DOCSLIB.ORG

Paul Collins Status Name/Startup Item Command Comments X System32

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Paul Collins Status Name/Startup Item Command Comments X System32 SYSINFO.ORG STARTUP LIST : 11th June 2006 (c) Paul Collins Status Name/Startup Item Command Comments X system32.exe Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field X pathex.exe Added by the MKMOOSE-A WORM! X svchost.exe Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder X SystemBoot services.exe Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder X WinCheck services.exe Added by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft" subfolder of the Windows or Winnt folder X Windows services.exe Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder X WinStart services.exe Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection WizardStatus subfolder of the Windows or Winnt folder X winsystem.sys smss.exe Added by the SOBER.K TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagentwin32 subfolder of the Winnt or Windows folder Y !1_pgaccount pgaccount.exe DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly Y !1_ProcessGuard_Startup procguard.exe DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks N !NoLoad winrecon.exe WinRecon - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it ? $EnterNet Enternet.exe Connection manager for the EnterNet ISP. You can also use RASPPOE X $sys$cmp $sys$xp.exe Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer X $sys$crash $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! X $sys$crash $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! X $sys$crash $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! X $sys$drv $sys$drv.exe Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer X $sys$momomomochin $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! X $sys$momomomochin $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! X $sys$momomomochin $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! X $sys$umaiyo $sys$sonyTimer.exe Added by the WELOMOCH TROJAN! X $sys$umaiyo $sys$sos$sys$.exe Added by the WELOMOCH TROJAN! X $sys$umaiyo $sys$WeLoveMcCOL.exe Added by the WELOMOCH TROJAN! X $WindowsRegKey%update IEXPLORE.EXE Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder N %cmpmixtitle% %cmpmixstr% Possibly related to C-Media Mixer Control panel? N %FP%012-L2TP fts.exe fts.exe 012.Net.il Israeli ISP software front-end U %FP%012-L2TP FWPortal.exe FWPortal.exe 012.Net.il Israeli ISP dial-up software N %FP%1776 Internet fts.exe fts.exe 1776 Internet US ISP software ISP software front-end U %FP%1776 Internet FWPortal.exe FWPortal.exe 1776 Internet US ISP dial-up software N %FP%Barak013 fts.exe fts.exe Barak013 Israeli ISP software front-end U %FP%Barak013 FWPortal.exe FWPortal.exe Barak013 Israeli ISP dial-up software N %FP%Friendly fts.exe fts.exe Friendly ISP software front-end X (*)API Machine winSOCKS.exe Homepage hijacker, see here (* = any digit) X (*)Run win32API.exe Homepage hijacker, see here (* = any digit) X (default) [random filename].exe Added by the BLACKMAL WORM! X (default) rundll32.exe [path] Zykheptd.dll Added by the HESIVE.B TROJAN! X (L4r1$$4) (4nt1) (V1ruz) SP00Lsv32.pif Added by the ASSIRAL.B WORM! U )Start Service upssrv.exe Cyber Power PowerPanelPlus software. "In the event of a power outage, PowerPanelPlus Software automatically saves and closes all open files, and then shuts down the computer system in an intelligent and orderly manner" X *JanisRuckenbrodII janis.com Added by the POPS WORM! X *Microsoft Update ctxma.exe Added by the STMU TROJAN! X *Microsoft Update cxma.exe Added by the STMU TROJAN! X *Microsoft Update wstcl.exe Added by the STMU TROJAN! X *Microsoft Update wucxt.exe Added by the STMU TROJAN! X *Microsoft Update wuytc.exe Added by the STMU TROJAN! X *MS Setup [random filename] Virtumondo adware, also known as the VUNDO TROJAN! X *Security Center secctr.exe Added by the SDBOT.BRO WORM! Y *StateMgr statemgr.exe Windows ME default for System Restore. Do NOT disable! X *windows update wrauclt.exe Added by the RBOT-QU WORM! X *windows update wuanclt.exe Added by the RBOT-PG WORM! X *windows update wuaucrlt.exe Added by the SPYBOT.HUR WORM! X *windows update wuraclt.exe Added by the RBOT-PO WORM! X *windows update wurauclt.exe Added by the RBOT-SY WORM! X *windows update wsctl.exe Added by the SPYBOT.PR WORM! X *windows update wkmst.exe Added by the SDBOT.AVD WORM! X *windows update wscxt.exe Added by the RBOT.AOS WORM! X *windows update waurclt.exe Added by a variant of the RBOT WORM! X *Windows [filename] Checker [filename] Added by the KEDEBE-B WORM! X *WindowsAudio systemupd.exe Added by the AGENT-TH WORM! X *WinLogon [trojan path] ren time:[random number]Added by the VUNDO TROJAN! X *winstats winstats.exe Added by the GARGAFX TROJAN! X *wuauclt.exe w****.exe [* = random char] Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... X ,main drive Loader wininfo.exe Suspected malware as it appears in 3 different registry locations - see here X .mscdr lassa.exe Added by the WEBUS.C TROJAN! X .mscdr lsvchost.exe Added by the WEBUS.D TROJAN! X .mscdsr lsvchost.exe Added by the CR TROJAN! X .mscsbl svhost.exe Added by the CMQ TROJAN! X .msfupdate msveup.exe Added by the ALLOCUP.A WORM! X .mssecure mssecure.exe Added by the DDOS_BOXED.X TROJAN! ? .NET config sysmon32.exe ?? X .norton rchost.exe Added by a variant of the BOXED-A TROJAN! X .nvsvc smss.exe Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup! X .Prog services.exe Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup! X .Prog winlogon.exe Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! X .svchost CSRSS.EXE Added by the WEBUS.F TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder X .TEXTCONV csrss.exe Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup! X .TEXTCONV lsass.exe Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder X .WMAudio csrss.exe Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup! X .WMAudio lsass.exe Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder N /l:eng N/A Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup.
Load more

Recommended publications
  • Statistical Structures: Fingerprinting Malware for Classification and Analysis
    Statistical Structures: Fingerprinting Malware for Classification and Analysis Daniel Bilar Wellesley College (Wellesley, MA) Colby College (Waterville, ME) bilar <at> alum dot dartmouth dot org Why Structural Fingerprinting? Goal: Identifying and classifying malware Problem: For any single fingerprint, balance between over-fitting (type II error) and under- fitting (type I error) hard to achieve Approach: View binaries simultaneously from different structural perspectives and perform statistical analysis on these ‘structural fingerprints’ Different Perspectives Idea: Multiple perspectives may increase likelihood of correct identification and classification Structural Description Statistical static / Perspective Fingerprint dynamic? Assembly Count different Opcode Primarily instruction instructions frequency static distribution Win 32 API Observe API calls API call vector Primarily call made dynamic System Explore graph- Graph structural Primarily Dependence modeled control and properties static Graph data dependencies Fingerprint: Opcode frequency distribution Synopsis: Statically disassemble the binary, tabulate the opcode frequencies and construct a statistical fingerprint with a subset of said opcodes. Goal: Compare opcode fingerprint across non- malicious software and malware classes for quick identification and classification purposes. Main result: ‘Rare’ opcodes explain more data variation then common ones Goodware: Opcode Distribution 1, 2 ---------.exe Procedure: -------.exe 1. Inventoried PEs (EXE, DLL, ---------.exe etc) on XP box with Advanced Disk Catalog 2. Chose random EXE samples size: 122880 with MS Excel and Index totalopcodes: 10680 3, 4 your Files compiler: MS Visual C++ 6.0 3. Ran IDA with modified class: utility (process) InstructionCounter plugin on sample PEs 0001. 002145 20.08% mov 4. Augmented IDA output files 0002. 001859 17.41% push with PEID results (compiler) 0003. 000760 7.12% call and general ‘functionality 0004.
    [Show full text]
  • Cisco VPN Client Administrator Guide Release 5.0 April 2010
    Cisco VPN Client Administrator Guide Release 5.0 April 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-5492-02 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • N2N: a Layer Two Peer-To-Peer VPN
    N2N: A Layer Two Peer-to-Peer VPN Luca Deri1, Richard Andrews2 ntop.org, Pisa, Italy1 Symstream Technologies, Melbourne, Australia2 {deri, andrews}@ntop.org Abstract. The Internet was originally designed as a flat data network delivering a multitude of protocols and services between equal peers. Currently, after an explosive growth fostered by enormous and heterogeneous economic interests, it has become a constrained network severely enforcing client-server communication where addressing plans, packet routing, security policies and users’ reachability are almost entirely managed and limited by access providers. From the user’s perspective, the Internet is not an open transport system, but rather a telephony-like communication medium for content consumption. This paper describes the design and implementation of a new type of peer-to- peer virtual private network that can allow users to overcome some of these limitations. N2N users can create and manage their own secure and geographically distributed overlay network without the need for central administration, typical of most virtual private network systems. Keywords: Virtual private network, peer-to-peer, network overlay. 1. Motivation and Scope of Work Irony pervades many pages of history, and computing history is no exception. Once personal computing had won the market battle against mainframe-based computing, the commercial evolution of the Internet in the nineties stepped the computing world back to a substantially rigid client-server scheme. While it is true that the today’s Internet serves as a good transport system for supplying a plethora of data interchange services, virtually all of them are delivered by a client-server model, whether they are centralised or distributed, pay-per-use or virtually free [1].
    [Show full text]
  • “Napster” Is Released (At Northeastern University) • 04/04/00
    • 03/07/97 - “Hotline” is released • 09/09/99 - “Napster” is released (at NorthEastern University) • 04/04/00 - “Gnutella 0.56” is released • 01/04/00 - “Napster” reaches 10 million downloads, but still has no revenue • 01/05/00 - Cable internet provider threaten to discontinue contracts with users that use “Napster” • 01/05/00 - Universal and Sony start to develop “Duet”, a “Napster” clone to be released 4/01 • 01/08/00 - AT&T start to develop “Publius”, a P2P network publishing system • 03/08/00 - Intel, HP and IBM create the “P2P Working Group” • 16/11/00 - Bertelsmann buys Napster; invests millions • 08/12/00 - Sun says it is working on a Java Peer-to-Peer platform • 18/01/01 - Microsoft initiates “Farsite” (“Federated, Available and Reliable Storage for an Incompletely Trusted Environment”) project [email protected] 24.1.01/UBIComp 1/44 • Background Etzard Stolte – History: P2P Networking IKS Group/ETH – A P2P Definition [email protected] – Merging technologies • What is out there? – File Sharing – Distributed Computing – Instant Messaging – Collaboration – Web Services • Summary • Discussion – Will P2P remain? – Will P2P be a profitable business concept? [email protected] 24.1.01/UBIComp 2/44 • Peer-to-Peer (P2P) has a specific meaning in many fields, e.g. – Literature (e.g. P2P review) – Psychology (e.g. counceling) – Education e.g. (peer groups) • In computer science P2P used to describe – A small network without dedicated server – Files and peripherals are shared – Some access control • What are then these P2P tools my younger sister talks about? – Isn’t the internet just a peer-to-peer network (e.g.
    [Show full text]
  • Blaster® CD-RW 4224
    Blaster ® CD-RW 4224 CD-RW The Smart Way to Create CDs Blaster® CD-RW 4224 lets you do it all – distribute large graphics and database files with clients, send copies of your vacation photos to friends and family, put all your favorite songs on one CD, or share the latest independent MP3 music with your friends. With easy-to-use software, simply drag-and-drop your files to a blank CD or copy the whole disc, and you're ready to go. Store up to 650MB of data or over 74 minutes of audio on each CD, write CD-Rs at 4X and CD-RWs at 2X speeds, and read CD-ROMs at up to 24X. Blaster CD-RW looks, installs, and works like a CD-ROM, so not only can you create CDs, you can play audio CDs, run popular applications, or read other CD-R and CD-RW discs. For the smart way to create CDs that you can use everywhere, Blaster CD-RW is the only answer. • Record and copy data directly to discs • Back-up and archive important CDs • Create music and MP3 compilations • Distribute and share files Specifications Features Creative® CD-RW 4224 Drive Record and copy data directly to discs • Maximum CD-ROM data transfer rate of Moving your data to a CD is just a click away ® 3,600KB/second (24X) with Blaster CD-RW. Copy a complete CD or 4224 select only the files you want to record, and • Maximum CD-RW data read transfer Blaster CD-RW does the rest.
    [Show full text]
  • Chapter 3: Processes
    Chapter 3: Processes Operating System Concepts – 9th Edition Silberschatz, Galvin and Gagne ©2013 Chapter 3: Processes Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication in Client-Server Systems Operating System Concepts – 9th Edition 3.2 Silberschatz, Galvin and Gagne ©2013 Objectives To introduce the notion of a process -- a program in execution, which forms the basis of all computation To describe the various features of processes, including scheduling, creation and termination, and communication To explore interprocess communication using shared memory and message passing To describe communication in client-server systems Operating System Concepts – 9th Edition 3.3 Silberschatz, Galvin and Gagne ©2013 Process Concept An operating system executes a variety of programs: Batch system – jobs Time-shared systems – user programs or tasks Textbook uses the terms job and process almost interchangeably Process – a program in execution; process execution must progress in sequential fashion Multiple parts The program code, also called text section Current activity including program counter, processor registers Stack containing temporary data Function parameters, return addresses, local variables Data section containing global variables Heap containing memory dynamically allocated during run time Operating System Concepts – 9th Edition 3.4 Silberschatz, Galvin and Gagne ©2013 Process Concept (Cont.) Program is passive entity stored on disk (executable
    [Show full text]
  • The Botnet Chronicles a Journey to Infamy
    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
    [Show full text]
  • Directory Opus 6 Kurzanleitung
    Directory Opus 6 für Windows Anleitung Copyright © 2007 HAAGE & PARTNER Computer GmbH, Deutschland Seite 1 von 58 Directory Opus 6 für Windows Anleitung Inhalt 1. Willkommen....................................................................................................................3 2. Die Installation ...............................................................................................................5 2.1. Voraussetzungen ......................................................................................................5 2.2. Installieren von Directory Opus 6 ..............................................................................5 2.3. Online-Registrierung .................................................................................................6 2.4. Der erste Start...........................................................................................................7 3. Einführung und Übersicht...........................................................................................10 3.1. Die Komponenten von Directory Opus....................................................................10 3.2. Grundlegende Konzepte: Wie Opus arbeitet...........................................................12 4. Erste Schritte ...............................................................................................................16 5. Einstellungen ...............................................................................................................19 5.1. Einstellungen...........................................................................................................19
    [Show full text]
  • Common Threats to Cyber Security Part 1 of 2
    Common Threats to Cyber Security Part 1 of 2 Table of Contents Malware .......................................................................................................................................... 2 Viruses ............................................................................................................................................. 3 Worms ............................................................................................................................................. 4 Downloaders ................................................................................................................................... 6 Attack Scripts .................................................................................................................................. 8 Botnet ........................................................................................................................................... 10 IRCBotnet Example ....................................................................................................................... 12 Trojans (Backdoor) ........................................................................................................................ 14 Denial of Service ........................................................................................................................... 18 Rootkits ......................................................................................................................................... 20 Notices .........................................................................................................................................
    [Show full text]
  • Unix / Linux Processes Management
    UUNNIIXX // LLIINNUUXX -- PPRROOCCEESSSSEESS MMAANNAAGGEEMMEENNTT http://www.tutorialspoint.com/unix/unix-processes.htm Copyright © tutorialspoint.com Advertisements In this chapter, we will discuss in detail about process management in Unix. When you execute a program on your Unix system, the system creates a special environment for that program. This environment contains everything needed for the system to run the program as if no other program were running on the system. Whenever you issue a command in Unix, it creates, or starts, a new process. When you tried out the ls command to list the directory contents, you started a process. A process, in simple terms, is an instance of a running program. The operating system tracks processes through a five-digit ID number known as the pid or the process ID. Each process in the system has a unique pid. Pids eventually repeat because all the possible numbers are used up and the next pid rolls or starts over. At any point of time, no two processes with the same pid exist in the system because it is the pid that Unix uses to track each process. Starting a Process When you start a process (run a command), there are two ways you can run it − Foreground Processes Background Processes Foreground Processes By default, every process that you start runs in the foreground. It gets its input from the keyboard and sends its output to the screen. You can see this happen with the ls command. If you wish to list all the files in your current directory, you can use the following command − $ls ch*.doc This would display all the files, the names of which start with ch and end with .doc − ch01-1.doc ch010.doc ch02.doc ch03-2.doc ch04-1.doc ch040.doc ch05.doc ch06-2.doc ch01-2.doc ch02-1.doc The process runs in the foreground, the output is directed to my screen, and if the ls command wants any input (which it does not), it waits for it from the keyboard.
    [Show full text]
  • Computer Viruses, in Order to Detect Them
    Behaviour-based Virus Analysis and Detection PhD Thesis Sulaiman Amro Al amro This thesis is submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy Software Technology Research Laboratory Faculty of Technology De Montfort University May 2013 DEDICATION To my beloved parents This thesis is dedicated to my Father who has been my supportive, motivated, inspired guide throughout my life, and who has spent every minute of his life teaching and guiding me and my brothers and sisters how to live and be successful. To my Mother for her support and endless love, daily prayers, and for her encouragement and everything she has sacrificed for us. To my Sisters and Brothers for their support, prayers and encouragements throughout my entire life. To my beloved Family, My Wife for her support and patience throughout my PhD, and my little boy Amro who has changed my life and relieves my tiredness and stress every single day. I | P a g e ABSTRACT Every day, the growing number of viruses causes major damage to computer systems, which many antivirus products have been developed to protect. Regrettably, existing antivirus products do not provide a full solution to the problems associated with viruses. One of the main reasons for this is that these products typically use signature-based detection, so that the rapid growth in the number of viruses means that many signatures have to be added to their signature databases each day. These signatures then have to be stored in the computer system, where they consume increasing memory space. Moreover, the large database will also affect the speed of searching for signatures, and, hence, affect the performance of the system.
    [Show full text]
  • Network Defense Tools: Perimeter and Internal Defenses This Lecture
    CS 155 Spring 2006 Perimeter and Internal Defenses Network Defense Tools: Commonly deployed defenses Firewalls, Traffic shapers, and Perimeter defenses – Firewall, IDS Protect local area network and hosts Intrusion Detection Keep external threats from internal network Internal defenses – Virus scanning Protect hosts from threats that get through the perimeter defenses John Mitchell Extend the “perimeter” –VPN Common practices, but could be improved Internal threats are significant Unhappy employees Compromised hosts 2 This lecture Basic Firewall Concept Standard perimeter defense mechanisms Separate local area net from internet Firewall Packet filter (stateless, stateful) Application layer proxies Firewall Traffic shaping Intrusion detection Local network Internet Anomaly and misuse detection Methods applicable to network or host Router Future lectures Virus and malware Worm propagation and detection All packets between LAN and internet routed through firewall 3 4 Firewall goals Two Separable Topics Prevent malicious attacks on hosts Arrangement of firewall and routers Port sweeps, ICMP echo to broadcast addr, syn flooding, … Several different network configurations Worm propagation Separate internal LAN from external Internet Exploit buffer overflow in program listening on network Wall off subnetwork within an organization Prevent general disruption of internal network Intermediate zone for web server, etc. External SMNP packets Personal firewall on end-user machine Provide defense in depth How the firewall
    [Show full text]