THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] - نسخه متنی

Peter Szor

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Acknowledgments

    Contact Information

    Part I. STRATEGIES OF THE ATTACKER

    Chapter 1. Introduction to the Games of Nature

    Section 1.1. Early Models of Self-Replicating Structures

    Section 1.2. Genesis of Computer Viruses

    Section 1.3. Automated Replicating Code: The Theory and Definition of Computer Viruses

    References

    Chapter 2. The Fascination of Malicious Code Analysis

    Section 2.1. Common Patterns of Virus Research

    Section 2.2. Antivirus Defense Development

    Section 2.3. Terminology of Malicious Programs

    Section 2.4. Other Categories

    Section 2.5. Computer Malware Naming Scheme

    Section 2.6. Annotated List of Officially Recognized Platform Names

    References

    Chapter 3. Malicious Code Environments

    Section 3.1. Computer Architecture Dependency

    Section 3.2. CPU Dependency

    Section 3.3. Operating System Dependency

    Section 3.4. Operating System Version Dependency

    Section 3.5. File System Dependency

    Section 3.6. File Format Dependency

    Section 3.7. Interpreted Environment Dependency

    Section 3.8. Vulnerability Dependency

    Section 3.9. Date and Time Dependency

    Section 3.10. JIT Dependency: Microsoft .NET Viruses

    Section 3.11. Archive Format Dependency

    Section 3.12. File Format Dependency Based on Extension

    Section 3.13. Network Protocol Dependency

    Section 3.14. Source Code Dependency

    Section 3.15. Resource Dependency on Mac and Palm Platforms

    Section 3.16. Host Size Dependency

    Section 3.17. Debugger Dependency

    Section 3.18. Compiler and Linker Dependency

    Section 3.19. Device Translator Layer Dependency

    Section 3.20. Embedded Object Insertion Dependency

    Section 3.21. Self-Contained Environment Dependency

    Section 3.22. Multipartite Viruses

    Section 3.23. Conclusion

    References

    Chapter 4. Classification of Infection Strategies

    Section 4.1. Boot Viruses

    Section 4.2. File Infection Techniques

    Section 4.3. An In-Depth Look at Win32 Viruses

    Section 4.4. Conclusion

    References

    Chapter 5. Classification of In-Memory Strategies

    Section 5.1. Direct-Action Viruses

    Section 5.2. Memory-Resident Viruses

    Section 5.3. Temporary Memory-Resident Viruses

    Section 5.4. Swapping Viruses

    Section 5.5. Viruses in Processes (in User Mode)

    Section 5.6. Viruses in Kernel Mode (Windows 9x/Me)

    Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP)

    Section 5.8. In-Memory Injectors over Networks

    References

    Chapter 6. Basic Self-Protection Strategies

    Section 6.1. Tunneling Viruses

    Section 6.2. Armored Viruses

    Section 6.3. Aggressive Retroviruses

    References

    Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits

    Section 7.1. Introduction

    Section 7.2. Evolution of Code

    Section 7.3. Encrypted Viruses

    Section 7.4. Oligomorphic Viruses

    Section 7.5. Polymorphic Viruses

    Section 7.6. Metamorphic Viruses

    Section 7.7. Virus Construction Kits

    References

    Chapter 8. Classification According to Payload

    Section 8.1. No-Payload

    Section 8.2. Accidentally Destructive Payload

    Section 8.3. Nondestructive Payload

    Section 8.4. Somewhat Destructive Payload

    Section 8.5. Highly Destructive Payload

    Section 8.6. DoS (Denial of Service) Attacks

    Section 8.7. Data Stealers: Making Money with Viruses

    Section 8.8. Conclusion

    References

    Chapter 9. Strategies of Computer Worms

    Section 9.1. Introduction

    Section 9.2. The Generic Structure of Computer Worms

    Section 9.3. Target Locator

    Section 9.4. Infection Propagators

    Section 9.5. Common Worm Code Transfer and Execution Techniques

    Section 9.6. Update Strategies of Computer Worms

    Section 9.7. Remote Control via Signaling

    Section 9.8. Intentional and Accidental Interactions

    Section 9.9. Wireless Mobile Worms

    References

    Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

    Section 10.1. Introduction

    Section 10.2. Background

    Section 10.3. Types of Vulnerabilities

    Section 10.4. Current and Previous Threats

    Section 10.5. Summary

    References

    Part II. STRATEGIES OF THE DEFENDER

    Chapter 11. Antivirus Defense Techniques

    Section 11.1. First-Generation Scanners

    Section 11.2. Second-Generation Scanners

    Section 11.3. Algorithmic Scanning Methods

    Section 11.4. Code Emulation

    Section 11.5. Metamorphic Virus Detection Examples

    Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses

    Section 11.7. Heuristic Analysis Using Neural Networks

    Section 11.8. Regular and Generic Disinfection Methods

    Section 11.9. Inoculation

    Section 11.10. Access Control Systems

    Section 11.11. Integrity Checking

    Section 11.12. Behavior Blocking

    Section 11.13. Sand-Boxing

    Section 11.14. Conclusion

    References

    Chapter 12. Memory Scanning and Disinfection

    Section 12.1. Introduction

    Section 12.2. The Windows NT Virtual Memory System

    Section 12.3. Virtual Address Spaces

    Section 12.4. Memory Scanning in User Mode

    Section 12.5. Memory Scanning and Paging

    Section 12.6. Memory Disinfection

    Section 12.7. Memory Scanning in Kernel Mode

    Section 12.8. Possible Attacks Against Memory Scanning

    Section 12.9. Conclusion and Future Work

    References

    Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

    Section 13.1. Introduction

    Section 13.2. Techniques to Block Buffer Overflow Attacks

    Section 13.3. Worm-Blocking Techniques

    Section 13.4. Possible Future Worm Attacks

    Section 13.5. Conclusion

    References

    Chapter 14. Network-Level Defense Strategies

    Section 14.1. Introduction

    Section 14.2. Using Router Access Lists

    Section 14.3. Firewall Protection

    Section 14.4. Network-Intrusion Detection Systems

    Section 14.5. Honeypot Systems

    Section 14.6. Counterattacks

    Section 14.7. Early Warning Systems

    Section 14.8. Worm Behavior Patterns on the Network

    Section 14.9. Conclusion

    References

    Chapter 15. Malicious Code Analysis Techniques

    Section 15.1. Your Personal Virus Analysis Laboratory

    Section 15.2. Information, Information, Information

    Section 15.3. Dedicated Virus Analysis on VMWARE

    Section 15.4. The Process of Computer Virus Analysis

    Section 15.5. Maintaining a Malicious Code Collection

    Section 15.6. Automated Analysis: The Digital Immune System

    References

    Chapter 16. Conclusion

    Further Reading

    Index

    •
    توضیحات
    افزودن یادداشت جدید











  • Index

    [SYMBOL]
    [A]
    [B]
    [C]
    [D]
    [E]
    [F]
    [G]
    [H]
    [I]
    [J]
    [K]
    [L]
    [M]
    [N]
    [O]
    [P]
    [Q]
    [R]
    [S]
    [T]
    [U]
    [V]
    [W]
    [X]
    [Y]
    [Z]

    Cabanas
    [See W32/Cabanas (virus)]

    cache bypass vulnerability

    W32/Blebla worm

    cache viruses
    [See disk cache viruses]

    calc.exe

    CALL-to-POP trick 2nd

    calls

    system tracing 2nd

    canonicalization 2nd

    captures

    Linux/Slapper (worm) 2nd 3rd

    network traffic

    W32/Blaster (worm) 2nd

    W32/Sasser.D (worm)

    W32/Slammer (worm) 2nd 3rd

    W32/Welchia (worm)

    CARO

    (Computer Antivirus Researchers Organization)

    Cascade (virus) 2nd 3rd 4th

    nondestructive payload viruses

    self-protection technique 2nd

    X-RAY scanning

    cavity viruses (infection technique) 2nd 3rd

    CBAC (context-based access control)

    CC hack

    CEF file format 2nd

    cell phones

    worms on 2nd 3rd

    cellular automata [See also self-replicating systems]

    Edward Fredkin structures 2nd 3rd

    game of Life (Conway) 2nd 3rd 4th 5th 6th

    cellular automata (CA) computer architecture

    chain letters

    definition of 2nd

    changed objects

    integrity checking

    Characteristics field (PE header)

    check bytes
    [See bookmarks]

    checksum

    API strings

    as self-protection technique 2nd

    CRC checksum

    detecting break points 2nd

    recalculation 2nd

    Checksum field (PE header)

    Cheeba (virus)

    self-protection technique

    Cheese (worm

    Chess, Dave 2nd

    Cheswick, Bill

    Chi, Darren

    CHRISTMA EXEC worm 2nd

    Cisco

    routers [See also routers]

    classic parasitic viruses (infection technique) 2nd 3rd

    clean initial states

    integrity checking

    cleaning

    goat files

    Clementi, Andreas

    cluster prepender infection method

    cluster viruses

    file system dependency 2nd 3rd

    cluster-level stealth viruses 2nd 3rd

    CMOS viruses

    Codd, E.F

    code

    in active pages

    patching 2nd

    injected code detection

    shellcode blocking 2nd 3rd 4th 5th 6th 7th 8th

    malicious code analysis techniques

    architecture guides

    collection maintenance 2nd

    dedicated system installation 2nd

    Digital Immune System 2nd 3rd

    disassemblers 2nd 3rd 4th 5th

    dynamic analysis techniques 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th

    knowledge bases 2nd

    process of 2nd 3rd 4th 5th 6th 7th 8th

    unpacking 2nd

    Virus Analysis Toolkit (VAT) 2nd

    VMWARE 2nd

    quick examination of as process of computer virus analysis

    self-sending code blocking 2nd 3rd 4th 5th

    versus data

    in von Neumann machines

    code builders (infection technique) 2nd 3rd

    code confusion
    [See obfuscated code]

    code emulation 2nd 3rd 4th

    dynamic decryptor detection 2nd

    encrypted/polymorphic virus detection 2nd 3rd 4th 5th

    metamorphic virus detection 2nd 3rd 4th 5th

    code emulation-based tunneling

    code evolution 2nd

    code injection attacks 2nd 3rd 4th

    CodeRed worm 2nd 3rd 4th

    code integration

    W95/Zmist virus 2nd

    code integration viruses (infection technique) 2nd 3rd

    code propagation techniques (worms)

    code injection attacks 2nd 3rd

    executable code-based attacks

    HTML-based mail

    links to Web sites or proxies 2nd 3rd

    remote login-based attacks 2nd

    shell code-based attacks 2nd 3rd 4th 5th

    code redirection

    code reviews

    buffer overflow attacks (worms)

    code section

    random entry point 2nd

    code sections

    naming

    packing 2nd

    PE entry points

    sizes in header

    writeable flag

    CodeGreen (worm)

    competition between worms 2nd

    CodeRed (virus)

    CodeRed (worm) 2nd

    avoiding buffer overflow attacks

    competition between worms 2nd

    computer security versus antivirus programs

    detailed description of 2nd 3rd 4th

    history of blended attacks

    stack buffer overflows

    system modification attacks

    CodeRed_II (worm)

    Cohen, Fred

    Cohen, Frederic 2nd 3rd

    Cohen, Frederick

    definition of computer viruses 2nd

    history of antivirus programs

    Coke
    [See W32/Coke (virus)]

    collection (viruses) maintenance 2nd

    COM viruses

    combined attacks
    [See blended attacks]

    Commander_Bomber (virus)

    infection technique 2nd 3rd

    companion viruses

    companion viruses (infection technique)

    competition between viruses 2nd 3rd

    compiler alignment areas

    recycling

    compiler dependency 2nd

    compiler-level solutions

    buffer overflow attacks (worms) 2nd

    Microsoft Visual .NET 2003 (7.0 & 7.1) 2nd 3rd 4th

    ProPolice 2nd 3rd

    StackGuard 2nd 3rd 4th

    compressing viruses (infection technique) 2nd 3rd

    compression

    as self-protection technique 2nd 3rd 4th

    PE file-infection techniques 2nd

    compression viruses

    file system dependency

    Computer Antivirus Researchers Organization (CARO)

    computer architecture dependency 2nd

    computer security companies

    versus antivirus programs 2nd

    computer simulations of nature
    [See nature-simulation games]

    computer virus analysis, process of 2nd 3rd 4th 5th 6th 7th 8th

    computer virus research

    art versus science

    author's start in 2nd 3rd

    common patterns 2nd

    computer viruses

    code evolution 2nd

    definition of 2nd 3rd

    history of 2nd 3rd

    infection techniques
    [See infection techniques]

    interactions

    competition 2nd 3rd

    cooperation 2nd 3rd

    sexual reproduction

    SWCP (simple worm communication protocol)

    modeling virus infections 2nd

    naming conventions 2nd

    !*vendor-specific_comment&

    #*packer&

    *family_name& 2nd

    *infective_length&

    *malware_type&://

    *modifiers&

    *platform&/ 2nd 3rd 4th 5th 6th

    *variant&

    .*group_name&

    :*locale_specifier&

    @m

    @mm

    [*devolution&]

    retro viruses

    terminology 2nd 3rd 4th 5th 6th

    versus worms

    computer worms
    [See worms]

    computers

    modeling virus infections 2nd

    connections [See also network-level defense strategies]

    worm blocking techniques 2nd

    construction kits
    [See virus construction kits]

    contagion worms

    context-based access control (CBAC)

    control transfer

    with APIs 2nd

    Conway, John Horton

    game of Life 2nd 3rd 4th 5th 6th

    cookies

    security_cookie values

    cooperation between viruses 2nd 3rd

    coprocessor instructions 2nd

    copy-protection software

    extra disk sectors

    copycat worms [See also worm blocking techniques]

    Core War (game) 2nd 3rd 4th

    Core Wars

    Core Wars instructures (1994 revision)

    Corel Script viruses 2nd

    corruption

    of macro viruses 2nd

    counterattacks

    CPU dependency 2nd

    CPU instructions

    undocumented

    CPUs

    Win32 platform support

    CR0 control registers

    CRC checksums

    CreateFile() API 2nd

    CreateProcess() API

    Creeper (virus)

    cross-platform binary viruses

    Cruncher (virus)

    infection technique

    Crypto API

    cryptographic detection

    cryptography

    AIDS TROJAN DISK Trojan horse

    Cryptor (virus)

    self-protection technique

    Csakany, Antal

    CSC/CSV (virus)

    CSC/PVT (virus)


    • / 191