Warning about the CDROM The cdrom provided with the present book is dedicated to educational and academic purposes only (teaching and research activities). Any other use is totally condemned by the author. Before using any of the material it contains, the reader is strongly advised to refer to national laws dealing with computer crimes and computer security, to determine if he is allowed to use this material. This cdrom does NOT contain ANY executable files, whatever may be the format. The reader then will not face the slightest risk by using it. Only two file formats have been used: • simple html language, without any script language, for the webpage-like presentation files. These pages allows to navigate very easily through the cdrom. • pdf language, for all other data: papers, technical articles and viral codes. In particular, the use of the viral source codes provided on the cdrom cannot be fortuitous. It requires an active and voluntarily process from the reader – the code has to be typed and next to be compiled. Thus any such action directly involves the reader’s own repsonsability. At last, minor implementation errors have been voluntarily introduced into the source code (both in the book and on the cdrom). They do not involve viral algorithmics but only the use of some programming language primitives. Detecting and correcting them will constitue a good exercise. Nonetheless, their existence does not complicate the reader’s understanding. References 1. Adleman L. M. (1988) An Abstract Theory of Computer Viruses. In Advances in Cryptology- CRYPTO’88, pp 354-374, Springer. 2. Aleph One (2000) Smashing the stack for fun and profit, Phrack Journal, Vol. 7, no. 49, www.phrack.org. 3. J. Anders, Net filter spies on kid’s surfing, 25 janvier 2001, http://zdnet.com.com/ 2100-11-527592.html 4. Anderson J. P. (1972) Computer Security Technology Planning Study, Technical Report ESD-TR-73-51, US Air Force Electronic Systems Division, October. 5. Anderson R. (2001) Security Engineering, Wiley. 6. Anderson R. (2002) Trusted Computing Frequently Asked Questions, TCPA/Palladium/NGSCB/TCG, available on www.cl.cam.ac.uk/~rja14/ tcpa-faq.html 7. Arbib M. A. (1966) A simple self-reproducing universal automaton, Infor. and Cont., 9, pp. 177-189. 8. Antivirus AVP - www.avp.ch. 9. Azatasou D., Tanakwang A. (2003) Etude de faisabilit´e d’un virus de Bios,M´emoire de stage ing´enieur, Ecole Sup´erieure et d’Application des Transmissions, Rennes. 10. Barel M. (2004), Nouvel article 323-3-1 du Code P´enal:lechevaldeTroiedu l´egislateur ?, MISC, Le journal de la s´ecurit´einformatique,Num´ero 14. 11. Barwise J. (1983) Handbook of Mathematical Logic, North-Holland. 12. Bell D. E., LaPadula L. J. (1973) Secure Computer Systems: Mathematical Founda- tions and Model, The Mitre Corporation. 13. Biba K. J. (1977) Integrity Considerations for Secure Computer Systems, USAF Electronic Systems Division. 14. Bidault M. (2002) Cr´eation de macros VBA pour Office 97, 2000 et XP, Campus Press. 15. Blaess C. (2000) Programmation syst`eme en C sous Linux, Eyrolles. 16. Blaess C. (2002) Langages de scripts sous Linux, Eyrolles. 17. Blaess C. (2002) Virologie : nimda, MISC, Le journal de la s´ecurit´einformatique, Num´ero 1. 18. Bailleux C. (2002) Petits d´ebordements de tampon dans la pile, MISC, Le journal de la s´ecurit´einformatique,Num´ero 2. 19. Bontchev V. (1995) Are “good” computer virusses still a a bad idea, www.virusbtn. com/old/OtherPapers/GoodVir 392 References 20. Brassier M. (2003) Mise en place d’une cellule de veille technologique, MISC Le journal de la s´ecurit´einformatique,num´ero 5, pp 6-11. 21. Bridis T. (2001) FBI Develops Eavesdropping Tools. Washington Post,November 22nd. 22. Brulez N. (2003) Analyse d’un ver par d´esassemblage, MISC, Le journal de la s´ecurit´e informatique, Num´ero 5. 23. Brulez N. (2003) Techniques de reverse engineering - Analyse d’un code verrouill´e, MISC, Le journal de la s´ecurit´einformatique,Num´ero 7. 24. Brulez N. (2003) Faiblesses des protections d’excutable PE. Etude de cas: Asprotect, In: Proceedings of the SSTIC 2003 Conference, pp. 102-121, www.sstic.org 25. Brulez N., Filiol E. (2003) Analyse d’un ver ultra-rapide : Sapphire/Slammer, MISC, Le journal de la s´ecurit´einformatique,Num´ero 8. 26. Burks A. W. (1970) Essays on Cellular Automata, University of Illinois Press, Urbana and London. 27. Byl J. (1989) Self-reproduction in cellular automata, Physica D, 34, pp. 295-299. 28. Cantero A .(2003) Droit p´enal et cybercriminalit´e:lar´epression des infractions li´ees aux TIC, In: Proceedings of the SSTIC 2003 Conference, www.sstic.org 29. Caprioli E. A. (2002) Les moyens juridiques de lutte contre la cybercriminalit´e, Revue Risques, Les Cahiers de l’assurance, juillet-septembre, num´ero 51. 30. Chambet P., Detoisien E. et Filiol E. (2003) La fuite d’information dans les docu- ments propri´etaires, MISC, Le journal de la s´ecurit´einformatique,Num´ero 7. 31. Chess D. M., White S. R. (2000) An undetectable computer virus, Virus Bulletin Conference, September. 32. Church A. (1941) The calculi of lambda-conversion, Annals of Mathematical Studies, 6, Princeton University Press. 33. Codd, E. F. (1968) Cellular Automata, Academic Press. 34. Cohen F. (1986) Computer viruses, Ph. D Thesis, University of Southern California, Janvier 1986. 35. Cohen F. (1994) A Short Course on Computer viruses, Wiley. 36. Cohen F. (1994) It’s alive, Wiley. 37. Cohen F. (1987) Computer Viruses - Theory and Experiments, IFIP-TC11 Comput- ers and Security, vol. 6, pp 22-35. 38. Cohen F. (1985) A Secure Computer Network Design, IFIP-TC11 Computers and Security, vol. 6, vol. 4, no. 3, pp 189-205. 39. Cohen F. (1985) Protection and Administration on Information Networks under Partial Orderings, IFIP-TC11 Computers and Security, vol. 6, pp 118-128. 40. Cohen F. (1987) Design and Administration of Distributed and Hierarchical Infor- mation Networks under Partial Orderings, IFIP-TC11 Computer and Security, vol. 6. 41. Cohen F. (1987) Design and Administration of an Information Network under a Partial Ordering: a Case Study, IFIP-TC11 Computer and Security, vol. 6, pp 332- 338. 42. Cohen F. (1987) A Cryptographic Checksum for Integrity Protection in Untrusted Computer Systems, IFIP-TC11 Computer and Security. 43. Cohen F. (1988) Models of Practical Defenses against Computer Viruses, IFIP-TC11 Computer and Security, vol. 7, no. 6. 44. Cohen F. (1990) ASP 3.0 - The Integrity Shell, Information Protection, vol. 1, no. 1. 45. Coursen S. (2001) ‘Good’ viruses have a future, www.surferbeware.com/articles/ computer-viruses-article-text-2.htm References 393 46. Detoisien E. (2003) Ex´ecution de code malveillant sous Internet Explorer 5 et 6, MISC, Le journal de la s´ecurit´einformatique,Num´ero 5. 47. Devergranne T. (2002) La loi “Godfrain” `al’´epreuve du temps, MISC, Le journal de la s´ecurit´einformatique,Num´ero 2. 48. Devergranne T. (2003) Virus informatiques : aspects juridiques, MISC, Le journal de la s´ecurit´einformatique,Num´ero 5. 49. Devergranne T. (2003) Le reverse engineering coule-t-il de source ?, MISC, Le journal de la s´ecurit´einformatique,Num´ero 9. 50. Dewdney A. K. (1984) Metamagical Themas, Scientific American, mars 1984. As far as the Core Games is concerned, the reader may also refer to www.koth.org/info/ sciam or kuoi.asui.uidaho.edu/~kamikaze/documents/corewar-faq.html 51. D’Haeseleer P., Forrest S. et Helman P. (1996) An immunological approach to change detection : algorithms, analysis ans implications, In Proceedings of the 1996 IEEE Symposium of Computer Security and Privacy, IEEE Press, pp. 110-119. 52. Detailed description of the PE format, http://spiff.tripnet.se/~iczelion/ files/pe1.zip 53. Dobbertin H. (1996) rump session, Eurocrypt’96. Available on www.iacr.org/ conferences/ec96/rump/ 54. Dobbertin H. (1996) Cryptanalysis of MD4. In: Gollman D. ed., Third Fast Software Encryption Conference, Lecture Notes in Computer Science 1039, pp 71–82, Springer- Verlag. 55. Dodge Y. (1999) Premiers pas en statistique, Springer-Verlag. 56. Dougherty D., Robbins A. (1990) Sed & Awk, O’Reilly & Associates. 57. Dralet S., Raynal F. (2003) Virus sous Unix ou quand la fiction devient r´ealit´e, MISC, Le journal de la s´ecurit´einformatique,Num´ero 5. 58. Eichin M. W., Rochlis J. A. (1988) With microscope and tweezers : an analysis of the Internet virus of november 1988, IEEE Symposium on Research in Security and Privacy. 59. eEye Digital Security (1999) Retina vs IIS 4, Round 2, www.eeye.com/html/ Research/Advisories/AD19990608.html 60. Filiol E. (2002) Applied Cryptanalysis of Cryptosystems and Computer At- tacks Through Hidden Ciphertexts Computer Viruses, Rapport de recherche IN- RIA num´ero 4359. Available on http://www-rocq.inria.fr/codes/Eric.Filiol/ papers/rr4359vf.ps.gz 61. Filiol E. (2002) Le ver Code-Red, MISC, Le journal de la s´ecurit´einformatique, Num´ero 2. 62. Filiol E. (2002) Le virus CIH dit “Chernobyl”, MISC, Le journal de la s´ecurit´e informatique, Num´ero 3. 63. Filiol E. (2002) Autopsie du macro-virus Concept, MISC, Le journal de la s´ecurit´e informatique, Num´ero 4. 64. Filiol E. (2003) Les infections informatiques, MISC, Le journal de la s´ecurit´einfor- matique, Num´ero 5. 65. Filiol E. (2003) La lutte antivirale : techniques et enjeux, MISC, Le journal de la s´ecurit´einformatique,Num´ero 5. 66. Filiol E. (2003) Le virus de boot furtif Stealth, MISC, Le journal de la s´ecurit´e informatique, Num´ero 6. 67. Filiol E. (2002) L’ing´eni´erie sociale, Linux Magazine 42, Septembre 2002.