analysis Laboratory

    Section 15.2. Information, Information, Information

    Section 15.3. Dedicated Virus Analysis on VMWARE

    Section 15.4. The Process of Computer Virus Analysis

    Section 15.5. Maintaining a Malicious Code Collection

    Section 15.6. Automated Analysis: The Digital Immune System

    References

    Chapter 16. Conclusion

    Further Reading

    Index

    •
    توضیحات
    افزودن یادداشت جدید











  • Further Reading


    This short section lists a few sites you can use to stay up to date on computer virus and security information. Because virus writers and other malicious hackers are continuously inventing new attacks, you must continuously educate yourself about new trends.

    Information on Security and Early Warnings


    • Read information about new computer viruses, malicious code, adware, and spyware attacks at Symantec Security Response, located at http://securityresponse.symantec.com.

    • Read Security Focus at http://www.securityfocus.com. You will find much useful and up-to-date information on security and daily practice. You can also access the valuable BugTraq mailing list at this location to stay current with platform and product vulnerabilities and related information.

    • Read the Internet security information posted on CERT at http://www.cert.org.

    • Visit the SANS Institute's Reading Room regularly at http://www.sans.org/rr.

    • Read the NTBUGTRAQ archives at http://www.ntbugtraq.com. You can also subscribe to the mailing list at this location.

    • Consider joining AVIEWS, organized by AVIEN, to get more information about computer viruses and protect your organization better from such attacks. You can find their site at http://www.aviews.net.


    Security Updates


    Keep yourself and your computer up to date! Look for information about Microsoft product updates at the following places:

    • Search Microsoft Security Bulletins at http://www.microsoft.com/technet/security/currentdl.aspx.

    • Read the most recent security updates at http://www.microsoft.com/security/bulletin/default.mspx.

    • Use the Windows Update at http://www.windowsupdate.com to deliver critical security updates to your system.

    • Readand usethe page with critical Internet Explorer updates at http://www.microsoft.com/windows/ie/downloads/default.mspx.

    • Find updates for Office products at http://office.microsoft.com/home/default.aspx.


    Computer Worm Outbreak Statistics


    You can read more on the spread of computer worms here:

    • CAIDA offers worm outbreak information, such as the spread of the Slammer and Witty worms, at http://www.caida.org/analysis/security. You will also find analysis based on the use of "network telescopes."


    Computer Virus Research Papers


    • Fred Cohen's site at http://all.net contains interesting articles and papers on computer viruses and security.

    • Vesselin Bontchev's home page, with a number of scientific papers on computer viruses at http://www.people.frisk-software.com/~bontchev/163.

    • Prof. Eugene Spafford's home page, with a number of interesting papers on computer viruses, ethics, and security is located at http://cerias.purdue.edu/homes/spaf.

    • Read more research and white papers on computer viruses via references collected by Kurt Wismer. This comprehensive list includes references to the work of over 100 leading computer virus researchers. You can find this page at http://members.tripod.com/~k_wismer/papers.


    Contact Information for Antivirus Vendors


    Table 16.1 lists contact information for antivirus vendors in alphabetical order.

    Table 16.1. Common Certified Antivirus Software Vendors

    Vendor

    Web Site

    ALWIL Software

    http://www.avast.com

    Authentium ("Command Software")

    http://www.authentium.com

    Cat Computer Services

    http://www.quickheal.com

    Computer Associates

    http://www.ca.com/etrust

    Cybersoft

    http://www.cyber.com

    DialogueScience

    http://www.dials.ru

    ESET Software

    http://www.nod32.com

    F-Secure ("Data Fellows")

    http://www.f-secure.com

    Freedom Internet Security

    http://www.freedom.net

    Frisk Software

    http://www.f-prot.com

    GFI MailSecurity

    http://www.gfi.com/mailsecurity

    GeCAD (Acquired by Microsoft Corporation)

    http://www.ravantivirus.com

    Grisoft

    http://www.grisoft.com

    H+BEDV Datentechnik

    http://www.antivir.de

    HAURI

    http://www.hauri.co.kr

    Hacksoft

    http://www.hacksoft.com.pe

    Hiwire Computer & Security

    http://www.hiwire.com.sg/antivirus/index

    Ikarus

    http://www.ikarus.at

    Kaspersky Labs

    http://www.kaspersky.com

    Leprechaun Software

    http://www.leprechaun.com.au

    MKS

    http://www.mks.com.pl

    MessageLabs

    http://www.messagelabs.com

    MicroWorld Software

    http://www.microworldtechnologies.com

    Network Associates

    http://www.nai.com

    Norman Data Defense Systems

    http://www.norman.com/no

    Panda Software

    http://www.pandasoftware.com

    Per Systems

    http://www.perantivirus.com

    Portcullis Computer Security

    http://www.portcullis-security.com

    Proland Software

    http://www.pspl.com

    Reflex Magnetics

    http://www.reflex-magnetics.co.uk

    Safetynet

    http://www.safe.net

    Software Appliance Company

    http://www.softappco.com

    Softwin

    http://www.bitdefender.com

    Sophos

    http://www.sophos.com

    Stiller Research

    http://www.stiller.com

    Sybari Software

    http://www.sybari.ws

    Symantec Corporation

    http://www.symantec.com

    Trend Micro Incorporated

    http://www.trendmicro.com

    VirusBuster Ltd.

    http://www.virusbuster.hu/en

    Antivirus Testers and Related Sites


    In this section, I present information about antivirus tests and related sites. Please note that each of these independent sites uses a very different test methodology.

    • Virus Bulletin's site is at http://www.virusbtn.com. Here you can read AV comparisons, find information about VB 100%-certified products, and get independent antivirus advice. You can find the most recent version of the VGrep tool on this site as well. There is also an archive of past issues with the best computer virus analyses available. You also can purchase a subscription to the magazine, which is currently A3195 for one year.

    • The most recent independent antivirus tests of the University of Hamburg's Virus Test Center (VTC) are at http://agn-www.informatik.uni-hamburg.de/vtc. The VTC is led by Prof. Dr. Klaus Brunnstein.

    • AV-Test.org also produces independent antivirus tests, a project of the University of Magdeburg in cooperation with AV-Test GmbH of Andreas Marx. You can find this site at http://www.av-test.org.

    • ICSA Labs, a division of TruSecure Corporation, also performs Anti-Virus Certifications and issues ICSA Labs Certifications. You can find their home page at http://www.icsalabs.or171/communities/antivirus.

    • Although EICAR (European Institute for Computer Antivirus Research) does not perform tests directly, it provides the eicar.com file for antivirus testing. This file contains code that is encoded in a large string so it can be cut and pasted to a file to test your antivirus software's ability to detect a virus without using an actual virus for the task. This file is detected by most antivirus programs under names similar to EICAR_Test_File. Unfortunately, the original EICAR test file was abused by virus writers because the first specification of the test file did not present formalized criteria of what needed to be detected exactly and what should not. Therefore, some viruses, such as batch and script malware, included the string in themselves to mislead users into thinking that the file containing the virus was harmless. The exact specifications of the EICAR test file have been updated recently, and antivirus product developers are advised to follow the detection according to the new specifications at http://www.eicar.org/anti_virus_test_file.

    • SC Magazine also performs security product evaluations via West Coast Labs' Checkmark Certification. You can find their site at http://westcoastlabs.org.

    • The WildList Organization International has produced the Wildlist of Computer Viruses every month since 1993, based on reports collected worldwide. The Wildlist is used by several antivirus certifications. You can find the Wildlist at http://www.wildlist.org.

    • The Virus Research Unit of the University of Tampere in Finland has been inactive for some time. However, it is expected to resume performing antivirus tests, led by Dr. Marko Helenius. You can find its site at http://www.uta.fi/laitokset/virus.

    • Another new antivirus certification program has been implemented by Dr. Leitold Ferenc in Hungary, located at http://www.checkvir.com.

    • Andreas Clementi is also implementing a new certification program, which is available for products that use their own engine only.



      • / 191