Malware: Fighting Malicious Code (Paperback)

Summary

• Reveals how attackers install malicious code and how they evade detection
• Shows how you can defeat their schemes and keep your computers and network safe!
• Details viruses, worms, backdoors, Trojan horses, RootKits, and other threats
• Explains how to handle today's threats, with an eye on handling the threats to come

"This is a truly outstanding book-enormous technical wealth and beautifully written."
—Warwick Ford

"Ed does it again, piercing the veil of mystery surrounding many of the more technical aspects of computer security!"
—Harlan Carvey, CISSP

"This book is entertaining and informative, while justifiably scaring you. Luckily it also tells you how to protect yourself, but makes you realize it's going to be a permanent spy-vs-spy struggle."
—Radia Perlman, Distinguished Engineer, Sun Microsystems

Keep control of your systems out of the hands of unknown attackers

Ignoring the threat of malware is one of the most reckless things you can do in today's increasingly hostile computing environment. Malware is malicious code planted on your computer, and it can give the attacker a truly alarming degree of control over your system, network, and data-all without your knowledge! Written for computer pros and savvy home users by computer security expert Edward Skoudis, Malware: Fighting Malicious Code covers everything you need to know about malware, and how to defeat it!

This book devotes a full chapter to each type of malware-viruses, worms, malicious code delivered through Web browsers and e-mail clients, backdoors, Trojan horses, user-level RootKits, and kernel-level manipulation. You'll learn about the characteristics and methods of attack, evolutionary trends, and how to defend against each type of attack. Real-world examples of malware attacks help you translate thought into action, and a special defender's toolbox chapter shows how to build your own inexpensive code analysis lab to investigate new malware specimens on your own. Throughout, Skoudis' clear, engaging style makes the material approachable and enjoyable to learn. This book includes:

• Solutions and examples that cover both UNIX® and Windows®
• Practical, time-tested, real-world actions you can take to secure your systems
• Instructions for building your own inexpensive malware code analysis lab so you can get familiar with attack and defensive tools harmlessly!

Malware: Fighting Malicious Code is intended for system administrators, network personnel, security personnel, savvy home computer users, and anyone else interested in keeping their systems safe from attackers.

Foreword.
Acknowledgments.
1. Introduction.

Defining the Problem. Why Is Malicious Code So Prevalent? Types of Malicious Code. Malicious Code History. Why This Book? What To Expect. References.

2. Viruses.

The Early History of Computer Viruses. Infection Mechanisms and Targets. Virus Propagation Mechanisms. Defending against Viruses. Malware Self-Preservation Techniques. Conclusions. Summary. References.

3. Worms.

Why Worms? A Brief History of Worms. Worm Components. Impediments to Worm Spread. The Coming Super Worms. Bigger Isn't Always Better: The Un-Super Worm. Worm Defenses. Conclusions. Summary. References.

4. Malicious Mobile Code.

Browser Scripts. ActiveX Controls. Java Applets. Mobile Code in E-Mail Clients. Distributed Applications and Mobile Code. Additional Defenses against Malicious Mobile Code. Conclusions. Summary. References.

5. Backdoors.

Different Kinds of Backdoor Access. Installing Backdoors. Starting Backdoors Automatically. All-Purpose Network Connection Gadget: Netcat. Network Computing. Backdoors without Ports. Conclusions. Summary. References.

6. Trojan Horses.

What's in a Name? Wrap Stars. Trojaning Software Distribution Sites. Poisoning the Source. Co-opting a Browser: Setiri. Hiding Data in Executables: Stego and Polymorphism. Conclusions. Summary. References.

7. User-Mode RootKits.

UNIX User-mode RootKits. Windows User-Mode RootKits. Conclusions. Summary. References.

8. Kernel-Mode RootKits.

What Is the Kernel? Kernel Manipulation Impact. The Linux Kernel. The Windows Kernel. Conclusions. Summary. References.

9. Going Deeper.

Setting the Stage: Different Layers of Malware. Going Deeper: The Possibility of BIOS and Malware Microcode. Combo Malware. Conclusions. Summary. References.

10. Scenarios.

Scenario 1: A Fly in the Ointment. Scenario 2: Invasion of the Kernel Snatchers. Scenario 3: Silence of the Worms. Conclusions. Summary.

11. Malware Analysis.

Building a Malware Analysis Laboratory. Malware Analysis Process. Conclusion. Summary. References.

12. Conclusion.

Useful Web Sites for Keeping Up. Parting Thoughts.

Index.

摘要

• 揭示攻擊者如何安裝惡意代碼以及他們如何逃避偵測
  


• 展示如何擊敗他們的計畫，保護您的電腦和網絡安全！
  


• 詳細介紹病毒、蠕蟲、後門、特洛伊木馬、RootKits和其他威脅
  


• 解釋如何應對當今的威脅，並關注未來的威脅

“這是一本真正出色的書籍-技術豐富且寫得很好。”
—Warwick Ford

“Ed再次做到了，揭開了圍繞電腦安全的許多技術方面的神秘面紗！”
—Harlan Carvey, CISSP

“這本書既有趣又有教育意義，同時讓您感到害怕。幸運的是，它還告訴您如何保護自己，但也讓您意識到這將是一場永久的間諜對間諜的鬥爭。”
—Radia Perlman, Sun Microsystems的杰出工程師

將系統的控制權從未知的攻擊者手中拿回來

在今天日益惡劣的計算環境中，忽視惡意軟件的威脅是您可以做的最魯莽的事情之一。惡意軟件是植入您的計算機上的惡意代碼，它可以給攻擊者帶來令人震驚的系統、網絡和數據控制權，而您卻毫不知情！由計算機安全專家Edward Skoudis編寫的惡意軟件：對抗惡意代碼針對計算機專業人士和精明的家用用戶，涵蓋了您需要了解的有關惡意軟件的一切，以及如何擊敗它！

本書將一整章節用於介紹每種類型的惡意軟件-病毒、蠕蟲、通過Web瀏覽器和電子郵件客戶端傳遞的惡意代碼、後門、特洛伊木馬、用戶級RootKits和核級操作。您將了解每種攻擊的特徵和方法、演化趨勢以及如何防禦每種攻擊。實際的惡意軟件攻擊示例幫助您將思想轉化為行動，而特殊的防禦者工具箱章節則展示了如何建立自己的廉價代碼分析實驗室，以自行調查新的惡意軟件樣本。在整個過程中，Skoudis的清晰、引人入勝的風格使材料易於理解和學習。本書包括：

• 涵蓋UNIX®和Windows®的解決方案和示例
  


• 實用、經過時間考驗的真實世界行動，可用於保護您的系統
  


• 構建自己的廉價惡意代碼分析實驗室的指南，以便無害地熟悉攻擊和防禦工具！

惡意軟件：對抗惡意代碼適用於系統管理員、網絡人員、安全人員、精明的家用電腦用戶以及任何其他希望保護系統免受攻擊的人。

目錄

前言。
致謝。
1. 簡介。

定義問題。為什麼惡意代碼如此普遍？惡意代碼的類型。惡意代碼的歷史。為什麼選擇這本書？期望什麼。參考文獻。

2. 病毒。

計算機病毒的早期歷史。感染機制和目標。病毒傳播機制。防禦病毒。惡意軟件的自我保護技術。結論。摘要。參考文獻。

3. 蠕蟲。

為什麼有蠕蟲？蠕蟲的簡要歷史。蠕蟲組件。蠕蟲傳播的障礙。即將到來的超級蠕蟲。更大不一定更好：非超級蠕蟲。蠕蟲防禦。C```