Autor/en: Ed Skoudis, Lenny Zeltser
Fighting Malicious Code.
Pearson Education (US)
20. November 2003 - kartoniert - 672 Seiten
Malicious code is a set of instructions that runs on your computer and makes
your system do something that you do not want it to do. For example, it can
delete sensitive configuration files from your hard drive, rendering your
computer completely inoperable; infect your computer and use it as a jumpingoff
point to spread to all of your buddies' computers; and steal files from your
machine. Malicious code in the hands of a crafty attacker is indeed powerful.
It's becoming even more of a problem because many of the very same factors
fueling the evolution of the computer industry are making our systems even
more vulnerable to malicious code. Specifically, malicious code writers benefit
from the trends toward mixing static data and executable instructions,
increasingly homogenous computing environments, unprecedented
connectivity, an ever-larger clueless user base, and an unfriendly world. Skoudis
addressed malicious code in just one chapter of his previous book. Here, a
dozen chapters focus on one of the most interesting and rapidly developing
areas of computer attacks.
*Chapter 11, Defender's Toolbox, rolls together the defensive strategies
described in the book. As a bonus, Skoudis gives recipes for creating your own
malicious code analysis laboratory using cheap hardware and software.
*Foreword by Gene Schultz, security inspector for Global Integrity.
Foreword. Acknowledgments. 1. Introduction. Defining the Problem. Why Is Malicious Code So Prevalent? Types of Malicious Code. Malicious Code History. Why This Book? What To Expect. References. 2. Viruses. The Early History of Computer Viruses. Infection Mechanisms and Targets. Virus Propagation Mechanisms. Defending against Viruses. Malware Self-Preservation Techniques. Conclusions. Summary. References. 3. Worms. Why Worms? A Brief History of Worms. Worm Components. Impediments to Worm Spread. The Coming Super Worms. Bigger Isn't Always Better: The Un-Super Worm. Worm Defenses. Conclusions. Summary. References. 4. Malicious Mobile Code. Browser Scripts. ActiveX Controls. Java Applets. Mobile Code in E-Mail Clients. Distributed Applications and Mobile Code. Additional Defenses against Malicious Mobile Code. Conclusions. Summary. References. 5. Backdoors. Different Kinds of Backdoor Access. Installing Backdoors. Starting Backdoors Automatically. All-Purpose Network Connection Gadget: Netcat. Network Computing. Backdoors without Ports. Conclusions. Summary. References. 6. Trojan Horses. What's in a Name? Wrap Stars. Trojaning Software Distribution Sites. Poisoning the Source. Co-opting a Browser: Setiri. Hiding Data in Executables: Stego and Polymorphism. Conclusions. Summary. References. 7. User-Mode RootKits. UNIX User-mode RootKits. Windows User-Mode RootKits. Conclusions. Summary. References. 8. Kernel-Mode RootKits. What Is the Kernel? Kernel Manipulation Impact. The Linux Kernel. The Windows Kernel. Conclusions. Summary. References. 9. Going Deeper. Setting the Stage: Different Layers of Malware. Going Deeper: The Possibility of BIOS and Malware Microcode. Combo Malware. Conclusions. Summary. References. 10. Scenarios. Scenario 1: A Fly in the Ointment. Scenario 2: Invasion of the Kernel Snatchers. Scenario 3: Silence of the Worms. Conclusions. Summary. 11. Malware Analysis. Building a Malware Analysis Laboratory. Malware Analysis Process. Conclusion. Summary. References. 12. Conclusion. Useful Web Sites for Keeping Up. Parting Thoughts. Index.
ED SKOUDIS is a computer security consultant with International Network Services. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed secure network architectures, and responded to computer attacks. A frequent speaker on issues associated with hacker tools and effective defenses, Ed has published several articles, as well as the highly acclaimed Counter Attack: A Step-by-Step Guide to Computer Attacks and Effective Defenses (Prentice Hall PTR, 2001).