... 189
10. 1.1 Who? 189
10. 1.2 Why? 190
10. 2 The Anti-Virus Community 191
10. 2.1 Perceptions 192
10. 2.2 Another Day in Paradise 192
10. 2.3 Customer Demands 194
10. 2.4 Engineering 195
10. 2.5 ... Capture and Containment 167
4
COMPUTER VIRUSES AND MALWARE
This has been cast in terms of business, but malware presents a cost to
individuals, too. Personal information sto...
... his real
computer viruses in this collection of reprinted stories.
106 As told in Cohen [74].
107 Skrenta [289] and Dellinger [87].
108 The whole sordid tale is in Rosen
[267].
109 The original ... discovering these details is unusual.
16
COMPUTER VIRUSES AND MALWARE
access and the costs incurred to clean up from it. He was fined, and sentenced
to probation and co...
... polymorphic
viruses. A histogram can also be used to detect metamorphic viruses by
comparing the emulation histogram to histograms of known metamorphic
viruses. ^^^
64
COMPUTER VIRUSES AND MALWARE ... hash table
80
COMPUTER VIRUSES AND MALWARE
Static heuristics
• Pro: Static heuristic analysis detects both known and unknown viruses.
• Con: False positives are a...
... addresses:
56 COMPUTER
VIRUSES
AND MALWARE
other
.C hi chip,hip
2 ) >{4j
^^7j)—^^->(^
state
failure(state)
123456789
00 0100 305
Figure
4.2.
Aho-Corasick finite automaton and failure ... third and final ones are from Harley et al.
[137].
The fourth is
mentioned in [77].
104 Levine
[183].
105 Highland
[141].
106 The first three are from [13], the fourth fr...
...
technique has been found to date.
103 Analyses of Simile and Ganda can be found in Perriot et al. [249] and
Molnar and Szappanos
[ 210] ,
respectively.
104 GriYo[131].
105 The issue of how long to ... issues that arise for an attacker:
108
COMPUTER VIRUSES AND MALWARE
114 Hasson [139] andCrackZ [81].
115 See Rosenberg [268] for more information on this and single-s...
...
100 Anderson [12].
101 This section is based on Aleph One [8].
102 Erickson
[100 ].
103 The description of this attack is based on klog
[167].
104 This section is based on [231, 292].
105 ... single command. And was, in the case from which the above
138
COMPUTER VIRUSES AND MALWARE
hoax around, perceiving the purported threat as a way
to
justify an increase
in the com...
... source too.
102 Yee
[350].
103 The term "grappling hook" is from Eichin and Rochlis [97].
104 This section is based on Stamford et al.
[304].
105 Sz6randPerriot[315].
106 McKusick ... everything still works, just
more slowly.
168
COMPUTER VIRUSES AND MALWARE
8.2.1 Honey pots
Honeypots are computers that are meant to be compromised, computers
which may be eithe...