THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا

➟

جستجو در لغت نامه

بیشتر

کتابخانه شخصی پرسش از کتابدار ارسال منبع

THE ART OF COMPUTER VIRUS RESEARCH AND DEFENSE [Electronic resources] - نسخه متنی

Peter Szor

| ،

افزودن به کتابخانه شخصی

میخواهم بخوانم

درحال خواندن

خوانده شده

ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال

جستجو در متن کتاب

بیشتر

تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب

➟

جستجو در لغت نامه

بیشتر

لیست موضوعات

Acknowledgments

Contact Information

Part I. STRATEGIES OF THE ATTACKER

Chapter 1. Introduction to the Games of Nature

Section 1.1. Early Models of Self-Replicating Structures

Section 1.2. Genesis of Computer Viruses

Section 1.3. Automated Replicating Code: The Theory and Definition of Computer Viruses

Chapter 2. The Fascination of Malicious Code Analysis

Section 2.1. Common Patterns of Virus Research

Section 2.2. Antivirus Defense Development

Section 2.3. Terminology of Malicious Programs

Section 2.4. Other Categories

Section 2.5. Computer Malware Naming Scheme

Section 2.6. Annotated List of Officially Recognized Platform Names

Chapter 3. Malicious Code Environments

Section 3.1. Computer Architecture Dependency

Section 3.2. CPU Dependency

Section 3.3. Operating System Dependency

Section 3.4. Operating System Version Dependency

Section 3.5. File System Dependency

Section 3.6. File Format Dependency

Section 3.7. Interpreted Environment Dependency

Section 3.8. Vulnerability Dependency

Section 3.9. Date and Time Dependency

Section 3.10. JIT Dependency: Microsoft .NET Viruses

Section 3.11. Archive Format Dependency

Section 3.12. File Format Dependency Based on Extension

Section 3.13. Network Protocol Dependency

Section 3.14. Source Code Dependency

Section 3.15. Resource Dependency on Mac and Palm Platforms

Section 3.16. Host Size Dependency

Section 3.17. Debugger Dependency

Section 3.18. Compiler and Linker Dependency

Section 3.19. Device Translator Layer Dependency

Section 3.20. Embedded Object Insertion Dependency

Section 3.21. Self-Contained Environment Dependency

Section 3.22. Multipartite Viruses

Section 3.23. Conclusion

Chapter 4. Classification of Infection Strategies

Section 4.1. Boot Viruses

Section 4.2. File Infection Techniques

Section 4.3. An In-Depth Look at Win32 Viruses

Section 4.4. Conclusion

Chapter 5. Classification of In-Memory Strategies

Section 5.1. Direct-Action Viruses

Section 5.2. Memory-Resident Viruses

Section 5.3. Temporary Memory-Resident Viruses

Section 5.4. Swapping Viruses

Section 5.5. Viruses in Processes (in User Mode)

Section 5.6. Viruses in Kernel Mode (Windows 9x/Me)

Section 5.7. Viruses in Kernel Mode (Windows NT/2000/XP)

Section 5.8. In-Memory Injectors over Networks

Chapter 6. Basic Self-Protection Strategies

Section 6.1. Tunneling Viruses

Section 6.2. Armored Viruses

Section 6.3. Aggressive Retroviruses

Chapter 7. Advanced Code Evolution Techniques and Computer Virus Generator Kits

Section 7.1. Introduction

Section 7.2. Evolution of Code

Section 7.3. Encrypted Viruses

Section 7.4. Oligomorphic Viruses

Section 7.5. Polymorphic Viruses

Section 7.6. Metamorphic Viruses

Section 7.7. Virus Construction Kits

Chapter 8. Classification According to Payload

Section 8.1. No-Payload

Section 8.2. Accidentally Destructive Payload

Section 8.3. Nondestructive Payload

Section 8.4. Somewhat Destructive Payload

Section 8.5. Highly Destructive Payload

Section 8.6. DoS (Denial of Service) Attacks

Section 8.7. Data Stealers: Making Money with Viruses

Section 8.8. Conclusion

Chapter 9. Strategies of Computer Worms

Section 9.1. Introduction

Section 9.2. The Generic Structure of Computer Worms

Section 9.3. Target Locator

Section 9.4. Infection Propagators

Section 9.5. Common Worm Code Transfer and Execution Techniques

Section 9.6. Update Strategies of Computer Worms

Section 9.7. Remote Control via Signaling

Section 9.8. Intentional and Accidental Interactions

Section 9.9. Wireless Mobile Worms

Chapter 10. Exploits, Vulnerabilities, and Buffer Overflow Attacks

Section 10.1. Introduction

Section 10.2. Background

Section 10.3. Types of Vulnerabilities

Section 10.4. Current and Previous Threats

Section 10.5. Summary

Part II. STRATEGIES OF THE DEFENDER

Chapter 11. Antivirus Defense Techniques

Section 11.1. First-Generation Scanners

Section 11.2. Second-Generation Scanners

Section 11.3. Algorithmic Scanning Methods

Section 11.4. Code Emulation

Section 11.5. Metamorphic Virus Detection Examples

Section 11.6. Heuristic Analysis of 32-Bit Windows Viruses

Section 11.7. Heuristic Analysis Using Neural Networks

Section 11.8. Regular and Generic Disinfection Methods

Section 11.9. Inoculation

Section 11.10. Access Control Systems

Section 11.11. Integrity Checking

Section 11.12. Behavior Blocking

Section 11.13. Sand-Boxing

Section 11.14. Conclusion

Chapter 12. Memory Scanning and Disinfection

Section 12.1. Introduction

Section 12.2. The Windows NT Virtual Memory System

Section 12.3. Virtual Address Spaces

Section 12.4. Memory Scanning in User Mode

Section 12.5. Memory Scanning and Paging

Section 12.6. Memory Disinfection

Section 12.7. Memory Scanning in Kernel Mode

Section 12.8. Possible Attacks Against Memory Scanning

Section 12.9. Conclusion and Future Work

Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

Section 13.1. Introduction

Section 13.2. Techniques to Block Buffer Overflow Attacks

Section 13.3. Worm-Blocking Techniques

Section 13.4. Possible Future Worm Attacks

Section 13.5. Conclusion

Chapter 14. Network-Level Defense Strategies

Section 14.1. Introduction

Section 14.2. Using Router Access Lists

Section 14.3. Firewall Protection

Section 14.4. Network-Intrusion Detection Systems

Section 14.5. Honeypot Systems

Section 14.6. Counterattacks

Section 14.7. Early Warning Systems

Section 14.8. Worm Behavior Patterns on the Network

Section 14.9. Conclusion

Chapter 15. Malicious Code Analysis Techniques

Section 15.1. Your Personal Virus Analysis Laboratory

Section 15.2. Information, Information, Information

Section 15.3. Dedicated Virus Analysis on VMWARE

Section 15.4. The Process of Computer Virus Analysis

Section 15.5. Maintaining a Malicious Code Collection

Section 15.6. Automated Analysis: The Digital Immune System

Chapter 16. Conclusion

Further Reading

توضیحات

افزودن یادداشت جدید

9.1. Introduction

This chapter discusses the generic (or at least "typical") structure of advanced computer worms and the common strategies that computer worms use to invade new target systems. Computer worms primarily replicate on networks, but they represent a subclass of computer viruses. Interestingly enough, even in security research communities, many people imply that computer worms are dramatically different from computer viruses. In fact, even within CARO (Computer Antivirus Researchers Organization), researchers do not share a common view about what exactly can be classified as a "worm." We wish to share a common view, but well, at least a few of us agree that all computer worms are ultimately viruses¹. Let me explain.² May 2000

Visual Basic Script mass-mailer worm

Overwrites other VBS files with itself

By user

W32/Nimda@mm September 2001

32-bit Windows mass-mailer worm

Infects 32-bit PE files

Exploits vulnerabilities to execute itself on target

³, Slapper⁴, CodeRed, Ramen, Cheese⁵, Sadmind⁶, and Blaster, do not have file infection strategies but simply infect new nodes over the network. Thus defense methods against worms must focus on the protection of the network and the network-connected node.