THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] - نسخه متنی

Peter Szor

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Acknowledgments

    Contact Information

    Part I. STRATEGIES OF THE ATTACKER

    Chapter 1. Introduction to the Games of Nature

    Section 1.1. Early Models of Self-Replicating Structures

    Section 1.2. Genesis of Computer Viruses

    Section 1.3. Automated Replicating Code: The Theory and Definition of Computer Viruses

    References

    Chapter 2. The Fascination of Malicious Code Analysis

    Section 2.1. Common Patterns of Virus Research

    Section 2.2. Antivirus Defense Development

    Section 2.3. Terminology of Malicious Programs

    Section 2.4. Other Categories

    Section 2.5. Computer Malware Naming Scheme

    Section 2.6. Annotated List of Officially Recognized Platform Names

    References

    Chapter 3. Malicious Code Environments

    Section 3.1. Computer Architecture Dependency

    Section 3.2. CPU Dependency

    Section 3.3. Operating System Dependency

    Section 3.4. Operating System Version Dependency

    Section 3.5. File System Dependency

    Section 3.6. File Format Dependency

    Section 3.7. Interpreted Environment Dependency

    Section 3.8. Vulnerability Dependency

    Section 3.9. Date and Time Dependency

    Section 3.10. JIT Dependency: Microsoft .NET Viruses

    Section 3.11. Archive Format Dependency

    Section 3.12. File Format Dependency Based on Extension

    Section 3.13. Network Protocol Dependency

    Section 3.14. Source Code Dependency

    Section 3.15. Resource Dependency on Mac and Palm Platforms

    Section 3.16. Host Size Dependency

    Section 3.17. Debugger Dependency

    Section 3.18. Compiler and Linker Dependency

    Section 3.19. Device Translator Layer Dependency

    Section 3.20. Embedded Object Insertion Dependency

    Section 3.21. Self-Contained Environment Dependency

    Section 3.22. Multipartite Viruses

    Section 3.23. Conclusion

    References

    Chapter 4. Classification of Infection Strategies

    Section 4.1. Boot Viruses

    Section 4.2. File Infection Techniques

    Section 4.3. An In-Depth Look at Win32 Viruses

    Section 4.4. Conclusion

    References

    Chapter 5. Classification of In-Memory Strategies

    Section 5.1. Direct-Action Viruses

    Section 5.2. Memory-Resident Viruses

    Section 5.3. Temporary Memory-Resident Viruses

    Section 5.4. Swapping Viruses

    Section 5.5. Viruses in Processes (in User Mode)

    Section 5.6. Viruses in Kernel Mode (Windows 9x/Me)

    Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP)

    Section 5.8. In-Memory Injectors over Networks

    References

    Chapter 6. Basic Self-Protection Strategies

    Section 6.1. Tunneling Viruses

    Section 6.2. Armored Viruses

    Section 6.3. Aggressive Retroviruses

    References

    Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits

    Section 7.1. Introduction

    Section 7.2. Evolution of Code

    Section 7.3. Encrypted Viruses

    Section 7.4. Oligomorphic Viruses

    Section 7.5. Polymorphic Viruses

    Section 7.6. Metamorphic Viruses

    Section 7.7. Virus Construction Kits

    References

    Chapter 8. Classification According to Payload

    Section 8.1. No-Payload

    Section 8.2. Accidentally Destructive Payload

    Section 8.3. Nondestructive Payload

    Section 8.4. Somewhat Destructive Payload

    Section 8.5. Highly Destructive Payload

    Section 8.6. DoS (Denial of Service) Attacks

    Section 8.7. Data Stealers: Making Money with Viruses

    Section 8.8. Conclusion

    References

    Chapter 9. Strategies of Computer Worms

    Section 9.1. Introduction

    Section 9.2. The Generic Structure of Computer Worms

    Section 9.3. Target Locator

    Section 9.4. Infection Propagators

    Section 9.5. Common Worm Code Transfer and Execution Techniques

    Section 9.6. Update Strategies of Computer Worms

    Section 9.7. Remote Control via Signaling

    Section 9.8. Intentional and Accidental Interactions

    Section 9.9. Wireless Mobile Worms

    References

    Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

    Section 10.1. Introduction

    Section 10.2. Background

    Section 10.3. Types of Vulnerabilities

    Section 10.4. Current and Previous Threats

    Section 10.5. Summary

    References

    Part II. STRATEGIES OF THE DEFENDER

    Chapter 11. Antivirus Defense Techniques

    Section 11.1. First-Generation Scanners

    Section 11.2. Second-Generation Scanners

    Section 11.3. Algorithmic Scanning Methods

    Section 11.4. Code Emulation

    Section 11.5. Metamorphic Virus Detection Examples

    Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses

    Section 11.7. Heuristic Analysis Using Neural Networks

    Section 11.8. Regular and Generic Disinfection Methods

    Section 11.9. Inoculation

    Section 11.10. Access Control Systems

    Section 11.11. Integrity Checking

    Section 11.12. Behavior Blocking

    Section 11.13. Sand-Boxing

    Section 11.14. Conclusion

    References

    Chapter 12. Memory Scanning and Disinfection

    Section 12.1. Introduction

    Section 12.2. The Windows NT Virtual Memory System

    Section 12.3. Virtual Address Spaces

    Section 12.4. Memory Scanning in User Mode

    Section 12.5. Memory Scanning and Paging

    Section 12.6. Memory Disinfection

    Section 12.7. Memory Scanning in Kernel Mode

    Section 12.8. Possible Attacks Against Memory Scanning

    Section 12.9. Conclusion and Future Work

    References

    Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

    Section 13.1. Introduction

    Section 13.2. Techniques to Block Buffer Overflow Attacks

    Section 13.3. Worm-Blocking Techniques

    Section 13.4. Possible Future Worm Attacks

    Section 13.5. Conclusion

    References

    Chapter 14. Network-Level Defense Strategies

    Section 14.1. Introduction

    Section 14.2. Using Router Access Lists

    Section 14.3. Firewall Protection

    Section 14.4. Network-Intrusion Detection Systems

    Section 14.5. Honeypot Systems

    Section 14.6. Counterattacks

    Section 14.7. Early Warning Systems

    Section 14.8. Worm Behavior Patterns on the Network

    Section 14.9. Conclusion

    References

    Chapter 15. Malicious Code Analysis Techniques

    Section 15.1. Your Personal Virus Analysis Laboratory

    Section 15.2. Information, Information, Information

    Section 15.3. Dedicated Virus Analysis on VMWARE

    Section 15.4. The Process of Computer Virus Analysis

    Section 15.5. Maintaining a Malicious Code Collection

    Section 15.6. Automated Analysis: The Digital Immune System

    References

    Chapter 16. Conclusion

    Further Reading

    Index

    •
    توضیحات
    افزودن یادداشت جدید











  • Index

    [SYMBOL]
    [A]
    [B]
    [C]
    [D]
    [E]
    [F]
    [G]
    [H]
    [I]
    [J]
    [K]
    [L]
    [M]
    [N]
    [O]
    [P]
    [Q]
    [R]
    [S]
    [T]
    [U]
    [V]
    [W]
    [X]
    [Y]
    [Z]

    ABAP viruses

    ABAP/Rivpas (virus)

    access

    context-based access control (CBAC)

    counterattacks

    Dumaru (worm)

    early warning systems

    firewalls 2nd 3rd 4th

    honeypot systems 2nd 3rd

    network intrusion detection system (NIDS) 2nd

    router access lists 2nd 3rd

    worm behavior patterns 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    access control lists (ACLs)

    access control systems 2nd

    accidentally destructive payload viruses

    ACG (Amazing Code Generator) virus

    ACG (virus)

    code emulation 2nd

    disassembling

    heuristics

    self-protection technique

    ACLs (access control lists)

    Acrobat

    PDF viruses 2nd

    ActionScript viruses 2nd

    activation methods
    [See payload activation]

    active instructions

    tracking

    active pages, patching code in 2nd

    ActiveX control rights verification

    ActiveX controls

    safe-for-scripting 2nd

    safe-for-scripting controls

    VBS/BubbleBoy worm 2nd

    W32/Blebla worm 2nd

    address

    virtual address spaces (Windows NT) 2nd 3rd 4th 5th 6th 7th

    Address Resolution Protocol (ARP) requests

    address-book worms

    addresses

    GOT/IAT page attributes

    spaces

    process randomization

    return-to-LIBC attacks 2nd 3rd 4th

    upper 2G of address space (memory scanning)

    user address space of processes (scanning)

    virtual

    translation of

    AddressOfEntryPoint field (PE header)

    Adleman, Leonard

    ADM (worm)

    avoiding buffer overflow attacks

    administration

    memory 2nd

    Virtual Memory Manager

    Admiral Bailey (virus writer)

    IVP (Instant Virus Production Kit)

    Adobe Acrobat

    PDF viruses 2nd

    Adore (rootkit)

    Advanced Heuristic Disinfector (AHD)

    adware

    definition of 2nd

    AHD (Advanced Heuristic Disinfector)

    AIDS Information Diskette (Trojan horse)

    AIDS TROJAN DISK (Trojan horse)

    Alcopaul (virus writer)

    W32/Sand.12300 virus

    alerts

    DeepSight

    algorithmic detection

    metamorphic viruses

    algorithmic scanning methods 2nd 3rd

    filtering 2nd 3rd

    static decryptor detection 2nd 3rd

    X-RAY method 2nd 3rd 4th 5th

    algorithms

    Boyer-Moore

    Aliz (worm)

    ALS/Burstead (virus)

    altering module

    Amazing Code Generator (ACG) virus

    AmiPro viruses 2nd

    Amoeba (infection technique) 2nd

    analysis

    malicious code analysis techniques

    architecture guides

    collection maintenance 2nd

    dedicated system installation 2nd

    Digital Immune System 2nd 3rd

    disassemblers 2nd 3rd 4th 5th

    dynamic analysis techniques 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th

    knowledge bases 2nd

    process of 2nd 3rd 4th 5th 6th 7th 8th

    unpacking 2nd

    Virus Analysis Toolkit (VAT) 2nd

    VMWARE 2nd

    Anarchy.6093 (virus)

    ANIMAL (game)

    "Anna Kornikova" virus

    Anna Kournikova virus

    ANSI.SYS drivers

    reconfiguring key functions 2nd

    Anthrax (virus)

    Anti-AVP (virus)

    self-protection technique

    ANTI-VIR.DAT file (antivirus program)

    AntiCMOS (virus)

    antidebugging techniques (armored viruses) 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    antidisassembly techniques (armored viruses) 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th

    antiemulation techniques (armored viruses) 2nd 3rd 4th 5th 6th

    AntiEXE (virus)

    somewhat destructive payload viruses

    antigoat techniques (armored viruses) 2nd

    antiheuristics techniques (armored viruses) 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    AntiPascal (virus)

    antivirus defense techniques 2nd

    antivirus programs [See also disinfection methods]

    "Are you there?" calls

    behavior-blocking programs

    half-cooked repairs

    history of 2nd

    integrity checker programs

    modeling virus infections 2nd

    scanning

    versus computer security companies 2nd

    antivirus software

    disabling with retroviruses 2nd 3rd

    testers

    vendor contact information

    antivirus viruses

    API hooking (infection technique) 2nd 3rd

    API strings 2nd

    APIs

    control transfer 2nd

    AplS/Simpsons@mm (worm)

    APM/Greenstripe (virus)

    appending viruses

    CALL-to-POP trick 2nd

    appending viruses (infection technique) 2nd 3rd 4th 5th 6th

    AppleScript viruses 2nd

    application rights verification

    applications

    algorithmic scanning methods 2nd 3rd

    filtering 2nd 3rd

    static decryptor detection 2nd 3rd

    X-RAY method 2nd 3rd 4th 5th

    antivirus defense techniques 2nd

    code emulation 2nd 3rd 4th

    dynamic decryptor detection 2nd

    encrypted/polymorphic virus detection 2nd 3rd 4th 5th

    disinfection methods 2nd 3rd 4th

    generic decryptors 2nd

    heuristics for generic repair 2nd

    standard 2nd 3rd

    first-generation antivirus scanners

    bookmarks 2nd

    entry-point scanning 2nd

    fixed-point scanning 2nd

    generic detection

    hashing 2nd

    hyperfast disk access

    mismatches

    string scanning 2nd 3rd

    top-and-tail scanning

    wildcards 2nd

    heuristic analysis

    of 32-bit Windows viruses 2nd 3rd 4th 5th 6th

    using neural networks 2nd 3rd

    metamorphic virus detection

    code emulation 2nd 3rd 4th 5th

    disassembling techniques 2nd

    geometric detection 2nd

    second-generation antivirus scanners

    exact identification 2nd 3rd

    nearly-exact identification 2nd

    skeleton detection

    smart scanning 2nd

    viruses

    access control systems 2nd

    behavior blocking 2nd 3rd 4th

    inoculation 2nd

    integrity checking 2nd 3rd 4th

    sand-boxing 2nd

    architecture dependency
    [See computer architecture dependency]

    architecture guides, malicious code analysis techniques

    archive format dependency 2nd

    "Are you there?" calls (self-detection techinque)

    arenas (sections of memory)

    armored viruses

    antidebugging techniques 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    antidisassembly techniques 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th

    antiemulation techniques 2nd 3rd 4th 5th 6th

    antigoat techniques 2nd

    antiheuristics techniques 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    ARP (Address Resolution Protocol) requests

    art

    versus science

    "Art of the Fugue" (Bach)

    ASPACK (run-time packer)

    Atkinson, Bill

    attachment inserters

    worm infections

    attacks

    against memory scanning 2nd

    algorithmic scanning methods 2nd 3rd

    filtering 2nd 3rd

    static decryptor detection 2nd 3rd

    X-RAY method 2nd 3rd 4th 5th

    antivirus defense techniques 2nd

    blended attacks
    [See blended attacks]

    buffer overflow attacks
    [See buffer overflow attacks]

    code emulation 2nd 3rd 4th

    dynamic decryptor detection 2nd

    encrypted/polymorphic virus detection 2nd 3rd 4th 5th

    code injection attacks 2nd 3rd 4th

    dictionary attacks

    DoS

    DoS (denial of service) attacks 2nd

    e-mail worm attacks 2nd

    executable code-based attacks

    file parsing attacks 2nd

    first-generation antivirus scanners

    bookmarks 2nd

    entry-point scanning 2nd

    fixed-point scanning 2nd

    generic detection

    hashing 2nd

    hyperfast disk access

    mismatches

    string scanning 2nd 3rd

    top-and-tail scanning

    wildcards 2nd

    future 2nd 3rd 4th

    heuristic analysis

    of 32-bit Windows viruses 2nd 3rd 4th 5th 6th

    using neural networks 2nd 3rd

    injected code detection

    shellcode blocking 2nd 3rd 4th 5th 6th 7th 8th

    instant messaging attacks 2nd

    Linux/Slapper

    metamorphic virus detection

    code emulation 2nd 3rd 4th 5th

    disassembling techniques 2nd

    geometric detection 2nd

    network share enumeration 2nd 3rd

    network-level defense strategies 2nd

    counterattacks

    early warning systems

    firewalls 2nd 3rd 4th

    honeypot systems 2nd 3rd

    network intrusion detection system (NIDS) 2nd

    router access lists 2nd 3rd

    worm behavior patterns 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    NNTP attacks

    password-capturing attacks

    peer-to-peer network attacks 2nd

    phishing attacks 2nd 3rd

    remote login-based attacks 2nd

    return-to-LIBC 2nd 3rd 4th 5th

    second-generation antivirus scanners

    exact identification 2nd 3rd

    nearly-exact identification 2nd

    skeleton detection

    smart scanning 2nd

    shell code-based attacks 2nd 3rd 4th 5th

    SMTP proxy-based attacks 2nd 3rd

    SMTP-based attacks 2nd 3rd 4th 5th 6th

    stack smashing

    vampire attacks

    worms [See also worm blocking techniques]

    attributes

    GOT/IAT page

    authenticated updates

    worm infections 2nd 3rd 4th 5th 6th 7th

    auto-rooters

    definition of

    AutoLisp viruses 2nd

    automata 2nd [See also cellular automata] [See also self-replicating systems]

    automated analysis, Digital Immune System 2nd 3rd

    automated exploit discovery 2nd

    AUTORUN.INF file viruses 2nd

    AV-Test.org

    AVP (antivirus software)

    Azusa (virus)

    infection technique


    • / 191