1. Trang chủ
  2. » Công Nghệ Thông Tin

Addison wesley crimeware understanding new attacks and defenses apr 2008 ISBN 0321501950

1,1K 104 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 1.078
Dung lượng 7,94 MB

Nội dung

Crimeware: Understanding New Attacks and Defenses by Markus Jakobsson; Zulfikar Ramzan Publisher: Addison Wesley Professional Pub Date: April 06, 2008 Print ISBN-10: 0-321-50195-0 Print ISBN-13: 978-0-321-50195-0 eText ISBN-10: 0-321-55374-8 eText ISBN-13: 978-0-321-55374-4 Pages: 608 Table of Contents | Index Overview "This book is the most current and comprehensive analysis of the state of Internet security threats right now The review of current issues and predictions about problems years away are critical for truly understanding crimeware Every concerned person should have a copy and use it for reference." –Garth Bruen, Project KnujOn Designer There's a new breed of online predators–serious criminals intent on stealing big bucks and top-secret information–and their weapons of choice are a dangerous array of tools called "crimeware." With an evergrowing number of companies, organizations, and individuals turning to the Internet to get things done, there's an urgent need to understand and prevent these online threats Crimeware: Understanding New Attacks and Defenses will help security professionals, technical managers, students, and researchers understand and prevent specific crimeware threats This book guides you through the essential security principles, techniques, and countermeasures to keep you one step ahead of the criminals, regardless of evolving technology and tactics Security experts Markus Jakobsson and Zulfikar Ramzan have brought together chapter contributors who are among the best and the brightest in the security industry Together, they will help you understand how crimeware works, how to identify it, and how to prevent future attacks before your company's valuable information falls into the wrong hands In selfcontained chapters that go into varying degrees of depth, the book provides a thorough overview of crimeware, including not only concepts prevalent in the wild, but also ideas that so far have only been seen inside the laboratory With this book, you will Understand current and emerging security threats including rootkits, bot networks, spyware, adware, and click fraud Recognize the interaction between various crimeware threats Gain awareness of the social, political, and legal implications of these threats Learn valuable countermeasures to stop crimeware in its tracks, now and in the future Acquire insight into future security trends and threats, and create an effective defense plan With contributions by Gary McGraw, Andrew Tannenbaum, Dave Cole, Oliver Friedrichs, Peter Ferrie, and others Crimeware: Understanding New Attacks and Defenses by Markus Jakobsson; Zulfikar Ramzan Publisher: Addison Wesley Professional Pub Date: April 06, 2008 Print ISBN-10: 0-321-50195-0 Print ISBN-13: 978-0-321-50195-0 eText ISBN-10: 0-321-55374-8 eText ISBN-13: 978-0-321-55374-4 Pages: 608 Table of Contents | Index Copyright Preface About the Authors Chapter 1 Overview of Crimeware Section 1.1 Introduction Section 1.2 Prevalence of Crimeware Section 1.3 Crimeware Threat Model and Taxonomy Section 1.4 A Crimeware Menagerie Section 1.5 Crimeware Distribution Section 1.6 Infection and Compromise Points, Chokepoints, and Countermeasures Section 1.7 Crimeware Installation Section 1.8 Crimeware Usage Section 1.9 Organizing Principles for the Remainder of This Text Acknowledgments Chapter 2 A Taxonomy of Coding Errors Section 2.1 The Trinity of Trouble Section 2.2 The Seven Pernicious Kingdoms Section 2.3 The Phyla Section 2.4 More Phyla Needed Chapter 3 Crimeware and Peer-to-Peer Networks Section 3.1 Malware in Peer-to-Peer Networks Conclusion Section 3.2 Human-Propagated Crimeware Chapter 4 Crimeware in Small Devices Section 4.1 Propagation Through USB Drives Section 4.2 Radio Frequency ID Crimeware Section 4.3 Mobile Crimeware Chapter 5 Crimeware in Firmware Section 5.1 Propagation by Firmware Updates Conclusion Section 5.2 Modeling WiFi Malware Epidemics Chapter 6 Crimeware in the Browser Section 6.1 Transaction Generators: Rootkits for the Web Conclusion Section 6.2 Drive-By Pharming Conclusion Section 6.3 Using JavaScript to Commit Click Fraud Chapter 7 Bot Networks Section 7.1 Introduction Section 7.2 Network-Oriented Features of Botnets Section 7.3 Software Features of Bots Section 7.4 Web Bots and the General Future of Botnets Section 7.5 Countermeasures Conclusion Chapter 8 Rootkits Section 8.1 Introduction Section 8.2 Evolution of Rootkits Section 8.3 User-Mode Windows Rootkits Section 8.4 Kernel-Mode Rootkit Techniques Section 8.5 Linux Rootkits Section 8.6 BIOS Rootkits Section 8.7 PCI Rootkits Section 8.8 Virtual Machine–Based Rootkits Section 8.9 Rootkit Defense Chapter 9 Virtual Worlds and Fraud Section 9.1 Introduction Section 9.2 MMOGs as a Domain for Fraud Section 9.3 Electronic Fraud Section 9.4 Fraud in MMOGs Conclusion Chapter 10 Cybercrime and Politics Section 10.1 Domain Name Abuse Section 10.2 Campaign-Targeted Phishing Section 10.3 Malicious Code and Security Risks Section 10.4 Denial-of-Service Attacks Section 10.5 Cognitive Election Hacking Section 10.6 Public Voter Information Sources: FEC Databases Section 10.7 Intercepting Voice Communications Conclusion Acknowledgments Chapter 11 Online Advertising Fraud Section 11.1 History Section 11.2 Revenue Models Section 11.3 Types of Spam Section 11.4 Forms of Attack Section 11.5 Countermeasures Section 11.6 Click Fraud Auditing Section 11.7 The Economics of Click Fraud Conclusion Acknowledgments Chapter 12 Crimeware Business Models Section 12.1 The Crimeware Business Conclusion Section 12.2 A Closer Look at Adware Chapter 13 The Educational Aspect of Security Section 13.1 Why Education? Section 13.2 Case Study: A Cartoon Approach Conclusion Chapter 14 Surreptitious Code and the Law Section 14.1 Introduction Section 14.2 The Characteristics of Surreptitious Code Section 14.3 Primary Applicable Laws Section 14.4 Secondary Applicable Laws Conclusion Chapter 15 Crimeware and Trusted Computing Section 15.1 Introduction Section 15.2 Anatomy of an Attack Section 15.3 Combating Crimeware with Trusted Computing Section 15.4 Case Studies Conclusion Chapter 16 Technical Defense Techniques Section 16.1 Case Study: Defense-in-Depth Against Spyware Conclusion Section 16.2 Crimeware-Resistant Authentication Conclusion Section 16.3 Virtual Machines as a Crimeware Defense Mechanism Chapter 17 The Future of Crimeware Section 17.1 Crimeware, Terrorware, Vandalware, and Ransomware Section 17.2 New Applications and Platforms Section 17.3 Using Social Networks to Bootstrap Attacks Section 17.4 New Use of the Internet: Controlling the Infrastructure Section 17.5 Moving Up the Stack Section 17.6 The Emergence of an E-Society: Are We Becoming More Vulnerable? Section 17.7 The Big Picture References Index Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests For more information, please contact: U.S Corporate and Government Sales, (800) 382-3419, corpsales@pearsontechgroup.com For sales outside the United States please contact: International Sales, international@pearsoned.com Visit us on the Web: informit.com/aw Library of Congress Cataloging-in-Publication DataJakobsson, Markus Crimeware : understanding new attacks and defenses / Markus Jakobsson, Zulfikar Ramzan p cm Includes bibliographical references and index ISBN 978-0-321-50195-0 (pbk : alk paper) 1 Computer security Internet—Security measures Computer crimes I Ramzan, Zulfikar II Title QA76.9.A25J325 2008 005.8—dc22 2007050736 Copyright © 2008 Symantec Corporation All rights reserved Printed in the United States of America This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise For information regarding permissions, write to: Pearson Education, Inc Rights and Contracts Department 501 Boylston Street, Suite 900 Boston, MA 02116 Fax (617) 671-3447 ISBN-13: 978-0-321-50195-0 Text printed in the United States on recycled paper at Courier in Stoughton, Massachusetts First printing, April 2008 Dedication To Suma and Kabir and To A and Art Preface Traditionally, malware has been thought of as a purely technical threat, relying principally on technical vulnerabilities for infection Its authors were motivated by intellectual curiosity, and sometimes by competition with other malware authors This book draws attention to the fact that this is all history Infection vectors of today take advantage of social context, employ deceit, and may use data-mining techniques to tailor attacks to the intended victims Their goal is profit or political power Malware become crimeware That is, malware has moved out of basements and college dorms, and is now a tool firmly placed in the hands of organized crime, terror organizations, and aggressive governments This transformation comes at a time when society increasingly has come to depend on the Internet for its structure and stability, and it raises a worrisome question: What will happen next? This book tries to answer that question by a careful exposition of what crimeware is, how it behaves, and what trends are evident The book is written for readers from a wide array of backgrounds Most sections and chapters start out describing a given angle from a bird's-eye view, using language that makes the subject approachable to readers without deep technical knowledge The chapters and sections then delve into more detail, often concluding with a degree of technical detail that may be of interest only to security researchers It is up to you to decide when you understand enough of a given issue and are ready to turn to another chapter Recognizing that today's professionals are often pressed for time, this book is written so that each chapter is relatively self-contained Rather than having each chapter be sequentially dependent on preceding chapters, you can safely peruse a specific chapter of interest and skip back and forth as desired Each chapter was contributed by a different set of authors, each of whom provides a different voice and unique perspective on the issue of crimeware This book is meant for anyone with an interest in crimeware, computer security, and eventually, the survivability of the Internet It is not meant only for people with a technical background Rather, it is also appropriate for makers of laws and policies, user interface designers, and companies concerned with user education The book is not intended as a guide to securing one's system, but rather as a guide to determining what the problem really is and what it will become Although we often use recent examples of attacks to highlight and explain issues of interest, focus here is on the underlying trends, principles, and techniques When the next wave of attacks appears— undoubtedly using new technical vulnerabilities and new psychological twists—then the same principles will still hold Thus, this book is meant to remain a useful reference for years to come, in a field characterized by change We are proud to say that we think we have achieved this contradictory balance, and we hope that you will agree Acknowledgments We are indebted to our expert contributors, who have helped make this book what it is by offering their valuable and unique insights, and selflessly donated their time to advance the public's knowledge of crimeware The following researchers helped us provide their view of the problem: Shane Balfe, Jeffrey Bardzell, Shaowen Bardzell, Dan Boneh, Fred H Cate, David Cole, Vittoria Colizza, Bruno Crispo, Neil Daswani, Aaron Emigh, Peter Ferrie, Oliver Friedrichs, Eimear Gallery, Mona Gandhi, Kourosh Gharachorloo, Shuman Ghosemajumder, Minaxi Gupta, James Hoagland, Hao Hu, Andrew Kalafut, Gary McGraw, Chris J Mitchell, John Mitchell, Steven Myers, Chris Mysen, Tyler Pace, Kenneth G Paterson, Prashant Pathak, Vinay Rao, Jacob Ratkiewicz, Melanie Rieback, Sourabh Satish, Sukamol Srikwan, Sid Stamm, Andrew Tanenbaum, Alex Tsow, Alessandro Vespignani, Xiaofeng Wang, Stephen Weis, Susanne Wetzel, Ollie Whitehouse, Liu Yang, and the Google Ad Traffic Quality Team In addition, Markus wishes to thank his graduate students, who have helped with everything from performing LaTeX conversions to being experiment subjects, and many of whose research results are part of this book Zulfikar wishes to thank Oliver Friedrichs and the rest of the Symantec Advanced Threat Research team (as well as his colleagues throughout Symantec) for affording him the opportunity to work on this book and for engaging in countless stimulating discussions on these topics ... Oliver Friedrichs, Peter Ferrie, and others Crimeware: Understanding New Attacks and Defenses by Markus Jakobsson; Zulfikar Ramzan Publisher: Addison Wesley Professional Pub Date: April 06, 2008 Print ISBN- 10: 0-321-50195-0... Library of Congress Cataloging-in-Publication DataJakobsson, Markus Crimeware : understanding new attacks and defenses / Markus Jakobsson, Zulfikar Ramzan p cm Includes bibliographical references and index ISBN 978-0-321-50195-0 (pbk... Prevalence of Crimeware Section 1.3 Crimeware Threat Model and Taxonomy Section 1.4 A Crimeware Menagerie Section 1.5 Crimeware Distribution Section 1.6 Infection and Compromise Points, Chokepoints, and

Ngày đăng: 19/04/2019, 14:45