THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] - نسخه متنی

Peter Szor

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Acknowledgments

    Contact Information

    Part I. STRATEGIES OF THE ATTACKER

    Chapter 1. Introduction to the Games of Nature

    Section 1.1. Early Models of Self-Replicating Structures

    Section 1.2. Genesis of Computer Viruses

    Section 1.3. Automated Replicating Code: The Theory and Definition of Computer Viruses

    References

    Chapter 2. The Fascination of Malicious Code Analysis

    Section 2.1. Common Patterns of Virus Research

    Section 2.2. Antivirus Defense Development

    Section 2.3. Terminology of Malicious Programs

    Section 2.4. Other Categories

    Section 2.5. Computer Malware Naming Scheme

    Section 2.6. Annotated List of Officially Recognized Platform Names

    References

    Chapter 3. Malicious Code Environments

    Section 3.1. Computer Architecture Dependency

    Section 3.2. CPU Dependency

    Section 3.3. Operating System Dependency

    Section 3.4. Operating System Version Dependency

    Section 3.5. File System Dependency

    Section 3.6. File Format Dependency

    Section 3.7. Interpreted Environment Dependency

    Section 3.8. Vulnerability Dependency

    Section 3.9. Date and Time Dependency

    Section 3.10. JIT Dependency: Microsoft .NET Viruses

    Section 3.11. Archive Format Dependency

    Section 3.12. File Format Dependency Based on Extension

    Section 3.13. Network Protocol Dependency

    Section 3.14. Source Code Dependency

    Section 3.15. Resource Dependency on Mac and Palm Platforms

    Section 3.16. Host Size Dependency

    Section 3.17. Debugger Dependency

    Section 3.18. Compiler and Linker Dependency

    Section 3.19. Device Translator Layer Dependency

    Section 3.20. Embedded Object Insertion Dependency

    Section 3.21. Self-Contained Environment Dependency

    Section 3.22. Multipartite Viruses

    Section 3.23. Conclusion

    References

    Chapter 4. Classification of Infection Strategies

    Section 4.1. Boot Viruses

    Section 4.2. File Infection Techniques

    Section 4.3. An In-Depth Look at Win32 Viruses

    Section 4.4. Conclusion

    References

    Chapter 5. Classification of In-Memory Strategies

    Section 5.1. Direct-Action Viruses

    Section 5.2. Memory-Resident Viruses

    Section 5.3. Temporary Memory-Resident Viruses

    Section 5.4. Swapping Viruses

    Section 5.5. Viruses in Processes (in User Mode)

    Section 5.6. Viruses in Kernel Mode (Windows 9x/Me)

    Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP)

    Section 5.8. In-Memory Injectors over Networks

    References

    Chapter 6. Basic Self-Protection Strategies

    Section 6.1. Tunneling Viruses

    Section 6.2. Armored Viruses

    Section 6.3. Aggressive Retroviruses

    References

    Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits

    Section 7.1. Introduction

    Section 7.2. Evolution of Code

    Section 7.3. Encrypted Viruses

    Section 7.4. Oligomorphic Viruses

    Section 7.5. Polymorphic Viruses

    Section 7.6. Metamorphic Viruses

    Section 7.7. Virus Construction Kits

    References

    Chapter 8. Classification According to Payload

    Section 8.1. No-Payload

    Section 8.2. Accidentally Destructive Payload

    Section 8.3. Nondestructive Payload

    Section 8.4. Somewhat Destructive Payload

    Section 8.5. Highly Destructive Payload

    Section 8.6. DoS (Denial of Service) Attacks

    Section 8.7. Data Stealers: Making Money with Viruses

    Section 8.8. Conclusion

    References

    Chapter 9. Strategies of Computer Worms

    Section 9.1. Introduction

    Section 9.2. The Generic Structure of Computer Worms

    Section 9.3. Target Locator

    Section 9.4. Infection Propagators

    Section 9.5. Common Worm Code Transfer and Execution Techniques

    Section 9.6. Update Strategies of Computer Worms

    Section 9.7. Remote Control via Signaling

    Section 9.8. Intentional and Accidental Interactions

    Section 9.9. Wireless Mobile Worms

    References

    Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

    Section 10.1. Introduction

    Section 10.2. Background

    Section 10.3. Types of Vulnerabilities

    Section 10.4. Current and Previous Threats

    Section 10.5. Summary

    References

    Part II. STRATEGIES OF THE DEFENDER

    Chapter 11. Antivirus Defense Techniques

    Section 11.1. First-Generation Scanners

    Section 11.2. Second-Generation Scanners

    Section 11.3. Algorithmic Scanning Methods

    Section 11.4. Code Emulation

    Section 11.5. Metamorphic Virus Detection Examples

    Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses

    Section 11.7. Heuristic Analysis Using Neural Networks

    Section 11.8. Regular and Generic Disinfection Methods

    Section 11.9. Inoculation

    Section 11.10. Access Control Systems

    Section 11.11. Integrity Checking

    Section 11.12. Behavior Blocking

    Section 11.13. Sand-Boxing

    Section 11.14. Conclusion

    References

    Chapter 12. Memory Scanning and Disinfection

    Section 12.1. Introduction

    Section 12.2. The Windows NT Virtual Memory System

    Section 12.3. Virtual Address Spaces

    Section 12.4. Memory Scanning in User Mode

    Section 12.5. Memory Scanning and Paging

    Section 12.6. Memory Disinfection

    Section 12.7. Memory Scanning in Kernel Mode

    Section 12.8. Possible Attacks Against Memory Scanning

    Section 12.9. Conclusion and Future Work

    References

    Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

    Section 13.1. Introduction

    Section 13.2. Techniques to Block Buffer Overflow Attacks

    Section 13.3. Worm-Blocking Techniques

    Section 13.4. Possible Future Worm Attacks

    Section 13.5. Conclusion

    References

    Chapter 14. Network-Level Defense Strategies

    Section 14.1. Introduction

    Section 14.2. Using Router Access Lists

    Section 14.3. Firewall Protection

    Section 14.4. Network-Intrusion Detection Systems

    Section 14.5. Honeypot Systems

    Section 14.6. Counterattacks

    Section 14.7. Early Warning Systems

    Section 14.8. Worm Behavior Patterns on the Network

    Section 14.9. Conclusion

    References

    Chapter 15. Malicious Code Analysis Techniques

    Section 15.1. Your Personal Virus Analysis Laboratory

    Section 15.2. Information, Information, Information

    Section 15.3. Dedicated Virus Analysis on VMWARE

    Section 15.4. The Process of Computer Virus Analysis

    Section 15.5. Maintaining a Malicious Code Collection

    Section 15.6. Automated Analysis: The Digital Immune System

    References

    Chapter 16. Conclusion

    Further Reading

    Index

    •
    توضیحات
    افزودن یادداشت جدید











  • Index

    [SYMBOL]
    [A]
    [B]
    [C]
    [D]
    [E]
    [F]
    [G]
    [H]
    [I]
    [J]
    [K]
    [L]
    [M]
    [N]
    [O]
    [P]
    [Q]
    [R]
    [S]
    [T]
    [U]
    [V]
    [W]
    [X]
    [Y]
    [Z]

    DAC (discretionary access control systems)

    Dark Angel (virus writer)

    PS-MPC virus construction kit

    Dark Avenger (virus writer)

    Commander_Bomber virus 2nd 3rd

    MtE (mutation engine) 2nd 3rd

    Number_Of_The_Beast virus

    Dark Avenger (virus)

    self-protection technique

    Dark_Avenger (virus)

    Dark_Avenger.1800.A (virus)

    self-protection technique

    Darkman (virus writer)

    W2K/Installer virus

    Darkness (virus)

    DarkParanoid (virus)

    memory scanning attacks

    Darth_Vader (virus)

    infection technique

    system buffer viruses

    Darwin (game)

    data

    versus code

    in von Neumann machines

    data diddler viruses 2nd

    Data Fellows

    Data Rescue's IDA
    [See IDA (disassembler)]

    data stealing viruses 2nd 3rd 4th 5th

    date and time dependency 2nd

    DBR (DOS BOOT record)

    infection techniques 2nd 3rd

    DCL viruses 2nd

    DDoS (distributed denial of service) attacks

    de Wit, Jan

    deactivation

    of filter driver viruses 2nd 3rd

    dead virus code

    reviving

    DEBUG command

    DEBUG command (sendmail)

    Morris worm

    debug interfaces

    tracing with 2nd

    debug registers

    clearing

    debugger dependency 2nd 3rd

    debuggers

    antidebugging techniques (armored viruses) 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    debugging 2nd 3rd 4th 5th

    DEC/VMS systems

    DCL viruses 2nd

    deception

    e-mail worm attacks 2nd

    decoders

    packets

    decryption [See also encryption]

    backward decryption

    disassemblers 2nd 3rd 4th 5th

    nonlinear decryption

    RDA viruses

    with stack pointer (SP)

    decryptors

    dynamic detection 2nd

    generic 2nd

    static detection 2nd 3rd

    tracking

    dedicated virus analysis systems

    installation of 2nd

    VMWARE 2nd

    DeepSight alerts

    Demon Emperor (virus writer)

    Hare virus 2nd

    Den_Zuko (virus)

    competition between viruses

    denial of service (DoS) attacks 2nd 3rd 4th

    Denzuko (virus)

    infection technique

    dependencies

    archive format dependency 2nd

    compiler and linker dependency 2nd

    computer architecture dependency 2nd

    CPU dependency 2nd

    date and time dependency 2nd

    debugger dependency 2nd 3rd

    device translator layer dependency 2nd 3rd 4th 5th

    embedded object insertion dependency 2nd

    extension dependency 2nd 3rd

    file format dependency 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    file system dependency 2nd 3rd 4th

    host size dependency 2nd

    interpreted environment dependency 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th

    JIT dependency 2nd 3rd

    language dependency of macro viruses 2nd

    multipartite viruses 2nd

    network protocol dependency

    operating system dependency 2nd

    operating system version dependency 2nd

    platform dependency of macro viruses 2nd

    Registry-dependent viruses 2nd

    resource dependency 2nd

    self-contained environment dependency 2nd 3rd 4th

    source code dependency 2nd

    vulnerability dependency

    destructive payload viruses

    highly destructive payloads 2nd 3rd 4th 5th 6th 7th

    somewhat destructive payloads 2nd 3rd

    detection

    active viruses in memory

    cryptographic

    direct library function invocations 2nd 3rd

    dynamic decryptor 2nd

    engines

    first-generation antivirus scanners

    bookmarks 2nd

    entry-point scanning 2nd

    fixed-point scanning 2nd

    generic

    hashing 2nd

    hyperfast disk access

    mismatches

    string scanning 2nd 3rd

    top-and-tail scanning

    wildcards 2nd

    geometric 2nd

    injected code

    shellcode blocking 2nd 3rd 4th 5th 6th 7th 8th

    network intrusion detection system (NIDS) 2nd

    network-intrusion detection system (NIDS)

    second-generation antivirus scanners

    exact identification 2nd 3rd

    nearly-exact identification 2nd

    skeleton

    smart scanning 2nd

    static decryptor 2nd 3rd

    threads 2nd 3rd 4th

    device driver viruses 2nd

    device translator layer dependency 2nd 3rd 4th 5th

    devolution of macro viruses 2nd

    Dewdney, A.K

    dialers

    definition of

    dictionary attacks

    Digital Immune System 2nd 3rd

    Digital Millennium Copyright Act (DMCA)

    DIR-II (virus)

    direct library function invocations, detection of 2nd 3rd

    direct-action viruses 2nd

    directories

    page (memory)

    directory stealth viruses 2nd 3rd 4th

    dirty memory pages

    disassemblers

    antidisassembly techniques (armored viruses) 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th

    malicious code analysis techniques 2nd 3rd 4th 5th

    disassembling techniques

    metamorphic virus detection 2nd

    discovery of automated exploits 2nd

    discretionary access control systems (DAC)

    disinfection
    [See antivirus programs]

    memory scanning 2nd

    loaded DLLs

    patching code in active pages 2nd

    process termination

    thread termination 2nd 3rd 4th

    disinfection methods 2nd 3rd 4th 5th [See also antivirus programs]

    generic decryptors 2nd

    heuristics for generic repair 2nd

    standard 2nd 3rd

    disk access

    with port I/O 2nd

    disk cache viruses 2nd 3rd

    Disk Killer (virus)

    infection technique

    Dispatch routine of DeactivatorDrivers

    distributed denial of service (DDoS) attacks

    divide-by-zero exceptions

    DLL viruses 2nd 3rd

    DLLs

    disinfecting

    linking to executables 2nd 3rd 4th

    DMCA (Digital Millennium Copyright Act)

    Donut (virus)

    Doomed (game)

    Doomjuice (worm)

    cooperation with viruses

    DOS

    behavior blocking

    cluster and sector-level stealth viruses 2nd 3rd

    COM viruses

    EPO (entry-point obscuring) viruses 2nd 3rd 4th 5th 6th 7th

    EXE viruses 2nd

    full-stealth viruses 2nd

    interrupt hooking 2nd 3rd 4th 5th

    on INT 13h (boot viruses) 2nd 3rd

    on INT 21h (file viruses) 2nd 3rd 4th

    memory-resident viruses

    installation 2nd 3rd

    self-detection techniques 2nd

    metamorphic viruses

    server function call

    system buffer viruses

    TSR (Terminate-and-Stay-Resident) programs 2nd

    undocumented interrupt (Int 21h/52h function)

    DoS (denial of service) attacks 2nd 3rd 4th

    DoS attacks

    against Windows Update Web site

    DOS BOOT record (DBR)

    infection techniques 2nd 3rd

    DOS stub

    in PE header

    "double extensions"

    down-conversion

    of macro viruses 2nd

    downloaders

    definition of

    Doxtor L (virus writer)

    W32/Idele virus

    DR. DR. STROBE & PAPA HACKER (virus writer)

    Dream (virus)

    driver-list scanning

    detecting debuggers

    drivers

    filter

    filter driver virus deactivation (memory scanning) 2nd 3rd

    kernel-mode

    lists of

    droppers

    definition of 2nd

    Dukakis (virus) 2nd

    Dumaru (worm) 2nd

    dumps

    PEDUMP

    strings 2nd

    Dustbin

    Dwarf (Core War warrior program) 2nd

    dynamic analysis techniques 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th

    dynamic decryptor detection 2nd

    dynamic heuristics

    dynamic link library viruses 2nd 3rd

    dynamically allocated memory
    [See heaps]


    • / 191