THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] - نسخه متنی

Peter Szor

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Acknowledgments

    Contact Information

    Part I. STRATEGIES OF THE ATTACKER

    Chapter 1. Introduction to the Games of Nature

    Section 1.1. Early Models of Self-Replicating Structures

    Section 1.2. Genesis of Computer Viruses

    Section 1.3. Automated Replicating Code: The Theory and Definition of Computer Viruses

    References

    Chapter 2. The Fascination of Malicious Code Analysis

    Section 2.1. Common Patterns of Virus Research

    Section 2.2. Antivirus Defense Development

    Section 2.3. Terminology of Malicious Programs

    Section 2.4. Other Categories

    Section 2.5. Computer Malware Naming Scheme

    Section 2.6. Annotated List of Officially Recognized Platform Names

    References

    Chapter 3. Malicious Code Environments

    Section 3.1. Computer Architecture Dependency

    Section 3.2. CPU Dependency

    Section 3.3. Operating System Dependency

    Section 3.4. Operating System Version Dependency

    Section 3.5. File System Dependency

    Section 3.6. File Format Dependency

    Section 3.7. Interpreted Environment Dependency

    Section 3.8. Vulnerability Dependency

    Section 3.9. Date and Time Dependency

    Section 3.10. JIT Dependency: Microsoft .NET Viruses

    Section 3.11. Archive Format Dependency

    Section 3.12. File Format Dependency Based on Extension

    Section 3.13. Network Protocol Dependency

    Section 3.14. Source Code Dependency

    Section 3.15. Resource Dependency on Mac and Palm Platforms

    Section 3.16. Host Size Dependency

    Section 3.17. Debugger Dependency

    Section 3.18. Compiler and Linker Dependency

    Section 3.19. Device Translator Layer Dependency

    Section 3.20. Embedded Object Insertion Dependency

    Section 3.21. Self-Contained Environment Dependency

    Section 3.22. Multipartite Viruses

    Section 3.23. Conclusion

    References

    Chapter 4. Classification of Infection Strategies

    Section 4.1. Boot Viruses

    Section 4.2. File Infection Techniques

    Section 4.3. An In-Depth Look at Win32 Viruses

    Section 4.4. Conclusion

    References

    Chapter 5. Classification of In-Memory Strategies

    Section 5.1. Direct-Action Viruses

    Section 5.2. Memory-Resident Viruses

    Section 5.3. Temporary Memory-Resident Viruses

    Section 5.4. Swapping Viruses

    Section 5.5. Viruses in Processes (in User Mode)

    Section 5.6. Viruses in Kernel Mode (Windows 9x/Me)

    Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP)

    Section 5.8. In-Memory Injectors over Networks

    References

    Chapter 6. Basic Self-Protection Strategies

    Section 6.1. Tunneling Viruses

    Section 6.2. Armored Viruses

    Section 6.3. Aggressive Retroviruses

    References

    Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits

    Section 7.1. Introduction

    Section 7.2. Evolution of Code

    Section 7.3. Encrypted Viruses

    Section 7.4. Oligomorphic Viruses

    Section 7.5. Polymorphic Viruses

    Section 7.6. Metamorphic Viruses

    Section 7.7. Virus Construction Kits

    References

    Chapter 8. Classification According to Payload

    Section 8.1. No-Payload

    Section 8.2. Accidentally Destructive Payload

    Section 8.3. Nondestructive Payload

    Section 8.4. Somewhat Destructive Payload

    Section 8.5. Highly Destructive Payload

    Section 8.6. DoS (Denial of Service) Attacks

    Section 8.7. Data Stealers: Making Money with Viruses

    Section 8.8. Conclusion

    References

    Chapter 9. Strategies of Computer Worms

    Section 9.1. Introduction

    Section 9.2. The Generic Structure of Computer Worms

    Section 9.3. Target Locator

    Section 9.4. Infection Propagators

    Section 9.5. Common Worm Code Transfer and Execution Techniques

    Section 9.6. Update Strategies of Computer Worms

    Section 9.7. Remote Control via Signaling

    Section 9.8. Intentional and Accidental Interactions

    Section 9.9. Wireless Mobile Worms

    References

    Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

    Section 10.1. Introduction

    Section 10.2. Background

    Section 10.3. Types of Vulnerabilities

    Section 10.4. Current and Previous Threats

    Section 10.5. Summary

    References

    Part II. STRATEGIES OF THE DEFENDER

    Chapter 11. Antivirus Defense Techniques

    Section 11.1. First-Generation Scanners

    Section 11.2. Second-Generation Scanners

    Section 11.3. Algorithmic Scanning Methods

    Section 11.4. Code Emulation

    Section 11.5. Metamorphic Virus Detection Examples

    Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses

    Section 11.7. Heuristic Analysis Using Neural Networks

    Section 11.8. Regular and Generic Disinfection Methods

    Section 11.9. Inoculation

    Section 11.10. Access Control Systems

    Section 11.11. Integrity Checking

    Section 11.12. Behavior Blocking

    Section 11.13. Sand-Boxing

    Section 11.14. Conclusion

    References

    Chapter 12. Memory Scanning and Disinfection

    Section 12.1. Introduction

    Section 12.2. The Windows NT Virtual Memory System

    Section 12.3. Virtual Address Spaces

    Section 12.4. Memory Scanning in User Mode

    Section 12.5. Memory Scanning and Paging

    Section 12.6. Memory Disinfection

    Section 12.7. Memory Scanning in Kernel Mode

    Section 12.8. Possible Attacks Against Memory Scanning

    Section 12.9. Conclusion and Future Work

    References

    Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

    Section 13.1. Introduction

    Section 13.2. Techniques to Block Buffer Overflow Attacks

    Section 13.3. Worm-Blocking Techniques

    Section 13.4. Possible Future Worm Attacks

    Section 13.5. Conclusion

    References

    Chapter 14. Network-Level Defense Strategies

    Section 14.1. Introduction

    Section 14.2. Using Router Access Lists

    Section 14.3. Firewall Protection

    Section 14.4. Network-Intrusion Detection Systems

    Section 14.5. Honeypot Systems

    Section 14.6. Counterattacks

    Section 14.7. Early Warning Systems

    Section 14.8. Worm Behavior Patterns on the Network

    Section 14.9. Conclusion

    References

    Chapter 15. Malicious Code Analysis Techniques

    Section 15.1. Your Personal Virus Analysis Laboratory

    Section 15.2. Information, Information, Information

    Section 15.3. Dedicated Virus Analysis on VMWARE

    Section 15.4. The Process of Computer Virus Analysis

    Section 15.5. Maintaining a Malicious Code Collection

    Section 15.6. Automated Analysis: The Digital Immune System

    References

    Chapter 16. Conclusion

    Further Reading

    Index

    •
    توضیحات
    افزودن یادداشت جدید











  • Index

    [SYMBOL]
    [A]
    [B]
    [C]
    [D]
    [E]
    [F]
    [G]
    [H]
    [I]
    [J]
    [K]
    [L]
    [M]
    [N]
    [O]
    [P]
    [Q]
    [R]
    [S]
    [T]
    [U]
    [V]
    [W]
    [X]
    [Y]
    [Z]

    Ma, Albert

    MAC (mandatory access control)

    MAC OS X

    shell scripts

    Machine field (PE header)

    Macintosh platform

    resource-dependent viruses 2nd

    Macro Identification and Resemblance Analyzer (MIRA)

    macro viruses 2nd 3rd 4th 5th 6th

    corruption 2nd

    evolution and devolution 2nd

    formula macros 2nd

    in Lotus Word Pro 2nd

    infecting user macros

    language dependency 2nd

    Lotus 1-2-3 2nd

    multipartite infection strategy 2nd

    naming conventions

    platform dependency 2nd

    source code, p-code, execode 2nd

    up-conversion and down-conversion 2nd

    XML 2nd

    macros

    integrity checking

    Magic field (PE header)

    Magistr (worm)

    SMTP-based attacks

    mailers

    definition of

    naming conventions

    maintenance

    virus collection 2nd

    malicious code analysis techniques

    architecture guides

    collection maintenance 2nd

    dedicated system installation 2nd

    Digital Immune System 2nd 3rd

    disassemblers 2nd 3rd 4th 5th

    dynamic analysis techniques 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th

    knowledge bases 2nd

    process of 2nd 3rd 4th 5th 6th 7th 8th

    unpacking 2nd

    Virus Analysis Toolkit (VAT) 2nd

    VMWARE 2nd

    malicious programs
    [See computer viruses]

    malloc() function

    malware
    [See computer viruses]

    management

    memory 2nd

    Virtual Memory Manager

    mandatory access control (MAC)

    MapInfo viruses 2nd

    MARS (Memory Array Redcode Simulator)

    Martin, Edwin

    Marx, Andreas

    mass-mailer worms (@mm worms)

    definition of

    mass-mailers

    naming conventions

    Master Boot Record (MBR)

    master boot record (MBR)

    infection techniques 2nd 3rd

    matching

    patterns

    mathematical model for computer viruses

    MBR (Master Boot Record)

    MBR (master boot record)

    infection techniques 2nd 3rd

    McAfee SCAN (antivirus program)

    MCB (memory control block) 2nd

    MDEF viruses

    Memorial
    [See W95/Memorial (virus)]

    memory

    buffer overflow attacks
    [See buffer overflow attacks]

    dirty memory pages

    dynamically allocated memory
    [See heaps]

    management

    read-only kernel

    video memory

    checking

    VMM memory area

    Memory Array Redcode Simulator (MARS)

    memory control block (MCB) 2nd

    Memory Manager

    paging 2nd 3rd

    memory residency strategies

    direct-action viruses 2nd

    in-memory injectors over networks

    kernel mode, viruses in 2nd 3rd 4th 5th

    memory-resident viruses 2nd

    disk cache and system buffer viruses 2nd 3rd

    installation under DOS 2nd 3rd

    interrupt hooking 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th

    self-detection techniques 2nd

    stealth viruses 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th

    processes, viruses in 2nd

    swapping viruses 2nd

    temporary memory-resident viruses 2nd

    memory scanning 2nd

    attacks 2nd

    detecting debuggers

    disinfection 2nd

    loaded DLLs

    patching code in active pages 2nd

    process termination

    thread termination 2nd 3rd 4th

    for interrupt handler 2nd

    in kernel mode

    64-bit platforms 2nd 3rd

    classes of context 2nd

    filter driver virus deactivation 2nd 3rd

    read-only memory

    upper 2G of address space

    user address space of processes

    Windows NT functions 2nd

    Windows NT service API entry points 2nd

    in user mode 2nd 3rd

    executed images (Win32 viruses) 2nd 3rd

    hidden window procedure (Win32 viruses)

    native Windows NT service viruses

    NtQuerySystemInformation() (NtQSI) 2nd 3rd

    processes/rights 2nd

    Win32 viruses 2nd 3rd 4th

    paging 2nd 3rd

    Windows NT virtual memory system 2nd 3rd 4th

    address spaces 2nd 3rd 4th 5th 6th 7th

    memory-resident viruses 2nd

    disk cache and system buffer viruses 2nd 3rd

    installation under DOS 2nd 3rd

    interrupt hooking 2nd 3rd 4th 5th

    on INT 13h (boot viruses) 2nd 3rd

    on INT 21h (file viruses) 2nd 3rd 4th

    self-detection techniques 2nd

    stealth viruses 2nd

    cluster and sector-level stealth viruses 2nd 3rd

    full-stealth viruses 2nd

    hardware-level stealth viruses 2nd 3rd

    read stealth viruses 2nd 3rd 4th 5th

    semistealth viruses 2nd 3rd 4th

    Mental Driller (virus writer)

    Simile.D virus

    W32/Simile virus

    Merkle, Ralph C

    Merry Xmas (virus)

    Metal Driller (virus writer)

    W95/Drill virus

    metamorphic virus detection

    code emulation 2nd 3rd 4th 5th

    disassembling techniques 2nd

    geometric detection 2nd

    metamorphic viruses 2nd 3rd 4th

    complex permutation techniques 2nd 3rd 4th 5th

    host application mutation 2nd

    MSIL metamorphic viruses 2nd

    simple permutation techniques 2nd 3rd 4th

    W32/Simile virus 2nd 3rd 4th 5th 6th 7th 8th 9th

    W95/Zmist virus 2nd 3rd 4th 5th

    metamorphic worms 2nd

    MetaPHOR (virus engine)

    MICE (Core War warrior program)

    Michelangelo (virus)

    Microsoft .NET
    [See .NET]

    Microsoft IIS servers

    W32/Nimda.A@mm worm 2nd

    Microsoft Security Bulletin MS03-007

    Microsoft SQL Server 2000

    W32/Slammer worm

    Microsoft SQL Servers

    exploits

    blocking 2nd 3rd

    Microsoft Visual .NET 2003 (7.0 & 7.1) 2nd 3rd 4th

    Microsoft Xbox

    security vulnerabilities

    MIME types 2nd

    W32/Badtrans.B@mm worm 2nd

    W32/Nimda.A@mm worm 2nd

    MIRA (Macro Identification and Resemblance Analyzer)

    mIRC

    instant messaging viruses 2nd

    mismatches

    first-generation antivirus scanners

    Mistfall engine

    mitigation

    return-to-LIBC attacks 2nd 3rd 4th

    mixed techniques
    [See blended attacks]

    MMX instructions 2nd

    mobile phones

    worms on 2nd 3rd

    modeling virus infections 2nd

    mathematical model

    modes

    kernel

    64-bit platform memory scanning 2nd 3rd

    classes of context (memory scanning) 2nd

    filter driver virus deactivation (memory scanning) 2nd 3rd

    memory scanning in

    read-only memory

    upper 2G of address space (memory scanning)

    user address space of processes

    Windows NT functions (memory scanning) 2nd

    Windows NT service API entry points (memory scanning) 2nd

    modification

    to files (tracking) 2nd

    modules

    altering

    logging

    Mole virus
    [See W32/IKX (virus)]

    monitoring

    files 2nd

    malicious code 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th

    ports

    processes

    registries

    threads

    Monxla (virus)

    Morris (worm) 2nd 3rd 4th

    avoiding buffer overflow attacks

    blocking buffer overflow attacks

    copycat Linux/ADM worm 2nd

    detailed description of 2nd 3rd 4th

    history of blended attacks 2nd

    shellcode blocking

    weak passwords

    Morris Internet worm

    Morris, Robert, Sr

    Core War

    Mosquitos game

    logic bomb in

    MPB/Kynel (virus)

    Mr. Sandman (virus writer)

    Anti-AVP virus

    MSAV (antivirus program)

    MSIL metamorphic viruses 2nd

    MSIL/Gastropod (virus)

    self-protection technique 2nd 3rd

    MSIL/Impanate (virus)

    self-protection technique

    MtE (mutation engine) 2nd 3rd

    MtE (Mutation Engine)

    MtE mutation engine

    static decryptor detection

    multipartite infection strategy

    macro viruses 2nd

    multipartite viruses 2nd

    multiple PE headers

    multiple virus sections 2nd

    multiple-fork support (NTFS)

    multithreaded viruses

    Murkry (virus writer) 2nd

    Murkry (virus)

    infection technique

    mutation
    [See corruption]

    mutation engine (MtE) 2nd

    Mutation Engine (MtE)

    mutation engine (MtE)

    Muttik, Igor 2nd

    metamorphic viruses

    MX queries

    and SMTP-based worm attacks 2nd

    Mydoom (virus)

    cooperation with worms

    Mydoom (worm)

    SMTP-based attacks with MX queries

    Myname
    [See OS2/Myname (virus)]


    • / 191