View Larger Image	Peter Szor Addison-Wesley, Paperback, Published February 2005, 744 pages, ISBN 0321304543
	List Price: $54.99 Our Price: $34.95 You Save: $20.04 (36% Off)
	Availability: Out-Of-Stock

Read an excerpt: Chapter 7: Advanced Code Evolution Techniques and Computer Virus Generator Kits       Excerpt provided courtesy of Addison-Wesley Professional. Copyright © Addison-Wesley. Written permission from the publisher is required for any use of this material.

People who purchase this book frequently purchase:

• Rootkits: Subverting the Windows Kernel; Greg Hoglund, et al, $34.50, 37% Off!
• Microsoft Windows Internals, 4th Edition: Microsoft Windows Server 2003, Windows XP, and Windows 2000; Mark E. Russinovich, et al, $37.50, 37% Off!
• Buffer Overflow Attacks; James C. Foster, et al, $25.50, 27% Off!
• Reversing: Secrets of Reverse Engineering; Eldad Eilam, $24.95, 38% Off!

• Other Topics : Computer Science Theory
• Enterprise Computing : Security

• Addison-Wesley

PREFACE

Who Should Read This Book

Over the last two decades, several publications appeared on the subject of computer viruses, but only a few have been written by professionals ("insiders") of computer virus research. Although many books exists that discuss the computer virus problem, they usually target novice audience, which are simply not too interesting for the technical professionals. There are only a few works that have no worries to go into the technical details, necessary to understand, in order to defend against computer viruses effectively.

Part of the problem is that existing books have little information, if at all, about the current complexity of computer viruses. For example, they lack serious technical information on fast spreading computer worms that exploit vulnerabilities to invade target systems, or they do not discuss recent code evolution techniques such as code metamorphism. If you wanted to get all the information that I have in this book, you would need to spend a lot of time reading articles and papers that are often hidden somewhere deep inside computer virus and security conference proceedings, and perhaps you would need to dig into malicious code, for years, to extract the relevant details.

I believe that this book is most useful for IT and security professionals who fight against computer viruses on a daily base. Nowadays, system administrators, as well as individual home users often need to deal with computer worms and other malicious programs on their networks. Unfortunately enough, security courses have very little training on computer virus protection, and the general public knows very little how to analyze and defend their network from such attacks. To make things more difficult, computer virus analysis techniques have not been discussed in any existing works in sufficient length before.

I also think that for anybody interested in information security, being aware of what the computer virus writers "achieved" so far, is an important thing to know.

For years, computer virus researchers used to be "file" or "infected object" oriented. To the contrary, security professionals were excited about suspicious events only on the network level. In addition, threats such as CodeRed worm appeared that inject their code in memory of vulnerable processes over the network, but do not "infect" objects on the disk. Today, it is important to understand all of these major perspectives: the file (storage), in-memory and network views, and correlate the events using malicious code analysis techniques.

During the years I have trained many computer virus and security analysts to analyze and respond to malicious code threats effectively. In this book, I have included information about just like anything that I ever had to deal with. For example, I have relevant examples of ancient threats, such as 8-bit viruses on the Commodore 64. You will see that techniques such as stealth technology appeared in the earliest computer viruses, on a variety of platforms. Thus, you will be able to realize that current rootkits do not represent anything new! You will find sufficient coverage on 32-bit Windows worm threats with in depth exploit discussions, as well as 64-bit viruses and "pocket monsters" on mobile devices. All along the way, my goal was to illustrate to you, how old techniques "reincarnate" in new threats, and demonstrate up to date attacks with just enough technical details.

I am sure, that many of you are interested to join the fight against malicious code, and perhaps, just like me, some of you will become inventors of defense techniques. All of you should be aware of the pitfalls and the challenges of this field, however!

That is all what this book is all about.

What I Cover

The purpose of this book is to demonstrate the current state of the art in computer virus and antivirus developments, and to teach you the methodology of computer virus analysis, and protection. I discuss infection techniques of computer viruses from all possible perspectives: file (on storage), in-memory and network. I classify, and tell you all about the little dirty tricks of computer viruses that bad guys developed over the last two decades, and tell you what have been done to deal with complexity such as code polymorphism and exploits.

The easiest way to read this book is, well, to read it from chapter to chapter. However, some of the attack chapters have content that can be more relevant after understanding techniques presented in the defense chapters. If you feel that any of the chapters is not for your taste, simply too difficult, or lengthy, you can always jump to the next chapter. I am sure, that everybody will find some parts of this book very difficult, and others very simple, depending on individual experience.

I expect my readers to be familiar with technology, and some level of programming. There are so many things discussed in this book, that it is simply impossible to cover everything in sufficient length. However, you will know exactly what you might need to learn from elsewhere to be absolutely successful against malicious threats. In order to help you, I have created an extensive reference list for each chapter that leads you to the necessary background information.

Indeed, this book could easily have been over 1000 pages. However, as you can tell, I am not Shakespeare. My knowledge of computer viruses is great, not my English. However, most likely you would have no benefit of my work if this was the other way around.

What I do not Cover

I do not cover trojan horse programs and backdoors in great length. This book is primarily about self-replicating malicious code. There are plenty of great books available on regular malicious programs, but not on computer viruses.

I do not present any virus code in the book that you could directly use to build another virus. If you look for that, you need to look elsewhere. This book is not a "virus writing" class. However, my understanding is that the bad guys already know about most of the techniques that I discuss in this book. Instead, the good guys need to learn more and start to think (but not to act) like a real attacker to develop their defense!

Interestingly, many universities attempt to teach computer virus research courses by offering classes on writing viruses. Would it really help if a student could write a virus to infect millions of systems around the world? Will such students known more about how to develop defense better? Simply, the answer is no...

Instead, classes should focus on the analysis of existing malicious threats. There are so many threats out there waiting for somebody to understand them, and do something against them.

Of course, the knowledge of computer viruses is like the "force" in Star Wars. Depending on the user of the "force", the knowledge can turn to good or bad. I cannot force you to stay away from the "dark side", but I pretty much urge you to do so.

Table of Contents

I. STRATEGIES OF THE ATTACKER.

1. Introduction to the Games of Nature.

2. The Fascination of Malicious Code Analysis.

3. Malicious Code Environments.

4. Classification of Infection Strategies.

5. Classification of In-Memory Strategies.

6. Basic Self-Protection Strategies.

7. Advanced Code Evolution Techniques and Computer Virus Generator Kits.

8. Classification According to Payload.

9 Strategies of Computer Worms.

10. Exploits, Vulnerabilities, and Buffer Overflow Attacks.

II. STRATEGIES OF THE DEFENDER.

11. Antivirus Defense Techniques.

12. Memory Scanning and Disinfection.

13. Worm-Blocking Techniques and Host-Based Intrusion Prevention.

14. Network-Level Defense Strategies.

15. Malicious Code Analysis Techniques.

16. Conclusion.

About the Author

Peter Szor is a world renowned computer virus and security researcher. He has been actively conducting research on computer viruses for more than 15 years, and he focused on the subject of computer viruses and virus protection in his diploma work in 1991. Over the years, Peter has been fortunate to work with the best-known antivirus products, such as AVP, F-PROT, and Symantec Norton AntiVirus. Originally, he built his own antivirus program, Pasteur, from 1990 to 1995, in Hungary. Parallel to his interest in computer antivirus development, Peter also has years of experience in fault tolerant and secured financial transaction systems development.

He was invited to join CARO (the Computer Antivirus Researchers Organization) in 1997. Peter is on the advisory board of Virus Bulletin Magazine and a founding member of the AVED (AntiVirus Emergency Discussion) network. He has been with Symantec for over five years as a chief researcher, in Santa Monica, California.

Peter has authored over 70 articles and papers on the subject of computer viruses and security for magazines such as Virus Bulletin, Chip, Source, Windows NT Magazine, and Information Security Bulletin, among others. He is a frequent speaker at conferences, including Virus Bulletin, EICAR, ICSA, and RSA and has given invited talks at such security conferences as the USENIX Security Symposium. Peter is passionate about sharing his research results and educating others about computer viruses and security issues.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account