DOCSLIB.ORG

Combating Spyware in the Enterprise.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

www.dbebooks.com - Free Books & magazines Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you will find an assortment of value-added features such as free e-booklets related to the topic of this book, URLs of related Web site, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE EBOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These eBooks are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our ebooks onto servers in corporations, educational institutions, and large organizations. Contact us at [email protected] for more information. CUSTOM PUBLISHING Many organizations welcome the ability to combine parts of multiple Syngress books, as well as their own content, into a single volume for their own internal use. Contact us at [email protected] for more information. Combating Spyware in the Enterprise Brian Baskin Ken Caruso Tony Bradley Paul Piccard Jeremy Faircloth Lance James Craig A. Schiller Tony Piltzecker Technical Editor Acknowledgments Syngress would like to acknowledge the following people for their kindness and sup- port in making this book possible. Syngress books are now distributed in the United States and Canada by O’Reilly Media, Inc.The enthusiasm and work ethic at O’Reilly are incredible, and we would like to thank everyone there for their time and efforts to bring Syngress books to market:Tim O’Reilly, Laura Baldwin, Mark Brokering, Mike Leonard, Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol Matsutaro, Steve Hazelwood, Mark Wilson, Rick Brown,Tim Hinton, Kyle Hart, Sara Winge, Peter Pardo, Leslie Crandell, Regina Aggio Wilkinson, Pascal Honscher, Preston Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue Willing, Mark Jacobsen, Betsy Waliszewski, Kathryn Barrett, John Chodacki, Rob Bullington, Kerry Beck, and Karen Montgomery. The incredibly hardworking team at Elsevier Science, including Jonathan Bunkell, Ian Seager, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, Emma Wyatt, Chris Hossack, Krista Leppiko, Marcel Koppes, Judy Chappell, Radek Janousek, and Chris Reinders for making certain that our vision remains worldwide in scope. David Buckland, Marie Chieng, Lucy Chong, Leslie Lim,Audrey Gan, Pang Ai Hua, Joseph Chan, and Siti Zuraidah Ahmad of STP Distributors for the enthusiasm with which they receive our books. David Scott, Tricia Wilden, Marilla Burgess, Annette Scott, Andrew Swaffer, Stephen O’Donoghue, Bec Lowe, Mark Langley, and Anyo Geddes of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji,Tonga,Solomon Islands, and the Cook Islands. v Technical Editor Tony Piltzecker (CISSP,MCSE, CCNA, CCVP,Check Point CCSA, Citrix CCA), author and technical editor of Syngress Publishing’s MCSE Exam 70-296 Study Guide and DVD Training System, is a Consulting Engineer for Networked Information Systems in Woburn, MA. He is also a contributor to How to Cheat at Managing Microsoft Operations Manager 2005 (Syngress, ISBN: 1597492515). Tony’s specialties include network security design, Microsoft operating system and applications architecture, as well as Cisco IP Telephony implementations.Tony’s background includes positions as IT Manager for SynQor Inc., Network Architect for Planning Systems, Inc., and Senior Networking Consultant with Integrated Information Systems.Along with his various certifications,Tony holds a bachelor’s degree in Business Administration.Tony currently resides in Leominster, MA, with his wife, Melanie, and his daugh- ters, Kaitlyn and Noelle. Contributors Brian Baskin (MCP,CTT+) is a researcher and developer for Computer Sciences Corporation. In his work he researches, develops, and instructs computer forensic techniques for members of the government, military, and law enforcement. Brian currently spe- cializes in Linux/Solaris intrusion investigations, as well as in-depth analysis of various network protocols. He also has a penchant for penetration testing and is currently developing and teaching basic vii exploitation techniques for clients. Brian has been developing and instructing computer security courses since 2000, including presen- tations and training courses at the annual Department of Defense Cyber Crime Conference. He is an avid amateur programmer in many languages, beginning when his father purchased QuickC for him when he was 11, and has geared much of his life around the implementations of technology. He has also been an avid Linux user since 1994, and he enjoys a relaxing terminal screen whenever he can. He has worked in networking environments for many years from small Novell networks to large Windows-based networks for a number of the largest stock exchanges in the United States. Brian would like to thank his wife and family for their con- tinued support and motivation, as well as his friends and others who have helped him along the way: j0hnny Long, Grumpy Andy, En”Ron”,“Ranta, Don”,Thane,“Pappy”,“M”, Steve O.,Al Evans, Chris pwnbbq, Koko, and others whom he may have forgotten. Most importantly, Brian would like to thank his parents for their continuous faith and sacrifice to help him achieve his dreams. Brian wrote Chapter 5 (Solutions for the End User) and Chapter 6 (Forensic Detection and Removal) Tony Bradley (CISSP-ISSAP,MCSE, MCSA,A+) is a Fortune 100 security architect and consultant with more than eight years of computer networking and administration experience, focusing the last four years on security.Tony provides design, implementation, and management of security solutions for many Fortune 500 enter- prise networks.Tony is also the writer and editor of the About.com site for Internet/Network Security and writes frequently for many technical publications and Web sites. I want to thank my Sunshine for everything she has done for me, and everything she does for me and for our family each day. She is the glue that holds us together and the engine that drives us forward. I also want to thank Erin Heffernan and Jaime Quigley for their patience and support as I worked to complete my contribu- viii tions to this book. Lastly, I want to thank Syngress for inviting me to participate on this project. Tony wrote Chapter 1 (An Overview of Spyware) and Chapter 2 (The Transformation of Spyware) Jeremy Faircloth (Security+, CCNA, MCSE, MCP+I,A+, etc.) is an IT Manager for EchoStar Satellite L.L.C., where he and his team architect and maintain enterprisewide client/server and Web-based technologies. He also acts as a technical resource for other IT pro- fessionals, using his expertise to help others expand their knowledge. As a systems engineer with over 13 years of real-world IT experi- ence, he has become an expert in many areas, including Web devel- opment, database administration, enterprise security, network design, and project management. Jeremy has contributed to several Syngress books, including Microsoft Log Parser Toolkit (Syngress, ISBN: 1932266526), Managing and Securing a Cisco SWAN (ISBN: 1- 932266-91-7), C# for Java Programmers (ISBN: 1-931836-54-X), Snort 2.0 Intrusion Detection (ISBN: 1-931836-74-4), and Security+ Study Guide & DVD Training System (ISBN: 1-931836-72-8). Jeremy wrote Chapter 3 (Spyware and the Enterprise Network) Craig A. Schiller (CISSP-ISSMP,ISSAP) is the President of Hawkeye Security Training, LLC. He is the primary author of the first Generally Accepted System Security Principles. He was a coau- thor of several editions of the Handbook of Information Security Management and a contributing author to Data Security Management. Craig is also a contributor to Winternals Defragmentation, Recovery, and Administration Field Guide (Syngress, ISBN: 1597490792). Craig has cofounded two ISSA U.S. regional chapters: the Central Plains Chapter and the Texas Gulf Coast Chapter. He is a member of the Police Reserve Specialists unit of the Hillsboro Police Department in Oregon. He leads the unit’s Police-to-Business-High-Tech speakers’ initiative and assists with Internet forensics. ix Craig wrote Chapter 4 (Real SPYware—Crime, Economic Espionage, and Espionage) Ken Caruso is a Senior Systems Engineer for Serials Solutions, a Pro Quest company. Serials Solutions empowers librarians and enables their patrons by helping them get the most value out of their electronic serials. Ken plays a key role in the design and engi- neering of mission-critical customer-facing systems and networks. Previous
Recommended publications
  • A the Hacker

    A the Hacker

    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
  • Symantec Report on Rogue Security Software July 08 – June 09

    Symantec Report on Rogue Security Software July 08 – June 09

    REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: Symantec Report on Rogue Security Software July 08 – June 09 Published October 2009 Confidence in a connected world. White Paper: Symantec Enterprise Security Symantec Report on Rogue Security Software July 08 – June 09 Contents Introduction . 1 Overview of Rogue Security Software. 2 Risks . 4 Advertising methods . 7 Installation techniques . 9 Legal actions and noteworthy scam convictions . 14 Prevalence of Rogue Security Software . 17 Top reported rogue security software. 17 Additional noteworthy rogue security software samples . 25 Top rogue security software by region . 28 Top rogue security software installation methods . 29 Top rogue security software advertising methods . 30 Analysis of Rogue Security Software Distribution . 32 Analysis of Rogue Security Software Servers . 36 Appendix A: Protection and Mitigation. 45 Appendix B: Methodologies. 48 Credits . 50 Symantec Report on Rogue Security Software July 08 – June 09 Introduction The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. This includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors. It includes a brief discussion of some of the more noteworthy scams, as well as an analysis of the prevalence of rogue security software globally. It also includes a discussion on a number of servers that Symantec observed hosting these misleading applications. Except where otherwise noted, the period of observation for this report was from July 1, 2008, to June 30, 2009. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network.
  • 2 | 2013 2 | Volume Issue ISSN 2190-3387 Law

    2 | 2013 2 | Volume Issue ISSN 2190-3387 Law

    2 | 2013 Volume 4 (2013) Issue 2 ISSN 2190-3387 Law and Electronic Commerce Information Technology, Intellectual Property, Journal of Articles Online Sexual Harassment: Issues & Solutions by Mohamed Chawki, Yassin el Shazly Breathing Space for Cloud-Based Business Models: Exploring the Matrix of Copyright Limitations, Safe Harbours and Injunctions by Martin Senftleben A Model Framework for publishing Grey Literature in Open Access by Matěj Myška, Jaromír Šavelka Injunctions against innocent Third Parties: The Case of Website Blocking by Martin Husovec Evaluation of the Role of Access Providers Discussion of Dutch Pirate Bay Case Law and Introducing Principles on Directness, Effectiveness, Costs, Relevance and Time by Arno R. Lodder, Nicole S. van der Meule Das Verhältnis zwischen Urheberrecht und Wissenschaft: Auf die Perspektive kommt es an! by Alexander Peukert Editors: Thomas Dreier Axel Metzger Gerald Spindler Lucie Guibault Miquel Peguera Journal of Intellectual Property, Information Technology and Table Of Contents Electronic Commerce Law Volume 4 Issue 2, August 2013 Articles www.jipitec.eu [email protected] Online Sexual Harassment: Issues & Solutions A joint publication of: by Mohamed Chawki, Yassin el Shazly 71 Prof. Dr. Thomas Dreier, M. C. J., Karlsruhe Institute of Technology, Vincenz-Prießnitz-Str. 3, Breathing Space for Cloud-Based Business Models: 76131 Karlsruhe Exploring the Matrix of Copyright Limitations, Safe Prof. Dr. Axel Metzger, LL. M., Harbours and Injunctions Exploring the Matrix of Institute for Legal Informatics,
  • Flow-Level Traffic Analysis of the Blaster and Sobig Worm Outbreaks in an Internet Backbone

    Flow-Level Traffic Analysis of the Blaster and Sobig Worm Outbreaks in an Internet Backbone

    Flow-Level Traffic Analysis of the Blaster and Sobig Worm Outbreaks in an Internet Backbone Thomas Dübendorfer, Arno Wagner, Theus Hossmann, Bernhard Plattner ETH Zurich, Switzerland [email protected] DIMVA 2005, Wien, Austria Agenda 1) Introduction 2) Flow-Level Backbone Traffic 3) Network Worm Blaster.A 4) E-Mail Worm Sobig.F 5) Conclusions and Outlook © T. Dübendorfer (2005), TIK/CSG, ETH Zurich -2- 1) Introduction Authors Prof. Dr. Bernhard Plattner Professor, ETH Zurich (since 1988) Head of the Communication Systems Group at the Computer Engineering and Networks Laboratory TIK Prorector of education at ETH Zurich (since 2005) Thomas Dübendorfer Dipl. Informatik-Ing., ETH Zurich, Switzerland (2001) ISC2 CISSP (Certified Information System Security Professional) (2003) PhD student at TIK, ETH Zurich (since 2001) Network security research in the context of the DDoSVax project at ETH Further authors: Arno Wagner, Theus Hossmann © T. Dübendorfer (2005), TIK/CSG, ETH Zurich -3- 1) Introduction Worm Analysis Why analyse Internet worms? • basis for research and development of: • worm detection methods • effective countermeasures • understand network impact of worms Wasn‘t this already done by anti-virus software vendors? • Anti-virus software works with host-centric signatures Research method used 1. Execute worm code in an Internet-like testbed and observe infections 2. Measure packet-level traffic and determine network-centric worm signatures on flow-level 3. Extensive analysis of flow-level traffic of the actual worm outbreaks captured in a Swiss backbone © T. Dübendorfer (2005), TIK/CSG, ETH Zurich -4- 1) Introduction Related Work Internet backbone worm analyses: • Many theoretical worm spreading models and simulations exist (e.g.
  • Managing the Performance Impact of Web Security

    Managing the Performance Impact of Web Security

    Electronic Commerce Research, 5: 99–116 (2005) 2005 Springer Science + Business Media, Inc. Manufactured in the Netherlands. Managing the Performance Impact of Web Security ADAM STUBBLEFIELD and AVIEL D. RUBIN Johns Hopkins University, USA DAN S. WALLACH Rice University, USA Abstract Security and performance are usually at odds with each other. Current implementations of security on the web have been adopted at the extreme end of the spectrum, where strong cryptographic protocols are employed at the expense of performance. The SSL protocol is not only computationally intensive, but it makes web caching impossible, thus missing out on potential performance gains. In this paper we discuss the requirements for web security and present a solution that takes into account performance impact and backwards compatibil- ity. Keywords: security, web performance scalability, Internet protocols 1. Introduction Security plays an important role in web transactions. Users need assurance about the au- thenticity of servers and the confidentiality of their private data. They also need to know that any authentication material (such as a password or credit card) they send to a server is only readable by that server. Servers want to believe that data they are sending to paying customers is not accessible to all. Security is not free, and in fact, on the web, it is particularly expensive. This paper focuses on managing the performance impact of web security. The current web security standard, SSL, has a number of problems from a performance perspective. Most obviously, the cryptographic operations employed by SSL are computationally expensive, especially for the web server. While this computational limitation is slowly being overcome by faster processors and custom accelerators, SSL also prevents the content it delivers from being cached.
  • Tomenet-Guide.Pdf

    Tomenet-Guide.Pdf

    .==========================================================================+−−. | TomeNET Guide | +==========================================================================+− | Latest update: 17. September 2021 − written by C. Blue ([email protected]) | | for TomeNET version v4.7.4b − official websites are: : | https://www.tomenet.eu/ (official main site, formerly www.tomenet.net) | https://muuttuja.org/tomenet/ (Mikael’s TomeNET site) | Runes & Runemastery sections by Kurzel ([email protected]) | | You should always keep this guide up to date: Either go to www.tomenet.eu | to obtain the latest copy or simply run the TomeNET−Updater.exe in your | TomeNET installation folder (desktop shortcut should also be available) | to update it. | | If your text editor cannot display the guide properly (needs fixed−width | font like for example Courier), simply open it in any web browser instead. +−−− | Welcome to this guide! | Although I’m trying, I give no guarantee that this guide | a) contains really every detail/issue about TomeNET and | b) is all the time 100% accurate on every occasion. | Don’t blame me if something differs or is missing; it shouldn’t though. | | If you have any suggestions about the guide or the game, please use the | /rfe command in the game or write to the official forum on www.tomenet.eu. : \ Contents −−−−−−−− (0) Quickstart (If you don’t like to read much :) (0.1) Start & play, character validation, character timeout (0.1a) Colours and colour blindness (0.1b) Photosensitivity / Epilepsy issues (0.2) Command reference
  • Malware to Crimeware

    Malware to Crimeware

    I have surveyed over a decade of advances in delivery of malware. Over this daVid dittRich period, attackers have shifted to using complex, multi-phase attacks based on malware to crimeware: subtle social engineering tactics, advanced how far have they cryptographic techniques to defeat takeover gone, and how do and analysis, and highly targeted attacks we catch up? that are intended to fly below the radar of current technical defenses. I will show how Dave Dittrich is an affiliate information malicious technology combined with social security researcher in the University of manipulation is used against us and con- Washington’s Applied Physics Laboratory. He focuses on advanced malware threats and clude that this understanding might even the ethical and legal framework for respond- ing to computer network attacks. help us design our own combination of [email protected] technical and social mechanisms to better protect us. And ye shall know the truth, and the truth shall make you free. The late 1990s saw the advent of distributed and John 8:32 coordinated computer network attack tools, which were primarily used for the electronic equivalent of fist fighting in the streets. It only took a few years for criminal activity—extortion, click fraud, denial of service for competitive advantage—to appear, followed by mass theft of personal and financial data through quieter, yet still widespread and auto- mated, keystroke logging. Despite what law-abid- ing citizens would desire, crime does pay, and pay well. Today, the financial gain from criminal enter- prise allows investment of large sums of money in developing tools and operational capabilities that are increasingly sophisticated and highly targeted.
  • F-Secure Anti-Virus for Microsoft Exchange

    F-Secure Anti-Virus for Microsoft Exchange

    F-Secure Anti-Virus for Microsoft Exchange Administrator’s Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice. Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of F-Secure Corporation. Copyright © 1993-2008 F-Secure Corporation. All rights reserved. Portions Copyright © 1991-2006 Kaspersky Lab. This product includes software developed by the Apache Software Foundation (http:// www.apache.org/). Copyright © 2000-2006 The Apache Software Foundation. All rights reserved. This product includes PHP, freely available from http://www.php.net/. Copyright © 1999-2006 The PHP Group. All rights reserved. This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file. All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the “Artistic License”.
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies

    Hacks, Leaks and Disruptions | Russian Cyber Strategies

    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
  • Direct Internet 3 User Manual for the Windows Operating Systems

    Direct Internet 3 User Manual for the Windows Operating Systems

    DIRECT INTERNET 3 User Manual for the Mac OS® Operating System Iridium Communications Inc. Rev. 2; October 29, 2010 Table of Contents 1 OVERVIEW ............................................................................................................................................1 2 HOW IT WORKS ....................................................................................................................................1 3 THE DIAL-UP CONNECTION ...............................................................................................................2 3.1 Connect ..........................................................................................................................................2 3.2 Disconnect .....................................................................................................................................5 4 DIRECT INTERNET 3 WEB ACCELERATOR ......................................................................................6 4.1 Launch ...........................................................................................................................................6 4.2 The User Interface Menu ...............................................................................................................7 4.3 Start and Stop ................................................................................................................................8 4.4 Statistics .........................................................................................................................................9
  • Computer Viruses, in Order to Detect Them

    Computer Viruses, in Order to Detect Them

    Behaviour-based Virus Analysis and Detection PhD Thesis Sulaiman Amro Al amro This thesis is submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy Software Technology Research Laboratory Faculty of Technology De Montfort University May 2013 DEDICATION To my beloved parents This thesis is dedicated to my Father who has been my supportive, motivated, inspired guide throughout my life, and who has spent every minute of his life teaching and guiding me and my brothers and sisters how to live and be successful. To my Mother for her support and endless love, daily prayers, and for her encouragement and everything she has sacrificed for us. To my Sisters and Brothers for their support, prayers and encouragements throughout my entire life. To my beloved Family, My Wife for her support and patience throughout my PhD, and my little boy Amro who has changed my life and relieves my tiredness and stress every single day. I | P a g e ABSTRACT Every day, the growing number of viruses causes major damage to computer systems, which many antivirus products have been developed to protect. Regrettably, existing antivirus products do not provide a full solution to the problems associated with viruses. One of the main reasons for this is that these products typically use signature-based detection, so that the rapid growth in the number of viruses means that many signatures have to be added to their signature databases each day. These signatures then have to be stored in the computer system, where they consume increasing memory space. Moreover, the large database will also affect the speed of searching for signatures, and, hence, affect the performance of the system.
  • Chapter 3: Viruses, Worms, and Blended Threats

    Chapter 3: Viruses, Worms, and Blended Threats

    Chapter 3 Chapter 3: Viruses, Worms, and Blended Threats.........................................................................46 Evolution of Viruses and Countermeasures...................................................................................46 The Early Days of Viruses.................................................................................................47 Beyond Annoyance: The Proliferation of Destructive Viruses .........................................48 Wiping Out Hard Drives—CIH Virus ...................................................................48 Virus Programming for the Masses 1: Macro Viruses...........................................48 Virus Programming for the Masses 2: Virus Generators.......................................50 Evolving Threats, Evolving Countermeasures ..................................................................51 Detecting Viruses...................................................................................................51 Radical Evolution—Polymorphic and Metamorphic Viruses ...............................53 Detecting Complex Viruses ...................................................................................55 State of Virus Detection.........................................................................................55 Trends in Virus Evolution..................................................................................................56 Worms and Vulnerabilities ............................................................................................................57