Content text Computer Viruses and Malware-John Aycock.pdf
FSP 201 ETHICAL HACKING & IT SECURITY REFERENCE BOOK
Computer Viruses and Malware by John Ay cock University of Calgary Canada Springer
2.3 2.4 Authorship TimeUne 3. VIRUSES 3.1 3.2 3.3 Classification by Target 3.1.1 Boot-Sector Infectors 3.1.2 File Infectors 3.1.3 Macro Viruses Classification by Concealment Strategy 3.2.1 No Concealment 3.2.2 Encryption 3.2.3 Stealth 3.2.4 Oligomorphism 3.2.5 Polymorphism 3.2.6 Metamorphism 3.2.7 Strong Encryption Virus Kits viii COMPUTER VIRUSES AND MALWARE 21 22 27 28 28 30 33 34 34 35 37 38 38 46 47 48 ANTI-VIRUS TECHNIQUES 53 4.1 Detection: Static Methods 55 4.1.1 Scanners 55 4.1.2 Static Heuristics 69 4.1.3 Integrity Checkers 70 4.2 Detection: Dynamic Methods 71 4.2.1 Behavior Monitors/Blockers 71 4.2.2 Emulation 74 4.3 Comparison of Anti-Virus Detection Techniques 79 4.4 Verification, Quarantine, and Disinfection 80 4.4.1 Verification 81 4.4.2 Quarantine 82 4.4.3 Disinfection 82 4.5 Virus Databases and Virus Description Languages 85 4.6 Short Subjects 88 4.6.1 Anti-Stealth Techniques 88 4.6.2 Macro Virus Detection 89 4.6.3 Compiler Optimization 90
Contents ix 5. ANTI-ANTI-VIRUS TECHNIQUES 97 5.1 Retroviruses 97 5.2 Entry Point Obfuscation 99 5.3 Anti-Emulation 99 5.3.1 Outlast 99 5.3.2 Outsmart 100 5.3.3 Overextend 100 5.4 Armoring 101 5.4.1 Anti-Debugging 101 5.4.2 Anti-Disassembly 103 5.5 Tunneling 105 5.6 Integrity Checker Attacks 106 5.7 Avoidance 106 6. WEAKNESSES EXPLOITED 109 6.1 Technical Weaknesses 109 6.1.1 Background 110 6.1.2 Buffer Overflows 113 6.1.3 Integer Overflows 123 6.1.4 Format String Vulnerabilities 125 6.1.5 Defenses 127 6.1.6 Finding Weaknesses 132 6.2 Human Weaknesses 134 6.2.1 Virus Hoaxes 136 7. WORMS 143 7.1 Worm History 144 7.1.1 Xerox PARC, c. 1982 144 7.1.2 The Internet Worm, November 1988 145 7.2 Propagation 148 7.2.1 Initial Seeding 149 7.2.2 Finding Targets 150 8. DEWORMING 157 8.1 Defense 158 8.1.1 User 158 8.1.2 Host 158 8.1.3 Perimeter 163 8.2 Capture and Containment 167