Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 24 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
24
Dung lượng
872,69 KB
Nội dung
[...]... 84 86 88 10 2 10 3 10 4 10 5 11 0 11 1 11 2 11 3 11 4 11 5 11 6 11 7 11 8 11 9 12 0 12 1 12 1 12 2 12 3 12 4 12 6 12 7 12 8 13 0 13 6 13 7 14 6 14 6 14 8 15 0 15 2 15 7 15 9 List of Figures 8.3 8.4 8.5 8.6 9 .1 9.2 10 .1 10.2 Signatures in network traffic Traffic accepted by an IDS and a host TTL attack on an IDS Network traffic throttling Organized crime and access-for-sale worms Disorganized crime and access-for-sale worms Malware. .. VIRUSES AND MALWARE 4 .14 4 .15 4 .16 5 .1 5.2 5.3 5.4 6 .1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 6 .10 6 .11 6 .12 6 .13 6 .14 6 .15 6 .16 6 .17 6 .18 6 .19 6.20 6. 21 6.22 7 .1 7.2 7.3 7.4 7.5 8 .1 8.2 Disinfection using checksums Problem with unencrypted virus databases Example virus descriptions Checking for single-stepping False disassembly Anti-disassembly using strong cryptographic hash functions On-demand code decryption... analysis workflow In the zoo vs in the wild xiii 16 5 16 6 16 7 17 1 18 0 18 0 19 3 19 5 Preface It seemed like a good idea at the time In 2003 ,1 started teaching a course on computer viruses and malicious software to senior undergraduate and graduate students at the University of Calgary It's been an interesting few years Computer viruses are a controversial and taboo topic, despite having such a huge impact... prosecuting computer crimes that are just electronic versions of "traditional" crimes like fraud [56], but the trend is definitely to enact computer- specific laws 10 0 Owens [237] discusses liability potential in great detail 10 1 This section is based on Garfink and Landesman [11 7], and Ducklin [94] touches on some of the same issues too 10 2 Morley [ 213 ] Ducklin [94] has a discussion of this issue, and of... cause, malware is a problem that needs to be solved This book looks at malware, primarily viruses and worms, and its countermeasures The next chapter lays the groundwork with some basic definitions and a timeline of malware Then, on to viruses: Chapters 3, 4, and 5 cover viruses, anti-virus techniques, and anti-anti-virus techniques, in that order Chapter 6 explains the weaknesses that are exploited by malware, ...List of Figures 1. 1 1. 2 2 .1 2.2 3 .1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 4 .1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4 .10 4 .11 4 .12 4 .13 Worm propagation curve Ideal propagation curves for attackers and defenders VGrep operation Timeline of events Multiple boot sector infections Prepending virus Appending virus Concept... are fed by supply chains with computerized inventory systems; water is dispensed through computer- controlled water systems; parts for new shelters come from suppliers with computer- ridden supply chains, and old shelters are bought and sold by computer- wielding realtors The production and transmission of energy to run all of these systems is controlled by computer, and computers manage financial transactions... be used to detect, detain, and destroy it This is not accidental Of the four threats listed above, malware has the deepest connection to the other three Malware may be propagated using spam, and may also be used to send spam; malware may take advantage of bugs; malware may be used to mount DoS attacks Addressing the problem of malware is vital for improving computer security Computer security is vital... make bold statements about what malware can and can't do Finally, this is not a programming book, and some knowledge of programming (in both high- and low-level languages) is assumed, although pseudocode is used where possible A reasonable understanding of operating systems and networks is also beneficial 1. 8 Some Words of Warning Self-replicating software like viruses and worms has proven itself to... of exponential growth to occur earlier, preferably before any defenses have been deployed This is shown in Figure 1. 2a ^ compromised maciiines time ; i w 1 jr,\ a) attacker ideal Figure 1. 2 Ideal propagation curves for attackers and defenders 6 COMPUTER VIRUSES AND MALWARE On the other hand, a defender wants to do one of two things First, the propagation curve could be pushed to the right, buying time . PEOPLE AND COMMUNITIES 18 9 10 .1 Malware Authors 18 9 10 .1. 1 Who? 18 9 10 .1. 2 Why? 19 0 10 .2 The Anti-Virus Community 19 1 10 .2 .1 Perceptions 19 2 10 .2.2 Another Day in Paradise 19 2 10 .2.3 Customer. 11 11 12 12 13 14 15 16 16 17 17 18 19 2.3 2.4 Authorship TimeUne 3. VIRUSES 3 .1 3.2 3.3 Classification by Target 3 .1. 1 Boot-Sector Infectors 3 .1. 2 File Infectors 3 .1. 3. PARC, c. 19 82 14 4 7 .1. 2 The Internet Worm, November 19 88 14 5 7.2 Propagation 14 8 7.2 .1 Initial Seeding 14 9 7.2.2 Finding Targets 15 0 8. DEWORMING 15 7 8 .1 Defense 15 8 8 .1. 1 User 15 8 8 .1. 2 Host