THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] - نسخه متنی

Peter Szor

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Acknowledgments

    Contact Information

    Part I. STRATEGIES OF THE ATTACKER

    Chapter 1. Introduction to the Games of Nature

    Section 1.1. Early Models of Self-Replicating Structures

    Section 1.2. Genesis of Computer Viruses

    Section 1.3. Automated Replicating Code: The Theory and Definition of Computer Viruses

    References

    Chapter 2. The Fascination of Malicious Code Analysis

    Section 2.1. Common Patterns of Virus Research

    Section 2.2. Antivirus Defense Development

    Section 2.3. Terminology of Malicious Programs

    Section 2.4. Other Categories

    Section 2.5. Computer Malware Naming Scheme

    Section 2.6. Annotated List of Officially Recognized Platform Names

    References

    Chapter 3. Malicious Code Environments

    Section 3.1. Computer Architecture Dependency

    Section 3.2. CPU Dependency

    Section 3.3. Operating System Dependency

    Section 3.4. Operating System Version Dependency

    Section 3.5. File System Dependency

    Section 3.6. File Format Dependency

    Section 3.7. Interpreted Environment Dependency

    Section 3.8. Vulnerability Dependency

    Section 3.9. Date and Time Dependency

    Section 3.10. JIT Dependency: Microsoft .NET Viruses

    Section 3.11. Archive Format Dependency

    Section 3.12. File Format Dependency Based on Extension

    Section 3.13. Network Protocol Dependency

    Section 3.14. Source Code Dependency

    Section 3.15. Resource Dependency on Mac and Palm Platforms

    Section 3.16. Host Size Dependency

    Section 3.17. Debugger Dependency

    Section 3.18. Compiler and Linker Dependency

    Section 3.19. Device Translator Layer Dependency

    Section 3.20. Embedded Object Insertion Dependency

    Section 3.21. Self-Contained Environment Dependency

    Section 3.22. Multipartite Viruses

    Section 3.23. Conclusion

    References

    Chapter 4. Classification of Infection Strategies

    Section 4.1. Boot Viruses

    Section 4.2. File Infection Techniques

    Section 4.3. An In-Depth Look at Win32 Viruses

    Section 4.4. Conclusion

    References

    Chapter 5. Classification of In-Memory Strategies

    Section 5.1. Direct-Action Viruses

    Section 5.2. Memory-Resident Viruses

    Section 5.3. Temporary Memory-Resident Viruses

    Section 5.4. Swapping Viruses

    Section 5.5. Viruses in Processes (in User Mode)

    Section 5.6. Viruses in Kernel Mode (Windows 9x/Me)

    Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP)

    Section 5.8. In-Memory Injectors over Networks

    References

    Chapter 6. Basic Self-Protection Strategies

    Section 6.1. Tunneling Viruses

    Section 6.2. Armored Viruses

    Section 6.3. Aggressive Retroviruses

    References

    Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits

    Section 7.1. Introduction

    Section 7.2. Evolution of Code

    Section 7.3. Encrypted Viruses

    Section 7.4. Oligomorphic Viruses

    Section 7.5. Polymorphic Viruses

    Section 7.6. Metamorphic Viruses

    Section 7.7. Virus Construction Kits

    References

    Chapter 8. Classification According to Payload

    Section 8.1. No-Payload

    Section 8.2. Accidentally Destructive Payload

    Section 8.3. Nondestructive Payload

    Section 8.4. Somewhat Destructive Payload

    Section 8.5. Highly Destructive Payload

    Section 8.6. DoS (Denial of Service) Attacks

    Section 8.7. Data Stealers: Making Money with Viruses

    Section 8.8. Conclusion

    References

    Chapter 9. Strategies of Computer Worms

    Section 9.1. Introduction

    Section 9.2. The Generic Structure of Computer Worms

    Section 9.3. Target Locator

    Section 9.4. Infection Propagators

    Section 9.5. Common Worm Code Transfer and Execution Techniques

    Section 9.6. Update Strategies of Computer Worms

    Section 9.7. Remote Control via Signaling

    Section 9.8. Intentional and Accidental Interactions

    Section 9.9. Wireless Mobile Worms

    References

    Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

    Section 10.1. Introduction

    Section 10.2. Background

    Section 10.3. Types of Vulnerabilities

    Section 10.4. Current and Previous Threats

    Section 10.5. Summary

    References

    Part II. STRATEGIES OF THE DEFENDER

    Chapter 11. Antivirus Defense Techniques

    Section 11.1. First-Generation Scanners

    Section 11.2. Second-Generation Scanners

    Section 11.3. Algorithmic Scanning Methods

    Section 11.4. Code Emulation

    Section 11.5. Metamorphic Virus Detection Examples

    Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses

    Section 11.7. Heuristic Analysis Using Neural Networks

    Section 11.8. Regular and Generic Disinfection Methods

    Section 11.9. Inoculation

    Section 11.10. Access Control Systems

    Section 11.11. Integrity Checking

    Section 11.12. Behavior Blocking

    Section 11.13. Sand-Boxing

    Section 11.14. Conclusion

    References

    Chapter 12. Memory Scanning and Disinfection

    Section 12.1. Introduction

    Section 12.2. The Windows NT Virtual Memory System

    Section 12.3. Virtual Address Spaces

    Section 12.4. Memory Scanning in User Mode

    Section 12.5. Memory Scanning and Paging

    Section 12.6. Memory Disinfection

    Section 12.7. Memory Scanning in Kernel Mode

    Section 12.8. Possible Attacks Against Memory Scanning

    Section 12.9. Conclusion and Future Work

    References

    Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

    Section 13.1. Introduction

    Section 13.2. Techniques to Block Buffer Overflow Attacks

    Section 13.3. Worm-Blocking Techniques

    Section 13.4. Possible Future Worm Attacks

    Section 13.5. Conclusion

    References

    Chapter 14. Network-Level Defense Strategies

    Section 14.1. Introduction

    Section 14.2. Using Router Access Lists

    Section 14.3. Firewall Protection

    Section 14.4. Network-Intrusion Detection Systems

    Section 14.5. Honeypot Systems

    Section 14.6. Counterattacks

    Section 14.7. Early Warning Systems

    Section 14.8. Worm Behavior Patterns on the Network

    Section 14.9. Conclusion

    References

    Chapter 15. Malicious Code Analysis Techniques

    Section 15.1. Your Personal Virus Analysis Laboratory

    Section 15.2. Information, Information, Information

    Section 15.3. Dedicated Virus Analysis on VMWARE

    Section 15.4. The Process of Computer Virus Analysis

    Section 15.5. Maintaining a Malicious Code Collection

    Section 15.6. Automated Analysis: The Digital Immune System

    References

    Chapter 16. Conclusion

    Further Reading

    Index

    •
    توضیحات
    افزودن یادداشت جدید











  • Index

    [SYMBOL]
    [A]
    [B]
    [C]
    [D]
    [E]
    [F]
    [G]
    [H]
    [I]
    [J]
    [K]
    [L]
    [M]
    [N]
    [O]
    [P]
    [Q]
    [R]
    [S]
    [T]
    [U]
    [V]
    [W]
    [X]
    [Y]
    [Z]

    Sadmind (worm)

    safe-for-scripting ActiveX controls 2nd

    VBS/BubbleBoy worm 2nd

    W32/Blebla worm 2nd

    sand-boxing 2nd

    Sandman (virus writer)

    W95/Haiku virus

    SAP

    ABAP viruses

    saving

    original boot sector

    at end of disk 2nd

    saving files locally

    W32/Blebla worm 2nd

    SC Magazine ITALIC

    scanners

    algorithmic scanning methods 2nd 3rd

    filtering 2nd 3rd

    static decryptor detection 2nd 3rd

    X-RAY method 2nd 3rd 4th 5th

    behavior blocking 2nd 3rd 4th

    code emulation 2nd 3rd 4th

    dynamic decryptor detection 2nd

    encrypted/polymorphic virus detection 2nd 3rd 4th 5th

    disinfection methods 2nd 3rd 4th

    generic decryptors 2nd

    heuristics for generic repair 2nd

    standard 2nd 3rd

    first-generation antivirus

    bookmarks 2nd

    entry-point scanning 2nd

    fixed-point scanning 2nd

    generic detection

    hashing 2nd

    hyperfast disk access

    mismatches

    string scanning 2nd 3rd

    top-and-tail scanning

    wildcards 2nd

    heuristic analysis

    of 32-bit Windows viruses 2nd 3rd 4th 5th 6th

    using neural networks viruses 2nd 3rd

    integrity checking 2nd 3rd 4th

    sand-boxing 2nd

    second-generation antivirus

    exact identification 2nd 3rd

    nearly-exact identification 2nd

    skeleton detection

    smart scanning 2nd

    viruses

    inoculation 2nd

    scanning

    file images

    IP addresses 2nd 3rd 4th 5th 6th

    memory 2nd

    64-bit platforms (kernel mode) 2nd 3rd

    attacks 2nd

    classes of context (kernel mode) 2nd

    disinfection 2nd

    executed images (Win32 viruses) 2nd 3rd

    filter driver virus deactivation 2nd 3rd

    hidden window procedure (Win32 viruses)

    in kernel mode

    in user mode 2nd 3rd

    loaded DLLs

    native Windows NT service viruses

    NtQuerySystemInformation() (NtQSI) 2nd 3rd

    paging 2nd 3rd

    patching code in active pages 2nd

    process termination

    processes/rights 2nd

    read-only kernel memory

    thread termination 2nd 3rd 4th

    upper 2G of address space

    user address space of processes (kernel mode)

    virtual address spaces 2nd 3rd 4th 5th 6th 7th

    Win32 viruses 2nd 3rd 4th

    Windows NT functions (kernel mode) 2nd

    Windows NT service API entry points (kernel mode) 2nd

    Windows NT virtual memory system 2nd 3rd 4th

    scanning (antivirus programs)

    SCANPROC.EXE

    Schneier, Bruce

    science

    versus art

    script viruses

    REXX viruses 2nd 3rd

    scripts

    blocking 2nd 3rd

    search engines

    harvesting e-mail addresses using

    searching

    VOOGLE

    second-generation antivirus scanners

    exact identification 2nd 3rd

    nearly-exact identification 2nd

    skeleton detection

    smart scanning 2nd

    second-generation buffer overflows 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    definition of

    section table (PE files) 2nd 3rd 4th

    SectionAlignment field (PE header)

    sections

    code section sizes in header

    code sections

    naming

    gaps between

    packed code sections 2nd

    random entry points 2nd

    renaming

    shifting

    slack area infections

    suspeicious characteristics

    writeable flag

    sections (PE files)

    sector-level stealth viruses 2nd 3rd

    sectors

    formatting extra 2nd 3rd

    marking as BAD

    security

    information of

    updates

    buffer overflow attacks (worms) 2nd 3rd

    security exploits
    [See blended attacks]

    security_cookie values

    seeding

    definition of

    SEH (structured exception handling)

    self-contained environment dependency 2nd 3rd 4th

    self-detection techniques

    memory-resident viruses 2nd

    self-modifying code
    [See obfuscated code]

    self-protection techniques (of viruses)

    armored viruses

    antidebugging 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    antidisassembly 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th

    antiemulation 2nd 3rd 4th 5th 6th

    antigoat techniques 2nd

    antiheuristics 2nd 3rd 4th 5th 6th 7th 8th 9th 10th

    encrypted viruses 2nd 3rd 4th 5th 6th 7th 8th 9th

    metamorphic viruses 2nd 3rd

    complex permutation techniques 2nd 3rd 4th 5th

    host application mutation 2nd

    MSIL metamorphic viruses 2nd

    simple permutation techniques 2nd 3rd 4th

    W32/Simile virus 2nd 3rd 4th 5th 6th 7th 8th 9th

    W95/Zmist virus 2nd 3rd 4th 5th

    oligomorphic viruses 2nd 3rd

    polymorphic viruses

    1260 virus 2nd

    32-bit polymorphic viruses 2nd 3rd 4th 5th

    MtE (mutation engine) 2nd 3rd

    retroviruses 2nd 3rd

    tunneling viruses

    code emulation

    disk access with port I/O 2nd

    memory scanning for interrupt handler 2nd

    tracing with debug interfaces 2nd

    undocumented functions 2nd

    virus construction kits 2nd

    ethics of using

    GenVir

    list of 2nd

    NGVCK 2nd 3rd

    PS-MPC 2nd

    VCL (Virus Creation Laboratory) 2nd

    VCS (Virus Construction Set) 2nd

    self-replicating loops

    self-replicating systems

    history of

    Core War 2nd 3rd 4th

    Edward Fredkin structures 2nd 3rd

    game of Life (Conway) 2nd 3rd 4th 5th 6th

    John von Neumann theory 2nd 3rd

    self-sending code blocking 2nd 3rd 4th 5th

    self-tracking

    of worms 2nd

    semistealth viruses 2nd 3rd 4th

    sending

    self-sending code blocking 2nd 3rd 4th 5th

    sendmail

    Morris worm

    server function call

    service viruses, native Windows NT

    SETI

    use by computer worms

    sexual reproduction of viruses

    SH/Renepo.A (worm)

    shape heuristic

    share-level password vulnerability

    sharepoints (network enumeration)

    shell code-based attacks 2nd 3rd 4th 5th

    shell scripts 2nd

    shellcode

    blocking 2nd 3rd 4th 5th 6th 7th 8th

    shellcode-based worms

    Shifter (virus) 2nd 3rd

    shifting

    sections

    Shockwave Rider (Brunner)

    "Shooter" starting structure (game of Life) 2nd 3rd 4th

    Short Message Service (SMS)

    Sieben, Na'ndor

    signatures

    flirt

    Simile (virus)

    self-protection technique

    Simile virus
    [See W32/Simile (virus)]

    Simile.D (virus) 2nd

    simple worm communication protocol (SWCP)

    Simulated "Metamorphic" Encryption Generator (SMEG)

    simulations of nature
    [See nature-simulation games]

    single-layer classifiers with thresholds

    single-stepping

    detecting 2nd

    Sircam (worm)

    e-mail address harvesting

    SMTP-based attacks

    SizeOfCode field

    SizeOfCode field (PE header)

    SizeOfImage field

    incorrect information in

    SizeOfImage field (PE header)

    skeleton detection

    Skrenta, Rich

    Elk Cloner (virus)

    Skulason, Fridrik 2nd 3rd

    slack area infections

    Slammer (virus)

    Slapper (worm)

    slow infectors

    Sma
    [See W95/Sma (virus)]

    smart scanning 2nd

    SMEG (Simulated "Metamorphic" Encryption Generator) 2nd 3rd

    SMS (Short Message Service)

    SMTP

    blocking 2nd 3rd

    SMTP (worms)

    SMTP proxy-based attacks

    worm infections 2nd 3rd

    SMTP spam relay

    use by computer worms

    SMTP-based attacks

    worm infections 2nd 3rd 4th 5th 6th

    SnakeByte (virus writer)

    NGVCK (virus construction kit)

    Perl viruses

    sniffing

    traffic

    SoftIce Debugger (antivirus program)

    SoftICE tool

    Solaris

    on SPARC 2nd

    Solaris/Sadmind (virus)

    Solaris/Sadmind (worm)

    Solomon, Alan 2nd 3rd 4th

    somewhat destructive payload viruses 2nd 3rd

    source code

    macro viruses 2nd

    source code dependency 2nd

    source spoofing

    Sourcer (disassembler)

    SP (stack pointer)

    decryption with

    spammer programs

    definition of 2nd

    Spanska (virus writer) 2nd

    Happy99 worm

    IDEA virus

    IDEA viruses

    Spanska (virus)

    ***change to Spanska (virus writer)***

    self-protection technique 2nd

    special objects

    integrity checking

    speed

    integrity checking

    spoofing

    source

    spyware

    definition of 2nd

    SQL Server 2000

    W32/Slammer worm

    ssnetlib.dll

    W32/Slammer worm

    stack buffer overflows 2nd 3rd

    causes of 2nd

    CodeRed worm 2nd 3rd 4th

    exploiting 2nd

    Linux/ADM worm 2nd

    Morris worm 2nd 3rd 4th

    W32/Blaster worm 2nd 3rd 4th

    W32/Slammer worm 2nd 3rd 4th

    stack pointer (SP)

    decryption with

    stack smashing

    stack state

    checking 2nd

    stack-based overflow attacks, compiler-level solutions

    StackGuard 2nd 3rd 4th

    stacks

    definition of

    exception-handler validation

    return-to-LIBC attacks 2nd 3rd 4th

    standard access lists

    standard disinfection 2nd 3rd

    Starship (virus)

    StarShip (virus)

    infection technique

    stateful firewall solutions

    static decryptor detection

    algorithmic scanning methods 2nd 3rd

    static heuristics

    stealing data
    [See data stealing viruses]

    stealth viruses 2nd

    cluster and sector-level stealth viruses 2nd 3rd

    full-stealth viruses 2nd

    hardware-level stealth viruses 2nd 3rd

    read stealth viruses 2nd 3rd 4th 5th

    semistealth viruses 2nd 3rd 4th

    Stoll, Clifford

    Stoned (virus) 2nd 3rd

    accidentally destructive payload viruses

    bookmarks

    exact identification 2nd

    infection technique 2nd

    interrupt hooking 2nd

    nearly exact identification

    string scanning 2nd 3rd

    stopping break points

    Stormbringer (virus writer)

    Shifter virus

    Strack, Stefan

    Strange (virus)

    stream viruses

    file system dependency 2nd

    Strike (virus)

    infection technique

    string scanning 2nd 3rd

    strings

    API strings 2nd

    dumps 2nd

    mismatches

    first-generation antivirus scanners

    wildcards

    first-generation antivirus scanners 2nd

    structured exception handling 2nd

    structured exception handling (SEH)

    structures

    self-replicating structures 2nd 3rd

    Struss, J. (virus construction kit writer)

    Stupid (virus)

    submissions

    worm-blocking

    subsystems

    extensions

    buffer overflow attacks (worms) 2nd

    Win32

    viruses 2nd 3rd 4th

    super fast infectors

    Super Logo viruses 2nd 3rd 4th

    Suslikov, Eugene

    swapping viruses 2nd

    SWCP (simple worm communication protocol)

    Symantec Security Response

    Symboot

    SymbOS/Cabir (worm) 2nd 3rd

    sysenter

    system buffer viruses 2nd 3rd

    system call tracing 2nd

    System File Checker feature (Windows 2000/XP)

    system loader

    Windows 95 versus Windows NT 2nd 3rd 4th

    system modification attacks

    Novell NetWare ExecuteOnly attribute 2nd 3rd 4th 5th

    W32/Bolzano virus 2nd

    system rights

    memory scanning 2nd


    • / 191