ebook img

Trojans, Worms, And Spyware A Computer Security Professional's Guide To Malicious Code PDF

233 Pages·2005·1.32 MB·english
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Trojans, Worms, And Spyware A Computer Security Professional's Guide To Malicious Code

TROJANS, WORMS, AND SPYWARE This page intentionally left blank TROJANS, WORMS, AND SPYWARE A Computer Security Professional’s Guide to Malicious Code Michael Erbschloe AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Elsevier Butterworth–Heinemann 200 Wheeler Road, Burlington, MA 01803, USA Linacre House, Jordan Hill, Oxford OX2 8DP, UK Copyright © 2005, Elsevier Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected]. You may also complete your request on-line via the Elsevier homepage (http://elsevier.com), by selecting “Customer Support” and then “Obtaining Permissions.” Recognizing the importance of preserving what has been written, Elsevier prints its books on acid-free paper whenever possible. Library of Congress Cataloging-in-Publication Data Application submitted. British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 0-7506-7848-8 For information on all Butterworth–Heinemann publications visit our website at http://books.elsevier.com/security 03 04 05 06 07 08 09 10 9 8 7 6 5 4 3 2 1 Printed in the United States of America To my mother To my friends Blaster and Razer This page intentionally left blank Table of Contents Preface xiii Introduction xv Inside This Book xvii Acknowledgements xix 1 Malicious Code Overview 1 Why Malicious Code Attacks Are Dangerous 3 Impact of Malicious Code Attacks on Corporate Security 6 Why Malicious Code Attacks Work 8 Action Steps to Combat Malicious Code Attacks 15 2 Types of Malicious Code 17 E-mail Viruses and Miscellaneous Viruses 18 Trojans and Other Backdoors 22 Worms 23 Blended Threats 24 Time Bombs 25 Spyware 25 Adware 26 Stealware 28 Action Steps to Combat Malicious Code Attacks 29 vii viii Trojans, Worms, and Spyware 3 Review of Malicious Code Incidents 31 Historic Tidbits 32 The Morris Worm 35 Melissa 36 Love Bug 37 Code Red(s) 42 SirCam 43 Nimda 44 Slammer 44 The Summer of 2003 Barrage of Blaster, Sobig, and More 45 Early 2004 with MyDoom, Netsky, and More 46 Action Steps to Combat Malicious Code Attacks 47 4 Basic Steps to Combat Malicious Code Attacks 51 Understanding the Risks 52 Using Security Policies to Set Standards 54 System and Patch Updates 56 Establishing a Computer Incident Response Team 57 Training for IT Professionals 59 Training End Users 60 Applying Social Engineering Methods in an Organization 61 Working with Law Enforcement Agencies 62 Action Steps to Combat Malicious Code Attacks 65 5 Organizing for Security, Prevention, and Response 69 Organization of the IT Security Function 69 Where Malicious Code Attack Prevention Fits into the IT Security Function 72 Staffing for Malicious Code Prevention in IT 74 Budgeting for Malicious Code Prevention 77 Evaluating Products for Malicious Code Prevention 80 Establishing and Utilizing an Alert System 81 Establishing and Utilizing a Reporting System 83 Table of Contents ix Corporate Security and Malicious Code Incident Investigations 84 Action Steps to Combat Malicious Code Attacks 85 6 Controlling Computer Behavior of Employees 89 Policies on Appropriate Use of Corporate Systems 90 Monitoring Employee Behavior 92 Web Site Blockers and Internet Filters 93 Cookie and Spyware Blockers 97 Pop-up Blockers 99 Controlling Downloads 100 SPAM Control 103 Action Steps to Combat Malicious Code Attacks 107 7 Responding to a Malicious Code Incident 109 About the Case Study 110 The First Report of a Malicious Code Attack 112 The Confirmation Process 114 Mobilizing the Response Team 115 Notifying Management 116 Using an Alert System and Informing End Users 116 Cleanup and Restoration 117 Controlling and Capturing Malicious Code 119 Identifying the Source of Malicious Code 120 Preserving Evidence 122 When to Call Law Enforcement and What to Expect 122 Enterprise-wide Eradication 124 Returning to Normal Operations 126 Analyzing Lessons Learned 128 Action Steps to Combat Malicious Code Attacks 130 8 Model Training Program for End Users 133 Explaining Why the Training Is Important 134 Explaining the Appropriate-Use Policy for Computers and Networks 141

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.