THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] - نسخه متنی

Peter Szor

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Acknowledgments

    Contact Information

    Part I. STRATEGIES OF THE ATTACKER

    Chapter 1. Introduction to the Games of Nature

    Section 1.1. Early Models of Self-Replicating Structures

    Section 1.2. Genesis of Computer Viruses

    Section 1.3. Automated Replicating Code: The Theory and Definition of Computer Viruses

    References

    Chapter 2. The Fascination of Malicious Code Analysis

    Section 2.1. Common Patterns of Virus Research

    Section 2.2. Antivirus Defense Development

    Section 2.3. Terminology of Malicious Programs

    Section 2.4. Other Categories

    Section 2.5. Computer Malware Naming Scheme

    Section 2.6. Annotated List of Officially Recognized Platform Names

    References

    Chapter 3. Malicious Code Environments

    Section 3.1. Computer Architecture Dependency

    Section 3.2. CPU Dependency

    Section 3.3. Operating System Dependency

    Section 3.4. Operating System Version Dependency

    Section 3.5. File System Dependency

    Section 3.6. File Format Dependency

    Section 3.7. Interpreted Environment Dependency

    Section 3.8. Vulnerability Dependency

    Section 3.9. Date and Time Dependency

    Section 3.10. JIT Dependency: Microsoft .NET Viruses

    Section 3.11. Archive Format Dependency

    Section 3.12. File Format Dependency Based on Extension

    Section 3.13. Network Protocol Dependency

    Section 3.14. Source Code Dependency

    Section 3.15. Resource Dependency on Mac and Palm Platforms

    Section 3.16. Host Size Dependency

    Section 3.17. Debugger Dependency

    Section 3.18. Compiler and Linker Dependency

    Section 3.19. Device Translator Layer Dependency

    Section 3.20. Embedded Object Insertion Dependency

    Section 3.21. Self-Contained Environment Dependency

    Section 3.22. Multipartite Viruses

    Section 3.23. Conclusion

    References

    Chapter 4. Classification of Infection Strategies

    Section 4.1. Boot Viruses

    Section 4.2. File Infection Techniques

    Section 4.3. An In-Depth Look at Win32 Viruses

    Section 4.4. Conclusion

    References

    Chapter 5. Classification of In-Memory Strategies

    Section 5.1. Direct-Action Viruses

    Section 5.2. Memory-Resident Viruses

    Section 5.3. Temporary Memory-Resident Viruses

    Section 5.4. Swapping Viruses

    Section 5.5. Viruses in Processes (in User Mode)

    Section 5.6. Viruses in Kernel Mode (Windows 9x/Me)

    Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP)

    Section 5.8. In-Memory Injectors over Networks

    References

    Chapter 6. Basic Self-Protection Strategies

    Section 6.1. Tunneling Viruses

    Section 6.2. Armored Viruses

    Section 6.3. Aggressive Retroviruses

    References

    Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits

    Section 7.1. Introduction

    Section 7.2. Evolution of Code

    Section 7.3. Encrypted Viruses

    Section 7.4. Oligomorphic Viruses

    Section 7.5. Polymorphic Viruses

    Section 7.6. Metamorphic Viruses

    Section 7.7. Virus Construction Kits

    References

    Chapter 8. Classification According to Payload

    Section 8.1. No-Payload

    Section 8.2. Accidentally Destructive Payload

    Section 8.3. Nondestructive Payload

    Section 8.4. Somewhat Destructive Payload

    Section 8.5. Highly Destructive Payload

    Section 8.6. DoS (Denial of Service) Attacks

    Section 8.7. Data Stealers: Making Money with Viruses

    Section 8.8. Conclusion

    References

    Chapter 9. Strategies of Computer Worms

    Section 9.1. Introduction

    Section 9.2. The Generic Structure of Computer Worms

    Section 9.3. Target Locator

    Section 9.4. Infection Propagators

    Section 9.5. Common Worm Code Transfer and Execution Techniques

    Section 9.6. Update Strategies of Computer Worms

    Section 9.7. Remote Control via Signaling

    Section 9.8. Intentional and Accidental Interactions

    Section 9.9. Wireless Mobile Worms

    References

    Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

    Section 10.1. Introduction

    Section 10.2. Background

    Section 10.3. Types of Vulnerabilities

    Section 10.4. Current and Previous Threats

    Section 10.5. Summary

    References

    Part II. STRATEGIES OF THE DEFENDER

    Chapter 11. Antivirus Defense Techniques

    Section 11.1. First-Generation Scanners

    Section 11.2. Second-Generation Scanners

    Section 11.3. Algorithmic Scanning Methods

    Section 11.4. Code Emulation

    Section 11.5. Metamorphic Virus Detection Examples

    Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses

    Section 11.7. Heuristic Analysis Using Neural Networks

    Section 11.8. Regular and Generic Disinfection Methods

    Section 11.9. Inoculation

    Section 11.10. Access Control Systems

    Section 11.11. Integrity Checking

    Section 11.12. Behavior Blocking

    Section 11.13. Sand-Boxing

    Section 11.14. Conclusion

    References

    Chapter 12. Memory Scanning and Disinfection

    Section 12.1. Introduction

    Section 12.2. The Windows NT Virtual Memory System

    Section 12.3. Virtual Address Spaces

    Section 12.4. Memory Scanning in User Mode

    Section 12.5. Memory Scanning and Paging

    Section 12.6. Memory Disinfection

    Section 12.7. Memory Scanning in Kernel Mode

    Section 12.8. Possible Attacks Against Memory Scanning

    Section 12.9. Conclusion and Future Work

    References

    Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

    Section 13.1. Introduction

    Section 13.2. Techniques to Block Buffer Overflow Attacks

    Section 13.3. Worm-Blocking Techniques

    Section 13.4. Possible Future Worm Attacks

    Section 13.5. Conclusion

    References

    Chapter 14. Network-Level Defense Strategies

    Section 14.1. Introduction

    Section 14.2. Using Router Access Lists

    Section 14.3. Firewall Protection

    Section 14.4. Network-Intrusion Detection Systems

    Section 14.5. Honeypot Systems

    Section 14.6. Counterattacks

    Section 14.7. Early Warning Systems

    Section 14.8. Worm Behavior Patterns on the Network

    Section 14.9. Conclusion

    References

    Chapter 15. Malicious Code Analysis Techniques

    Section 15.1. Your Personal Virus Analysis Laboratory

    Section 15.2. Information, Information, Information

    Section 15.3. Dedicated Virus Analysis on VMWARE

    Section 15.4. The Process of Computer Virus Analysis

    Section 15.5. Maintaining a Malicious Code Collection

    Section 15.6. Automated Analysis: The Digital Immune System

    References

    Chapter 16. Conclusion

    Further Reading

    Index

    •
    توضیحات
    افزودن یادداشت جدید











  • Index

    [SYMBOL]
    [A]
    [B]
    [C]
    [D]
    [E]
    [F]
    [G]
    [H]
    [I]
    [J]
    [K]
    [L]
    [M]
    [N]
    [O]
    [P]
    [Q]
    [R]
    [S]
    [T]
    [U]
    [V]
    [W]
    [X]
    [Y]
    [Z]

    IAT

    page attributes

    IAT (import address table) 2nd

    hooking 2nd

    patches

    IBM Antivirus

    mismatches

    IBM systems

    REXX viruses 2nd 3rd

    ICA

    harvesting e-mail addresses using

    ICMP (Internet control message protocol)

    ICSA Labs

    IDA (disassembler)

    IDA (interactive disassembler)

    IDA command script (IDC) files

    IDA disassemblers 2nd 3rd 4th 5th

    IDC (IDA command script) files

    IDEA (virus)

    nondestructive payload viruses

    self-protection technique

    IDEA.6155 (virus)

    self-protection technique

    IDT

    entering kernel mode on Windows 9x 2nd

    "Igor's problem"

    IIS Web servers

    W32/Nimda.A@mm worm 2nd

    ImageBase field (PE header)

    images

    scanning

    IMP (Core War warrior program)

    Implant (virus)

    self-protection technique

    import address table (IAT) 2nd

    hooking 2nd

    patches

    import table (PE files 2nd 3rd 4th

    import table-replacing (infection technique) 2nd

    imports by ordinal 2nd

    "in the wild" viruses

    in-memory injectors over networks

    in-memory residency strategies
    [See memory residency strategies]

    InCtrl tool

    indirection

    layers of

    INETINFO.EXE process

    INF/Vxer (virus)

    INF/Zox (virus) 2nd

    infection propagator

    of worms 2nd 3rd

    backdoor-compromised systems 2nd 3rd

    e-mail attachment inserters

    e-mail attacks 2nd

    instant messaging attacks 2nd

    NNTP attacks

    peer-to-peer network attacks 2nd

    SMTP proxy-based attacks 2nd 3rd

    SMTP-based attacks 2nd 3rd 4th 5th 6th

    infection techniques

    Amoeba 2nd

    appending viruses 2nd 3rd 4th 5th 6th

    boot viruses 2nd 3rd

    DBR (DOS BOOT record) 2nd 3rd

    in Windows 95 2nd

    MBR (master boot record) 2nd 3rd

    over networks 2nd

    cavity viruses 2nd 3rd

    classic parasitic viruses 2nd 3rd

    code builders 2nd 3rd

    companion viruses

    compressing viruses 2nd 3rd

    embedded decryptor 2nd 3rd

    embedded decryptor and virus body 2nd 3rd

    entry-point obscuring viruses 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th

    first-generation Windows 95 viruses 2nd 3rd

    fractionated cavity viruses 2nd 3rd 4th 5th

    header infection viruses 2nd

    KERNEL32.DLL infection 2nd

    lfanew field modification 2nd

    obfuscated tricky jump 2nd 3rd 4th

    on PE files 2nd

    overwriting viruses 2nd 3rd 4th

    PE (portable executable) file format 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th

    prepending viruses 2nd 3rd 4th 5th

    random overwriting viruses 2nd 3rd

    system loader comparison between Windows 95 and Windows NT 2nd 3rd 4th

    VxD-based viruses 2nd 3rd 4th

    W32/Simile virus 2nd

    W95/Zmist virus 2nd 3rd

    Win32 viruses, growth of 2nd

    infections

    goat files

    natural testing 2nd

    Infis (virus) 2nd 3rd 4th

    information query class 11

    INI file viruses 2nd

    initialization

    W95/Zmist virus

    injected code detection

    shellcode blocking 2nd 3rd 4th 5th 6th 7th 8th

    injectors

    definition of 2nd

    in-memory injectors over networks

    inoculation 2nd

    input validation attacks 2nd

    MIME types 2nd

    W32/Badtrans.B@mm worm 2nd

    W32/Nimda.A@mm worm 2nd

    URL encoding 2nd

    installation

    of dedicated virus analysis systems 2nd

    installation script viruses 2nd

    installing

    memory-resident viruses under DOS 2nd 3rd

    instant messaging attacks

    worm infections 2nd

    instant messaging viruses 2nd

    Instant Virus Production Kit (IVP)

    instruction tracing (infection technique)

    INT 13h (interrupt handler)

    hooking 2nd

    hooking with boot viruses 2nd 3rd

    INT 21h (interrupt handler)

    hooking with file viruses 2nd 3rd 4th

    integrity checker programs

    integrity checking 2nd 3rd 4th

    Intel

    sysenter

    Intel Architecture Software Manuals

    intended debugger-dependent viruses

    intended viruses

    interactions between viruses

    competition 2nd 3rd

    cooperation 2nd 3rd

    sexual reproduction

    SWCP (simple worm communication protocol)

    interactive disassembler (IDA)

    intercept mode

    Internet control message protocol (ICMP)

    Internet Explorer

    MIME types 2nd

    Internet Relay Chat (IRC) worms

    interpreted environment dependency 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th

    interrupt handlers

    memory scanning for 2nd

    Interrupt Request Packets (IRPs)

    Interrupt Spy (TSR program)

    Interrupt Spy tool

    interrupt vector table (IVT) 2nd

    calculations in

    interrupts

    calling

    with INT 1 and INT 3 2nd

    divide-by-zero exceptions

    entering kernel mode on Windows 9x 2nd

    generating exceptions

    hooking 2nd 3rd 4th 5th

    INT 1 and INT 3

    on INT 13h (boot viruses) 2nd 3rd

    on INT 21h (file viruses) 2nd 3rd 4th

    in polymorphic decryptors

    undocumented DOS interrupts (Int 21h/52h)

    intrusion [See also NIDS]

    Invader (virus)

    invalidation

    exception frame pointers

    IP addresses

    scanning 2nd 3rd 4th 5th 6th

    IRC (Internet Relay Chat) worms

    IRC worms 2nd

    IRPs (Interrupt Request Packets)

    IsDebuggerPresent() API

    ISO images

    infecting

    IVP (Instant Virus Production Kit)

    IVT (interrupt vector table) 2nd

    calculations in


    • / 191