DOCSLIB.ORG

FAKULT¨AT F¨UR INFORMATIK Behavior-Based Malware Detection

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
FAKULT¨AT F¨UR INFORMATIK Behavior-Based Malware Detection FAKULTAT¨ FUR¨ INFORMATIK DER TECHNISCHEN UNIVERSITAT¨ MUNCHEN¨ Dissertation in Informatik Behavior-based Malware Detection with Quantitative Data Flow Analysis Tobias Wuchner¨ ii FAKULTAT¨ FUR¨ INFORMATIK DER TECHNISCHEN UNIVERSITAT¨ MUNCHEN¨ Lehrstuhl XXII - Software Engineering Behavior-based Malware Detection with Quantitative Data Flow Analysis Tobias Wuchner¨ Vollstandiger¨ Abdruck der von der Fakultat¨ fur¨ Informatik der Technischen Universitat¨ Munchen¨ zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzende: Univ.-Prof. Dr. rer. nat. Claudia Eckert Prufer¨ der Dissertation: 1. Univ.-Prof. Dr. rer. nat. Alexander Pretschner 2. Univ.-Prof. Dr.-Ing. Felix Freiling, Friedrich-Alexander-Universitat¨ Erlangen-Nurnberg¨ Die Dissertation wurde am 27.01.2016 bei der Technischen Universitat¨ Munchen¨ eingereicht und durch die Fakultat¨ fur¨ Informatik am 10.05.2016 angenommen. Acknowledgments I would like to thank my first adviser, Prof. Dr. Alexander Pretschner, for giving me the opportunity to almost freely decide on a research topic that I was truly passionate and excited about and for letting me “play around” – even though this meant that I got a bit offside the main research profile of the group. Although in particular the beginning of my time as a Phd student, without even a vague vision of where the whole thing should be going to, was sometimes frustrating, in retrospect I am glad having taken this road. My thanks also go to Prof. Dr.-Ing. Felix Freiling for agreeing to be my second adviser, for providing me with useful feedback in earlier stages of my research, and in particular for supporting me with my research stay in England. Furthermore, I would like to thank Siemens AG and the Siemens CERT for fund- ing my research. In particular I want to thank Thomas Schreck for stimulating my thoughts and teaching me what really matters in industry. My sincere thanks go to Prof. Dr. Mart´ın Ochoa for always encouraging me to carry on with my research, even when I was close to giving up. Your continuous belief in me and your tireless support definitely were among the main reasons for me to push further – thank you a lot for this! Also, I shall thank my office-mate Dr. Enrico Lovat and my flat-mate Dominik Holling for enduring my frustrations, for endless and fruitful discussions, and for always being open and critical. I am very grateful to Hannah Brosch, Benjamin Lautenschlager,¨ Alei Salem, and Enrico Lovat for reviewing my thesis and for providing valuable feedback that definitely improved the quality of this work. Thank you also Andrea Catalucci, Aleksander Cisłak, and Gaurav Srivastava for supporting me in the development of my research prototypes and for helping me to turn my often half-baked ideas into usable software. I would further like to express my gratitude to my parents and family for always having supported me in this endeavor, both financially and motivational. Last but most important, thank you Monika for always backing me up and sup- porting me through all these years, even though my decisions for sure did not make your life much easier. Thank you for your empathy and understanding when I was not as much there for you as I should have been. Thank you for forc- ing me to sometimes hold on, reflect on my goals and plans in life, and for always reminding me that there is a life beyond work and research. I will not forget this! v vi Abstract Malware remains one of the biggest IT security threats, with available detec- tion approaches struggling to cope with a professionalized malware development industry. The increasing sophistication of today’s malware and the prevalent us- age of obfuscation techniques renders traditional static detection approaches in- creasingly ineffective. This thesis contributes towards improving this situation by proposing a novel effective, robust, and efficient concept of leveraging quantita- tive data flow analysis for behavior-based malware detection. We interpret system calls, issued by monitored processes, as quantifiable flows of data between system entities, such as files, sockets, or processes. We aggregate multiple flows as quantitative data flow graphs (QDFGs) that model the behav- ior of a system during a certain period of time. We operationalize this model for behavior-based malware detection in four different ways by either detecting pat- terns of known malicious behavior in QDFGs of unknown samples, or by profiling and identifying malicious behavior with graph metrics on QDFGs. The core contribution of this thesis is the demonstration that quantitative data flow information improves detection effectiveness compared to non-quantitative analyses. We establish high detection effectiveness, obfuscation robustness, and efficiency by evaluations on a large and diverse malware and goodware data set. vii viii Zusammenfassung Schadsoftware stellt nach wie vor eines der großten¨ Probleme im Bereich IT-Sicherheit dar. Die Effektivitat¨ verfugbarer¨ Erkennungsmethoden, insbe- sondere kommerzieller Anti-Virus-Produkte, ist in zunehmendem Maß durch die ansteigende Professionalisierung der Entwickler von Schadsoftware be- droht. Vor allem die stetig steigende Komplexitat¨ und der mittlerweile nahezu flachendeckende¨ Einsatz von Obfuskations- und Anti-Analysetechniken durch Standard-Schadsoftware stellen insbesondere statische Erkennungsansatze¨ vor große Probleme. Die vorliegende Arbeit leistet einen Beitrag hin zu einer Verbesse- rung dieser Situation mit einem neuen, effektiven, robusten und effizienten Ansatz zur Erkennung von Schadsoftware basierend auf quantitativer Datenflussanalyse. Dazu interpretieren wir von Prozessen ausgeloste¨ Funktionsaufrufe als quan- tifizierbare Datenflusse¨ zwischen verschiedenen Systemressourcen, etwa Datei- en, Netzwerkschnittstellen, oder anderen Prozessen. Mehrerer solcher Datenflusse¨ werden dann in Form sogenannter quantitativer Datenflussgraphen (QDFGs) ag- gregiert, die das Systemverhalten wahrend¨ eines bestimmten Zeitraums modellie- ren. Wir stellen vier verschiedene Ansatze¨ zur Operationalisierung dieses Modells fur¨ die verhaltensbasierte Erkennung von Schadsoftware vor. Diese geschieht ent- weder durch Definition und Wiederkennung von Mustern bekannten Schadver- haltens in QDFGs unbekannter Prozesse oder uber¨ das Erstellen von Profilen ty- pischen Schadverhaltens mit Hilfe spezieller Graphmetriken auf QDFGs. Der Kernbeitrag dieser Arbeit ist der Nachweis der Nutzlichkeit¨ quantitativer Datenflussanalyse zur Verbesserung der Erkennungseffektivitat¨ gegenuber¨ nicht- quantitativen Analysen. Wir weisen die hohe absolute Effektivitat,¨ Robustheit und Effizienz unserer Erkennungsansatze¨ auf Basis einer großen und heterogenen Sammlung bosartiger¨ und gutartiger Software nach. ix x Contents Acknowledgmentsv Abstract vii Zusammenfassung ix Outline of this Thesis xv 1. Introduction1 1.1. Research Description...........................4 1.1.1. Tackled Problems and Research Goals.............5 1.1.2. Research Questions........................5 1.2. Structure and Research Methodology.................6 1.3. Contributions...............................8 2. Background9 2.1. Malware..................................9 2.1.1. Malware History.........................9 2.1.2. Malware Taxonomy....................... 11 2.2. Malware Detection............................ 15 2.2.1. Static Detection.......................... 16 2.2.2. Dynamic Detection........................ 20 2.2.3. Gap Analysis and Assessment................. 24 3. System Model 25 3.1. Quantitative Data Flow Graphs..................... 26 3.2. Model Instantiation............................ 29 3.3. Malware Data Flow Behavior Example................. 34 4. Pattern-based Detection 35 4.1. Deductive Pattern-based Detection................... 37 4.1.1. Introduction............................ 37 4.1.2. Approach............................. 39 4.1.3. Evaluation............................. 48 xi Contents 4.1.4. Related Work........................... 54 4.1.5. Discussion and Conclusion................... 56 4.2. Inductive Pattern-based Detection................... 58 4.2.1. Introduction............................ 58 4.2.2. Preliminaries........................... 61 4.2.3. Approach............................. 63 4.2.4. Evaluation............................. 78 4.2.5. Related Work........................... 85 4.2.6. Discussion and Conclusion................... 87 5. Metric-based Detection 89 5.1. Deductive Metric-based Detection................... 93 5.1.1. Introduction............................ 93 5.1.2. Approach............................. 96 5.1.3. Evaluation............................. 106 5.1.4. Related Work........................... 114 5.1.5. Discussion and Conclusion................... 115 5.2. Inductive Metric-based Detection.................... 116 5.2.1. Introduction............................ 116 5.2.2. Preliminaries........................... 119 5.2.3. Approach............................. 120 5.2.4. Evaluation............................. 134 5.2.5. Related Work........................... 147 5.2.6. Discussion and Conclusion................... 148 6. Assessment and Operationalization 149 6.1. Assessment................................ 149 6.1.1. Effectiveness........................... 149 6.1.2. Efficiency............................. 155 6.1.3. Summary and Discussion.................... 157 6.2. Operationalization............................ 160 6.2.1. Offline Detection......................... 160 6.2.2. Online Detection........................
Load more

Recommended publications
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • 1.Computer Virus Reported (1) Summary for This Quarter
    Attachment 1 1.Computer Virus Reported (1) Summary for this Quarter The number of the cases reported for viruses*1 in the first quarter of 2013 decreased from that of the fourth quarter of 2012 (See Figure 1-1). As for the number of the viruses detected*2 in the first quarter of 2013, W32/Mydoom accounted for three-fourths of the total (See Figure 1-2). Compared to the fourth quarter of 2012, however, both W32/Mydoom and W32/Netsky showed a decreasing trend. When we looked into the cases reported for W32/Netsky, we found that in most of those cases, the virus code had been corrupted, for which the virus was unable to carry out its infection activity. So, it is unlikely that the number of cases involving this virus will increase significantly in the future As for W32/IRCbot, it has greatly decreased from the level of the fourth quarter of 2012. W32/IRCbot carries out infection activities by exploiting vulnerabilities within Windows or programs, and is often used as a foothold for carrying out "Targeted Attack". It is likely that that there has been a shift to attacks not using this virus. XM/Mailcab is a mass-mailing type virus that exploits mailer's address book and distributes copies of itself. By carelessly opening this type of email attachment, the user's computer is infected and if the number of such users increases, so will the number of the cases reported. As for the number of the malicious programs detected in the first quarter of 2013, Bancos, which steals IDs/Passwords for Internet banking, Backdoor, which sets up a back door on the target PC, and Webkit, which guides Internet users to a maliciously-crafted Website to infect with another virus, were detected in large numbers.
    [Show full text]
  • A Review Paper on Effective Behavioral Based Malware Detection and Prevention Techniques for Android Platform
    International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 10, Number 1 (2017) © International Research Publication House http://www.irphouse.com A Review Paper on Effective Behavioral Based Malware Detection and Prevention Techniques for Android Platform Mr. Sagar Vitthal Shinde1 M.Tech Comp. Department of Technology, Shivaji University, Kolhapur, Maharashtra, India. Email id: [email protected] Ms. Amrita A. Manjrekar2 Assistant Professor, Department of Technology, Shivaji University, Kolhapur, Maharashtra, India. Email Id: [email protected] Abstract late). It has been recently reported that almost 60% of Android is most popular platform for mobile devices. existing malware send stealthy premium rate SMS messages. Smartphone’s and mobile tablets are rapidly indispensable in Most of these behaviors are exhibited by a category of apps daily life. Android has been the most popular open sources called Trojanized that can be found in online marketplaces mobile operating system. On the one side android users are not controlled by Google. However, also Google Play, the increasing, but other side malicious activity also official market for Android apps, has hosted apps which have simultaneously increasing. The risk of malware (Malicious been found to be malicious [1] [21]. apps) is sharply increasing in Android platform, Android Existing system consist of some limited features of android mobile malware detection and prevention has become an app, malware detection is based on behavioral base. The important research topic. Some malware attacks can make the malware detection and prevention process is also static which phone partially or fully unusable, cause unwanted SMS/MMS create some problems such as it increase false positive rate.
    [Show full text]
  • LAB MANUAL for Computer Network
    LAB MANUAL for Computer Network CSE-310 F Computer Network Lab L T P - - 3 Class Work : 25 Marks Exam : 25 MARKS Total : 50 Marks This course provides students with hands on training regarding the design, troubleshooting, modeling and evaluation of computer networks. In this course, students are going to experiment in a real test-bed networking environment, and learn about network design and troubleshooting topics and tools such as: network addressing, Address Resolution Protocol (ARP), basic troubleshooting tools (e.g. ping, ICMP), IP routing (e,g, RIP), route discovery (e.g. traceroute), TCP and UDP, IP fragmentation and many others. Student will also be introduced to the network modeling and simulation, and they will have the opportunity to build some simple networking models using the tool and perform simulations that will help them evaluate their design approaches and expected network performance. S.No Experiment 1 Study of different types of Network cables and Practically implement the cross-wired cable and straight through cable using clamping tool. 2 Study of Network Devices in Detail. 3 Study of network IP. 4 Connect the computers in Local Area Network. 5 Study of basic network command and Network configuration commands. 6 Configure a Network topology using packet tracer software. 7 Configure a Network topology using packet tracer software. 8 Configure a Network using Distance Vector Routing protocol. 9 Configure Network using Link State Vector Routing protocol. Hardware and Software Requirement Hardware Requirement RJ-45 connector, Climping Tool, Twisted pair Cable Software Requirement Command Prompt And Packet Tracer. EXPERIMENT-1 Aim: Study of different types of Network cables and Practically implement the cross-wired cable and straight through cable using clamping tool.
    [Show full text]
  • Detecting Botnets Using File System Indicators
    Detecting botnets using file system indicators Master's thesis University of Twente Author: Committee members: Peter Wagenaar Prof. Dr. Pieter H. Hartel Dr. Damiano Bolzoni Frank Bernaards LLM (NHTCU) December 12, 2012 Abstract Botnets, large groups of networked zombie computers under centralised control, are recognised as one of the major threats on the internet. There is a lot of research towards ways of detecting botnets, in particular towards detecting Command and Control servers. Most of the research is focused on trying to detect the commands that these servers send to the bots over the network. For this research, we have looked at botnets from a botmaster's perspective. First, we characterise several botnet enhancing techniques using three aspects: resilience, stealth and churn. We see that these enhancements are usually employed in the network communications between the C&C and the bots. This leads us to our second contribution: we propose a new botnet detection method based on the way C&C's are present on the file system. We define a set of file system based indicators and use them to search for C&C's in images of hard disks. We investigate how the aspects resilience, stealth and churn apply to each of the indicators and discuss countermeasures botmasters could take to evade detection. We validate our method by applying it to a test dataset of 94 disk images, 16 of which contain C&C installations, and show that low false positive and false negative ratio's can be achieved. Approaching the botnet detection problem from this angle is novel, which provides a basis for further research.
    [Show full text]
  • Command-Line IP Utilities This Document Lists Windows Command-Line Utilities That You Can Use to Obtain TCP/IP Configuration Information and Test IP Connectivity
    Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 Command-Line IP Utilities This document lists Windows command-line utilities that you can use to obtain TCP/IP configuration information and test IP connectivity. Command parameters and uses are listed for the following utilities in Tables 1 through 9: ■ Arp ■ Ipconfig ■ Netsh ■ Netstat ■ Pathping ■ Ping ■ Route ■ Tracert ARP The Arp utility reads and manipulates local ARP tables (data link address-to-IP address tables). Syntax arp -s inet_addr eth_addr [if_addr] arp -d inet_addr [if_addr] arp -a [inet_address] [-N if_addr] [-v] Table 1 ARP command parameters and uses Parameter Description -a or -g Displays current entries in the ARP cache. If inet_addr is specified, the IP and data link address of the specified computer appear. If more than one network interface uses ARP, entries for each ARP table appear. inet_addr Specifies an Internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -v Displays the ARP entries in verbose mode. -d Deletes the host specified by inet_addr. -s Adds the host and associates the Internet address inet_addr with the data link address eth_addr. The physical address is given as six hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. Pyles, Carrell, and Tittel 1 Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 IPCONFIG The Ipconfig utility displays and modifies IP address configuration information.
    [Show full text]
  • System Center Endpoint Protection for Mac
    System Center Endpoint Protection for Mac Installation Manual and User Guide Contents Context menu 19 System Center Endpoint Protection 3 System requirements 3 Advanced user 20 Import and export settings 20 Installation 4 Import settings 20 Typical installation 4 Export settings 20 Proxy server setup 20 Custom installation 4 Removable media blocking 20 Uninstallation 5 21 Beginners guide 6 Glossary Types of infiltrations 21 User interface 6 Viruses 21 Checking operation of the system 6 Worms 21 What to do if the program does not work properly 7 Trojan horses 21 Work with System Center Endpoint Adware 22 Spyware 22 Protection 8 Potentially unsafe applications 22 Antivirus and antispyware protection 8 Potentially unwanted applications 22 Real-time file system protection 8 Real-time Protection setup 8 Scan on (Event triggered scanning) 8 Advanced scan options 8 Exclusions from scanning 8 When to modify Real-time protection configuration 9 Checking Real-time protection 9 What to do if Real-time protection does not work 9 On-demand computer scan 10 Type of scan 10 Smart scan 10 Custom scan 11 Scan targets 11 Scan profiles 11 Engine parameters setup 12 Objects 12 Options 12 Cleaning 13 Extensions 13 Limits 13 Others 13 An infiltration is detected 14 Updating the program 14 Update setup 15 How to create update tasks 15 Upgrading to a new build 15 Scheduler 16 Purpose of scheduling tasks 16 Creating new tasks 16 Creating user-defined task 17 Quarantine 17 Quarantining files 17 Restoring from Quarantine 17 Log files 18 Log maintenance 18 Log filtering 18 User interface 18 Alerts and notifications 19 Alerts and notifications advanced setup 19 Privileges 19 System Center Endpoint Protection As the popularity of Unix-based operating systems increases, malware authors are developing more threats to target Mac users.
    [Show full text]
  • Lesson E19 En. Internet Troubleshooting, Disturbances, Maintenance
    Leonardo da Vinci Programme – Project RO/03/B/P/PP175006 LESSON E19_EN. INTERNET TROUBLESHOOTING, DISTURBANCES, MAINTENANCE. Parent Entity: IPA SA, Bucharest, Romania, 167 bis, Calea Floreasca; Fax: + 40 21 316 16 20 Authors: Gheorghe Mincu Sandulescu, University Professor Dr., IPA SA, Bucharest, Romania, 167 bis, Calea Floreasca, Mariana Bistran, Principal Researcher, IPA SA, Bucharest, Romania, 167 bis, Calea Floreasca, e-mail: [email protected]. Consultations: Every working day between 9.00 a.m. and 12.00 p.m. After studying this lesson, you will acquire the following knowledge: Understanding the troubleshooting methodology and procedures. Ethical, economic and managerial aspects of the troubleshooting activities. Essential diagnosis tools for troubleshooting and their mode of use. The control of connectivity through the use of powerful and simple to apply troubleshooting tools. The use of the Microsoft ©®WINDOWS environment for troubleshooting. The use of elements from the Unix / Linux environment for troubleshooting. CONTENT OF THE LESSON 1. TROUBLESHOOTING PROCEDURES. 2. UNIX UTILITIES AND SYSTEM FILES RELATED TO NETWORKING AND TROUBLESHOOTING. 3. DIAGNOSIS TOOLS AND UTILITIES IN MICROSOFT ®WINDOWS. 4. PATHPING MICROSOFT ®WINDOWS DIAGNOSIS TOOL FOR TROUBLESHOOTING CONNECTIVITY. 5. THE Netstat DIAGNOSIS TOOL. MICROSOFT ®WINDOWS 6. OTHER DIAGNOSIS TOOLS. MICROSOFT ®WINDOWS LEARNING OBJECTIVES: After learning this lesson you will accomplish the ability to: apply the troubleshooting methodology and procedures. respect the ethical constraints and take into consideration the economic and managerial aspects of the troubleshooting activities. accomplish the necessary information for troubleshooting actions inside your specific activities, to apply the troubleshooting tools.. The control of connectivity through the using of the powerful and simple to apply troubleshooting tools.
    [Show full text]
  • Computer Viruses, in Order to Detect Them
    Behaviour-based Virus Analysis and Detection PhD Thesis Sulaiman Amro Al amro This thesis is submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy Software Technology Research Laboratory Faculty of Technology De Montfort University May 2013 DEDICATION To my beloved parents This thesis is dedicated to my Father who has been my supportive, motivated, inspired guide throughout my life, and who has spent every minute of his life teaching and guiding me and my brothers and sisters how to live and be successful. To my Mother for her support and endless love, daily prayers, and for her encouragement and everything she has sacrificed for us. To my Sisters and Brothers for their support, prayers and encouragements throughout my entire life. To my beloved Family, My Wife for her support and patience throughout my PhD, and my little boy Amro who has changed my life and relieves my tiredness and stress every single day. I | P a g e ABSTRACT Every day, the growing number of viruses causes major damage to computer systems, which many antivirus products have been developed to protect. Regrettably, existing antivirus products do not provide a full solution to the problems associated with viruses. One of the main reasons for this is that these products typically use signature-based detection, so that the rapid growth in the number of viruses means that many signatures have to be added to their signature databases each day. These signatures then have to be stored in the computer system, where they consume increasing memory space. Moreover, the large database will also affect the speed of searching for signatures, and, hence, affect the performance of the system.
    [Show full text]
  • Ipswitch Failover V9.5 Administrator's Guide
    Administrator's Guide For Ipswitch Failover v9.5 Copyright ©1991-2016 Ipswitch, Inc. All rights reserved. This document, as well as the software described in it, is furnished under license and may be used or copied only in accordance with the terms of such license. Except as permitted by such license, no part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the express prior written consent of Ipswitch, Inc. The content of this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Ipswitch, Inc. While every effort has been made to assure the accuracy of the information contained herein, Ipswitch, Inc. assumes no responsibility for errors or omissions. Ipswitch, Inc., also assumes no liability for damages resulting from the use of the information contained in this document. WS_FTP, the WS_FTP logos, Ipswitch, and the Ipswitch logo, MOVEit and the MOVEit logo, MessageWay and the MessageWay logo are trademarks of Ipswitch, Inc. Other products and their brands or company names, are or may be trademarks or registered trademarks, and are the property of their respective companies. Contents Preface: About This Book.........................................................................vii Part I: Getting Started..................................................................................9 Chapter 1: Ipswitch Failover Concepts.................................................................................11
    [Show full text]
  • 2007 Threat Report | 2008 Threat and Technology Forecast Executive Summary
    2007 Threat Report | 2008 Threat and Technology Forecast Executive Summary Last year, Trend Micro’s 2006 Annual Roundup As we highlight the threats that made rounds and 2007 Forecast (The Trend of Threats Today) in 2007, it will become clear that all of these predicted the full emergence of Web threats predictions have indeed materialized, and some as the prevailing security threat in 2007. Web in an interesting fashion. threats include a broad array of threats that The shifting threat landscape demands a move operate through the Internet, typically comprise away from the traditional concept of malicious more than one fi le component, spawn a large code. Digital threats today cover more ground number of variants, and target a relatively smaller than ever. They may come to a user through audience. This was predicted to continue the simply having a vulnerable PC, visiting trusted “high focus/low spread” themes seen by some Web sites that are silently compromised, clicking attacks in 2006. an innocent-looking link, or by belonging to a Trend Micro also predicted that the growth and network that is under attack by a Distributed expansion of botnets during 2007 would be Denial of Service attacker. mostly based on new methods, ingenious social In the following roundup, Trend Micro summarizes engineering, and the exploitation of software the threats, malware trends, and security vulnerabilities. The roundup also indicated highlights seen during 2007. Real-life victims of that crimeware would continue to increase and these security threats include interest groups, become the prevailing threat motivation in 2007 individuals, organizations, and on some occasions and onwards.
    [Show full text]
  • Reference Guide Vmware Vcenter Server Heartbeat 5.5 Update 1
    Administrator Guide VMware vCenter Server Heartbeat 6.3 Update 1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-000562-01 Administrator Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: [email protected] Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc. Contents About This Book 7 Getting Started 1 Introduction 11 Overview 11 vCenter Server Heartbeat Concepts 11 Architecture 11 Protection Levels 13 Communications 16 vCenter Server Heartbeat Switchover and Failover Processes 17 2 Configuring vCenter Server Heartbeat 21 Server Configuration Wizard 22 Configuring the Machine Identity 22 Configuring the Server Role 23 Configuring the Client Connection Port 23 Configuring Channel
    [Show full text]