DOCSLIB.ORG

An Analytical Survey of Recent Worm Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.11, November 2011 99 An Analytical Survey of Recent Worm Attacks Vishrut Sharma Member of ACM, IEEE ABSTRACT In this paper, I’ve discussed the past and present of worms In this paper, I will present a broad overview of recent worm and related malicious code with special focus on worms attacks starting from the year 2000 through 2011. Some of the like Code Red, Nimda, Slammer, and Conficker. most ‘notorious’ worms were discovered during this period The following section presents the definition and including code red, slammer, and conficker. categories of a computer worm. Though this paper does not contain any original research, it is meant to provide malware researchers with well-documented information of some worms that caused havoc during the said period. After sifting through thousands of entries on virus 2. Definition and Type of Worms information repositories, I present, in this paper, only those that I considered novel in their approach, primarily from a technical In general, worm is a type of malware that can self- perspective. propagate and/or self-replicate over a network of As a summary to the paper, I have presented a broad overview of computers. Self-propagation means it can propagate trends that I extracted from this raw data and also focussed on through a network without human intervention. Self- the ever increasing destructive potential of worms. propagation is what makes a worm differ from a virus. A KEYWORDS virus, on the other hand, usually infects non-mobile files Worms, virus, recent attacks, self-propagating, malwares i.e. those files that when carried from one computer to another computer through a media, may propagate the virus attack thus making virus propagation very slow as 1. Introduction compared to worm. In recent years, many different categories of worms, based The outbreak of Morris worm in 1988 marked a new era on their programming and payloads, have been found. of self-replicating malware. In May, 2000, the Broadly, worms can be categorised as follows:- ILOVEYOU worm also known as VBS/Loveletter appeared and soon infected millions of computers • Email Worms worldwide. The worm came through e-mail with the • Instant Messaging Worms simple subject of "ILOVEYOU" and an attachment • Internet Worms "LOVE-LETTER-FOR-YOU.". The file extension was • IRC Worms hidden by default, leading unsuspecting users to think it • File-sharing Network Worms was a normal text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows • PDF Worms Address Book and with the user's sender address. It also made a number of malicious changes to the user's system. The following sections explain each of these types in This marked the beginning of an era of fast, self- detail. However, this is not a strict classification scheme. propagating, and self-replicating worms. Some worms, like Nimda, fall in two or more categories. In March 2001, cnet declared that 2001 would be “The Year of the Worm” [2]. They predicted that fast-moving, 2.1 Email Worms self-replicating code would become the weapon of choice Such worms spread via infected email messages. Any for those wanting to inflict widespread damage on the form of attachment or link in an email may contain a link Internet. As it turns out, 2001 saw a renaissance in worm to an infected website. In the first case activation starts creation. This culminated in the release of Nimda, an when the user clicks on the attachment while in the second incredibly sophisticated worm that made headlines case the activation starts when clicking the link in the worldwide [1]. email. The goal of this study was to enhance knowledge about Known methods to spread are: recent trends in worm development and attempt to predict - MS Outlook services future worm developments. In this paper, I present my - Direct connection to SMTP servers using their own findings about recent worms, their technical specifications, SMTP API etc. - Windows MAPI functions Manuscript received November 5, 2011 Manuscript revised November 20, 2011 100 IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.11, November 2011 Table 1: some infamous worms, date of their detection, category, and method of infection. [6], [7], [8] software prior to 2.0.11, Worm Date of which are vulnerable to Category Method of Infection Name Detection the PHPBB Viewtopic.PHP PHP Running the email Script Injection attachment received Vulnerability. VBS/Lo either accidentally or May 4, Email/IR Opens a back door and veletter intentionally will install 2000 C exploits the Microsoft @MM it to the local system, W32/IR Windows Plug and Play and also to all available Cbot.w August Internet/I Buffer Overflow drives. orm!M 16, 2005 RC Vulnerability (described W32/C Exploited Microsoft IIS S05- July 12, in Microsoft Security odeRed. Internet 5.0 IDQ path overflow 039 2001 Bulletin MS05-039) on f.worm vulnerability TCP port 445. Through email and W32/Ni A mass-mailing worm September Email/Inte exploiting various mda.ge that attempts to spread 18, 2001 rnet vulnerabilities present in n@MM through network shares Microsoft IIS Servers Win32. Email/File and lower security January Exploits vulnerability in Nyxem. -Sharing settings. On the third MSOutlook and Outlook 17, 2006 W32/Kl e Network day of every month it November Express & tries ez.gen Email attempts to rewrite files 9, 2001 executing itself when @MM with certain extensions you open or preview the with custom text. message. W32.R W32/S Exploited buffer ontokbr April 22, QLSla January Email A mass-mailing worm. Internet overflow vulnerability in o.AN@ 2006 mmer.w 25, 2003 Microsoft SQL Server. mm orm Spreads primarily Propagates via email through social W32/So Email/File (contains its own SMTP August networking sites as links big.f@ -sharing engine) and attempts to 19, 2003 to videos. When a user MM Network spread via accessible W32/K visits the website that is August 3, network shares. oobface Internet hosting the video, they W32/Ba January Spreads as email 2008 Email .worm are prompted to gle.gen 18, 2004 attachment. download a video codec A mass-mailing worm or other necessary W32.M that arrives as an January update, which is actually yDoom Email attachment with the file 26, 2004 a copy of the worm. @mm extension .bat, .cmd, .ex Exploits the MS08-067 e, .pif, .scr, or .zip. W32/C Microsoft Windows January A mass-mailing worm onficker Internet Server Service 13, 2009 that uses its own SMTP .worm vulnerability in order to W32/N engine to send itself to March 8, propagate. etsky.j Email the email addresses it 2004 Targets systems running @MM finds when scanning WinCC SCADA hard drives and mapped software. It spreads drives. utilizing CVE-2010- Attempts to exploit the W32.St July 13, 2568 which allows Internet vulnerability described uxnet 2010 arbitrary code execution in Microsoft Security W32/Sa via a crafted .lnk file. April 30, Bulletin MS04-011. It sser.wo Internet This has been noted to 2004 spreads by scanning the rm.a spread via removable randomly selected IP USB drives. addresses for vulnerable Attempts to spread using W32.M August systems. Internet the Remote Desktop Attempts to spread to orto 28, 2011 Perl/Sa Protocol. December Web servers running nty.wor Internet W32.D October Not 21, 2004 versions of the phpBB Not known m uqu 18, 2011 known 2.x bulletin board IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.11, November 2011 101 Attackers have been using email to propagate malicious (CIFS) protocol to gather information and compromise code from as early as 1987, the year when Christmas the target host. CIFS is an extension to Server Message Tree Trojan horse appeared. Malwares that use email to Block (SMB) protocol. Since this protocol was designed propagate are generally referred to as mailers. to allow small workgroups to share files in a trusted Unfortunately, these mailers are used even today. In fact, environment more emphasis was given to resource- in past few years these mailers have gained more sharing than security and this loophole is reflected in the popularity since email is the most efficient way for worm attacks. propagation of malicious codes in order to compromise a Some worms that made use of this are sizeable amount of hosts on the Internet. W32/Autorun.worm.g, W32/Mydoom.f@MM, Some worms that used this method for propagation in the W32/Pandem.worm,W32/Sobig.e@MM, etc. last 10 years are VBS/Loveletter@MM, W32/Pandem.worm, W32/Nimda.gen@MM, 2.6 PDF Worms W32/Mydoom.f@MM, etc. In 2001, a new exploit came into existence that used 2.2 Instant Messaging Worms Adobe Acrobat PDF format as a platform. However, it only worked under the full 'developer' version of Acrobat. Such worms spread via instant messaging applications The common Acrobat Reader program was not affected like by sending links to infected websites to everyone on by this worm. The worm operated as a VB script the local contact list. The only difference between these embedded within a PDF file [4]. Since 2001, the number and email worm is the way chosen to send the links. of such exploits has increased but fortunately no worm Some worms that used this method for propagation are has appeared yet. It seems that this category of worms is W32/YahLover.worm, W32/Sdbot.worm!im, etc. yet to unleash. As we can see in the above examples of worms, some 2.3 Internet Worms worms appear in different categories such as VBS/Loveletter@MM is both an IRC worm and an These worms scan all available network resources using Email worm.
Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
  • The Downadup Codex a Comprehensive Guide to the Threat’S Mechanics

    The Downadup Codex a Comprehensive Guide to the Threat’S Mechanics

    Security Response The Downadup Codex A comprehensive guide to the threat’s mechanics. Edition 2.0 Introduction Contents Introduction.............................................................1 Since its appearance in late-2008, the Downadup worm has become Editor’s Note............................................................5 one of the most wide-spread threats to hit the Internet for a number of Increase in exploit attempts against MS08-067.....6 years. A complex piece of malicious code, this threat was able to jump W32.Downadup infection statistics.........................8 certain network hurdles, hide in the shadows of network traffic, and New variants of W32.Downadup.B find new ways to propagate.........................................10 defend itself against attack with a deftness not often seen in today’s W32.Downadup and W32.Downadup.B threat landscape. Yet it contained few previously unseen features. What statistics................................................................12 set it apart was the sheer number of tricks it held up its sleeve. Peer-to-peer payload distribution...........................15 Geo-location, fingerprinting, and piracy...............17 It all started in late-October of 2008, we began to receive reports of A lock with no key..................................................19 Small improvements yield big returns..................21 targeted attacks taking advantage of an as-yet unknown vulnerability Attempts at smart network scanning...................23 in Window’s remote procedure call (RPC) service. Microsoft quickly Playing with Universal Plug and Play...................24 released an out-of-band security patch (MS08-067), going so far as to Locking itself out.................................................27 classify the update as “critical” for some operating systems—the high- A new Downadup variant?......................................29 Advanced crypto protection.................................30 est designation for a Microsoft Security Bulletin.
  • Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G

    Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G

    Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G. van Eeten, Delft University of Technology https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/asghari This paper is included in the Proceedings of the 24th USENIX Security Symposium August 12–14, 2015 • Washington, D.C. ISBN 978-1-939133-11-3 Open access to the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere and Michel J.G. van Eeten Delft University of Technology Abstract more sophisticated C&C mechanisms that are increas- ingly resilient against takeover attempts [30]. Research on botnet mitigation has focused predomi- In pale contrast to this wealth of work stands the lim- nantly on methods to technically disrupt the command- ited research into the other side of botnet mitigation: and-control infrastructure. Much less is known about the cleanup of the infected machines of end users. Af- effectiveness of large-scale efforts to clean up infected ter a botnet is successfully sinkholed, the bots or zom- machines. We analyze longitudinal data from the sink- bies basically remain waiting for the attackers to find hole of Conficker, one the largest botnets ever seen, to as- a way to reconnect to them, update their binaries and sess the impact of what has been emerging as a best prac- move the machines out of the sinkhole. This happens tice: national anti-botnet initiatives that support large- with some regularity. The recent sinkholing attempt of scale cleanup of end user machines.
  • The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
  • Computer Security CS 426 Lecture 15

    Computer Security CS 426 Lecture 15

    Computer Security CS 426 Lecture 15 Malwares CS426 Fall 2010/Lecture 15 1 Trapdoor • SttitittSecret entry point into a system – Specific user identifier or password that circumvents normal security procedures. • Commonlyyy used by developers – Could be included in a compiler. CS426 Fall 2010/Lecture 15 2 Logic Bomb • Embedded in legitimate programs • Activated when specified conditions met – E.g., presence/absence of some file; Particular date/time or particular user • When triggered, typically damages system – Modify/delete files/disks CS426 Fall 2010/Lecture 15 3 Examppgle of Logic Bomb • In 1982 , the Trans-Siber ian Pipe line inc iden t occurred. A KGB operative was to steal the plans fhititdtltditfor a sophisticated control system and its software from a Canadian firm, for use on their Siberi an pi peli ne. The CIA was tippe d o ff by documents in the Farewell Dossier and had the company itlibbithinsert a logic bomb in the program for sabotage purposes. This eventually resulted in "the most monu mental non-nu clear ex plosion and fire ever seen from space“. CS426 Fall 2010/Lecture 15 4 Trojan Horse • Program with an overt Example: Attacker: (expected) and covert effect Place the following file cp /bin/sh /tmp/.xxsh – Appears normal/expected chmod u+s,o+x /tmp/.xxsh – Covert effect violates security policy rm ./ls • User tricked into executing ls $* Trojan horse as /homes/victim/ls – Expects (and sees) overt behavior – Covert effect performed with • Victim user’s authorization ls CS426 Fall 2010/Lecture 15 5 Virus • Self-replicating
  • Iptrust Botnet / Malware Dictionary This List Shows the Most Common Botnet and Malware Variants Tracked by Iptrust

    Iptrust Botnet / Malware Dictionary This List Shows the Most Common Botnet and Malware Variants Tracked by Iptrust

    ipTrust Botnet / Malware Dictionary This list shows the most common botnet and malware variants tracked by ipTrust. This is not intended to be an exhaustive list, since new threat intelligence is always being added into our global Reputation Engine. NAME DESCRIPTION Conficker A/B Conficker A/B is a downloader worm that is used to propagate additional malware. The original malware it was after was rogue AV - but the army's current focus is undefined. At this point it has no other purpose but to spread. Propagation methods include a Microsoft server service vulnerability (MS08-067) - weakly protected network shares - and removable devices like USB keys. Once on a machine, it will attach itself to current processes such as explorer.exe and search for other vulnerable machines across the network. Using a list of passwords and actively searching for legitimate usernames - the ... Mariposa Mariposa was first observed in May 2009 as an emerging botnet. Since then it has infected an ever- growing number of systems; currently, in the millions. Mariposa works by installing itself in a hidden location on the compromised system and injecting code into the critical process ͞ĞdžƉůŽƌĞƌ͘ĞdžĞ͘͟/ƚŝƐknown to affect all modern Windows versions, editing the registry to allow it to automatically start upon login. Additionally, there is a guard that prevents deletion while running, and it automatically restarts upon crash/restart of explorer.exe. In essence, Mariposa opens a backdoor on the compromised computer, which grants full shell access to ... Unknown A botnet is designated 'unknown' when it is first being tracked, or before it is given a publicly- known common name.
  • Download Slides

    Download Slides

    Scott Wu Point in time cleaning vs. RTP MSRT vs. Microsoft Security Essentials Threat events & impacts More on MSRT / Security Essentials MSRT Microsoft Windows Malicious Software Removal Tool Deployed to Windows Update, etc. monthly since 2005 On-demand scan on prevalent malware Microsoft Security Essentials Full AV RTP Inception in Oct 2009 RTP is the solution One-off cleaner has its role Quiikck response Workaround Baseline ecosystem cleaning Industrypy response & collaboration Threat Events Worms (some are bots) have longer lifespans Rogues move on quicker MarMar 2010 2010 Apr Apr 2010 2010 May May 2010 2010 Jun Jun 2010 2010 Jul Jul 2010 2010 Aug Aug 2010 2010 1,237,15 FrethogFrethog 979,427 979,427 Frethog Frethog 880,246880,246 Frethog Frethog465,351 TaterfTaterf 5 1,237,155Taterf Taterf 797,935797,935 TaterfTaterf 451,561451,561 TaterfTaterf 497,582 497,582 Taterf Taterf 393,729393,729 Taterf Taterf447,849 FrethogFrethog 535,627535,627 AlureonAlureon 493,150 493,150 AlureonAlureon 436,566 436,566 RimecudRimecud 371,646 371,646 Alureon Alureon 308,673308,673 Alureon Alureon 441,722 RimecudRimecud 341,778341,778 FrethogFrethog 473,996473,996 BubnixBubnix 348,120 348,120 HamweqHamweq 289,603 289,603 Rimecud Rimecud289,629 289,629 Rimecud Rimecud318,041 AlureonAlureon 292,810 292,810 BubnixBubnix 471,243 471,243 RimecudRimecud 287,942287,942 ConfickerConficker 286,091286, 091 Hamwe Hamweqq 250,286250, 286 Conficker Conficker220,475220, 475 ConfickerConficker 237237,348, 348 RimecudRimecud 280280,440, 440 VobfusVobfus 251251,335, 335
  • Effective Malicious Features Extraction and Classification for Incident Handling Systems

    Effective Malicious Features Extraction and Classification for Incident Handling Systems

    EFFECTIVE MALICIOUS FEATURES EXTRACTION AND CLASSIFICATION FOR INCIDENT HANDLING SYSTEMS CHO CHO SAN UNIVERSITY OF COMPUTER STUDIES, YANGON OCTOBER, 2019 Effective Malicious Features Extraction and Classification for Incident Handling Systems Cho Cho San University of Computer Studies, Yangon A thesis submitted to the University of Computer Studies, Yangon in partial fulfillment of the requirements for the degree of Doctor of Philosophy October, 2019 Statement of Originality I hereby certify that the work embodied in this thesis is the result of original research and has not been submitted for a higher degree to any other University or Institution. …..…………………………… .…………........………………………… Date Cho Cho San ACKNOWLEDGEMENTS First of all, I would like to thank Hist Excellency, the Minister for the Ministry of Education, for providing full facilities support during the Ph.D. course at the University of Computer Studies, Yangon. Secondly, my profound gratitude goes to Dr. Mie Mie Thet Thwin, Rector of the University of Computer Studies, Yangon, for allowing me to develop this research and giving me general guidance during the period of my study. I would like to express my greatest pleasure and the deepest appreciation to my supervisor, Dr. Mie Mie Su Thwin, Professor, the University of Computer Studies, Yangon, for her excellent guidance, caring, patient supervision, and providing me with excellent ideas throughout the study of this thesis. I would also like to extend my special appreciation to Dr. Khine Moe Nwe, Professor and Course-coordinator of the Ph.D. 9th Batch, the University of Computer Studies, Yangon, for her useful comments, advice, and insight which are invaluable through the process of researching and writing this dissertation.
  • Chapter 3: Viruses, Worms, and Blended Threats

    Chapter 3: Viruses, Worms, and Blended Threats

    Chapter 3 Chapter 3: Viruses, Worms, and Blended Threats.........................................................................46 Evolution of Viruses and Countermeasures...................................................................................46 The Early Days of Viruses.................................................................................................47 Beyond Annoyance: The Proliferation of Destructive Viruses .........................................48 Wiping Out Hard Drives—CIH Virus ...................................................................48 Virus Programming for the Masses 1: Macro Viruses...........................................48 Virus Programming for the Masses 2: Virus Generators.......................................50 Evolving Threats, Evolving Countermeasures ..................................................................51 Detecting Viruses...................................................................................................51 Radical Evolution—Polymorphic and Metamorphic Viruses ...............................53 Detecting Complex Viruses ...................................................................................55 State of Virus Detection.........................................................................................55 Trends in Virus Evolution..................................................................................................56 Worms and Vulnerabilities ............................................................................................................57
  • Containing Conficker to Tame a Malware

    Containing Conficker to Tame a Malware

    &#4#5###4#(#%#5#6#%#5#&###,#'#(#7#5#+#&#8##9##:65#,-;/< Know Your Enemy: Containing Conficker To Tame A Malware The Honeynet Project http://honeynet.org Felix Leder, Tillmann Werner Last Modified: 30th March 2009 (rev1) The Conficker worm has infected several million computers since it first started spreading in late 2008 but attempts to mitigate Conficker have not yet proved very successful. In this paper we present several potential methods to repel Conficker. The approaches presented take advantage of the way Conficker patches infected systems, which can be used to remotely detect a compromised system. Furthermore, we demonstrate various methods to detect and remove Conficker locally and a potential vaccination tool is presented. Finally, the domain name generation mechanism for all three Conficker variants is discussed in detail and an overview of the potential for upcoming domain collisions in version .C is provided. Tools for all the ideas presented here are freely available for download from [9], including source code. !"#$%&'()*+&$(% The big years of wide-area network spreading worms were 2003 and 2004, the years of Blaster [1] and Sasser [2]. About four years later, in late 2008, we witnessed a similar worm that exploits the MS08-067 server service vulnerability in Windows [3]: Conficker. Like its forerunners, Conficker exploits a stack corruption vulnerability to introduce and execute shellcode on affected Windows systems, download a copy of itself, infect the host and continue spreading. SRI has published an excellent and detailed analysis of the malware [4]. The scope of this paper is different: we propose ideas on how to identify, mitigate and remove Conficker bots.
  • A Highly Immersive Approach to Teaching Reverse Engineering Golden G

    A Highly Immersive Approach to Teaching Reverse Engineering Golden G

    A Highly Immersive Approach to Teaching Reverse Engineering Golden G. Richard III Department of Computer Science University of New Orleans New Orleans, LA 70148 Email: [email protected] Abstract most operating systems courses, but for reverse engi- neering, the devil really is in the details. For example, While short training courses in reverse engineering are to understand an offensive technique like Shadow frequently offered at meetings like Blackhat and Walker [13], which relies on de-synchronization of the through training organizations such as SANS, there are data and instruction TLBs in Intel’s split-TLB design virtually no reverse engineering courses offered in aca- to hide code and data, it’s not enough to have seen a demia. This paper discusses possible reasons for this Powerpoint slide depicting the abstract functionality of situation, emphasizes the importance of teaching re- a TLB—that’s a good start, but both more details and verse engineering (and applied computer security edu- hands-on experience are needed. Furthermore, assem- cation in general), and presents the overall design of a bler language courses, if they exist at all as independ- semester-long course in reverse engineering malware, ent courses in a modern computing curriculum, tend to recently offered by the author at the University of New be much weaker than in the past, often emphasizing the Orleans. use of High Level Assembler (HLA) [4] and develop- 1 Introduction ment of toy applications. In many curricula, the as- sembler language course of old has been folded into the Reverse engineering of software involves detailed undergraduate architecture class.
  • Nusikaltimai Elektroninėje Erdvėje Ir Jų Tyrimo Metodikos Nikolaj Goranin Dalius Mažeika

    Nusikaltimai Elektroninėje Erdvėje Ir Jų Tyrimo Metodikos Nikolaj Goranin Dalius Mažeika

    Nikolaj Goranin Dalius Mažeika NUSIKALTIMAI elektroninėje erDvėje ir jų tyriMo MetoDikos Nikolaj Goranin Dalius Mažeika NUSIKALTIMAI ELEKTRONINĖJE ERDVĖJE IR JŲ TYRIMO METODIKOS MOKOMOJI KNYGA Projektas „Aukštojo mokslo I ir II pakopų informatikos ir informatikos inžinerijos krypčių studijų programų atnaujinimas bei naujų sukūrimas ir įgyvendinimas (AMIPA)“, kodas VP1–2.2–ŠMM–09–V–01–003, finansuojamas iš Europos socialinio fondo ir Lietuvos valstybės biudžeto lėšų. Recenzavo: prof. dr. V. Jusas doc. dr. K. Driaunys © N. Goranin, D. Mažeika, 2011 © KTU Informatikos fakultetas, 2011 © VGTU Fundamentaliųjų mokslų fakultetas, 2011 © UAB TEV, 2011 ISBN 978-609-433-055-1 TURINYS ĮVADAS ........................................................................................................................7 1. NUSIKALTIMAI ELEKTRONINĖJE ERDVĖJE ...................................................9 1.1. Nusikaltimų elektroninėje erdvėje apibrėžimas ir jų tipai ................................9 1.2. Informacinis karas ...........................................................................................11 1.3. Savikontrolės klausimai ..................................................................................14 2. NEE TEISINIAI ASPEKTAI ..................................................................................15 2.1. Teisinė nusikaltimų elektroninėje erdvėje samprata .......................................15 2.2. Elektroninių nusikaltimų kategorijos ..............................................................17 2.3. Tarptautiniai