Malware, rootkits & botnets : a beginner's guide /
Saved in:
Author / Creator: | Elisan, Christopher C. |
---|---|
Imprint: | New York : McGraw-Hill, ©2013. |
Description: | 1 online resource (1 volume) : illustrations |
Language: | English |
Subject: | |
Format: | E-Resource Book |
URL for this record: | http://pi.lib.uchicago.edu/1001/cat/bib/13608919 |
Table of Contents:
- Cover
- Title Page
- Copyright Page
- About the Author
- About the Technical Editors
- Contents at a Glance
- Contents
- Acknowledgments
- Foreword
- Introduction
- Why This Book?
- Who Should Read This Book
- What This Book Covers
- How to Use This Book
- How This Book Is Organized
- Part I
- Part II
- Part IV
- About the Series
- Lingo
- IMHO
- Budget Note
- In Actual Practice
- Your Plan
- Into Action
- Part I: Establishing the Foundation
- Chapter 1: Getting In Gear
- A Malware Encounter
- A Brief Overview of the Threat Landscape
- Threat to National Security
- Starting the Journey
- We've Covered
- References
- Chapter 2: A Brief History of Malware
- Computer Viruses
- Classification of Computer Viruses
- Early Challenges
- Malware
- Classification of Malware
- Evolution of Malware
- Riskware
- Classification of Riskware
- Malware Creation Kits
- The Impact of Malware
- We've Covered
- Chapter 3: Cloak of the Rootkit
- What Is a Rootkit?
- Environment Mechanics
- The Operating System Kernel
- User Mode and Kernel Mode
- Rings
- Switching from User Mode to Kernel Mode
- Types of Rootkits
- User-Mode Rootkits
- Kernel-Mode Rootkits
- Rootkit Techniques
- Hooking
- DLL Injection
- Direct Kernel Object Manipulation
- Tackling Rootkits
- We've Covered
- Chapter 4: Rise of the Botnets
- What Is a Botnet?
- Main Characteristics
- Key Components
- C&C Structure
- Botnet Usage
- Distributed Denial of Service Attack
- Click Fraud
- Spam Relay
- Pay-Per-Install Agent
- Large-Scale Information Harvesting
- Information Processing
- Botnet Protective Mechanisms
- Bulletproof Hosting
- Dynamic DNS
- Fast Fluxing
- Domain Fluxing
- The Fight Against Botnets
- The Technical Front
- The Legal Front
- We've Covered
- References
- Part II: Welcome to the Jungle.
- Chapter 5: The Threat Ecosystem
- The Threat Ecosystem
- The Technical Element
- The Human Element
- The Evolution of the Threat Ecosystem
- Advanced Persistent Threat
- The Attack Method
- The Attack Profitability
- Malware Economy
- Malware Outsourcing
- We've Covered
- Chapter 6: The Malware Factory
- The Need to Evade Antivirus
- Malware Incident Handling Process
- Malware Detection
- Circumventing the Antivirus Product
- The Need for an Army of Malware
- Next-Generation Malware Kits
- Stand-Alone Armoring Tools
- The Impact of an Armored Army of Malware
- The Malware Factory
- The Malware Assembly Line
- The Proliferation of Attacker Tools
- Malware Population Explosion
- We've Covered
- Chapter 7: Infection Vectors
- Infection Vectors
- Physical Media
- Instant Messaging and Chat
- Social Networking
- URL Links
- File Shares
- Software Vulnerabilities
- The Potential of Becoming an Infection Vector
- We've Covered
- Chapter 8: The Compromised System
- The Malware Infection Process
- Installation of Malware Files
- Setting Up Malware Persistency
- Removing Evidence of the Malware Installer
- Passing Control to the Malware
- The Active Malware
- Maintaining the Foothold
- Communicating with the Attacker
- Executing the Payload
- We've Covered
- Part III: The Enterprise Strikes Back
- Chapter 9: Protecting the Organization
- The Threat Incident Responders
- Understanding the Value of the System
- Value to the Organization
- Value to the Attacker
- Understanding the Characteristics of the System
- System Type
- Operational Impact
- Sensitivity of Hosted Data
- Users of the System
- Network Location
- Accessibility to the Asset
- Asset Access Rights
- Recovery
- System Status
- Prioritizing the Systems
- The Organization's Security Posture.
- Understanding the Cost of Compromise
- Direct Cost
- Indirect Cost
- Protecting the Systems
- Threat Modeling
- Identifying the Appropriate Solutions
- Proactive Threat Detection
- Creating an Incident Response Plan
- Identify Different Compromise Scenarios
- Identify Solution Patterns
- Define Roles and Responsibilities
- Establish Protocols
- Conduct Periodic Dry-Runs
- Review and Improve
- Putting Everything into Action
- Beyond Protection
- We've Covered
- Chapter 10: Detecting the Threat
- Establishing a Baseline
- Establishing a Network Baseline
- Establishing a Host Baseline
- Detecting Anomalies
- Detecting Network Anomalies
- Detecting Host Anomalies
- Isolating the Source of the Anomaly
- Diving into the Compromised Asset
- Pinpointing the Malware
- Classifying the Malware Based on Its Attack Directive
- We've Covered
- Chapter 11: Mitigating the Threat
- Threat Mitigation
- Immediate Response
- Containment
- Verification
- Threat Detection and Classification
- Remediation and Restoration
- Proactive Response
- Preventive Measures
- Conducting a Periodic Security Audit
- The Threat from Insiders
- Who Are the Insider Threats?
- Mitigating the Insider Threat
- Be Vigilant
- We've Covered
- Part IV: Final Thoughts
- Chapter 12: The Never-Ending Race
- A Short Review of the Book
- Predictions
- The Future of Malware
- The Future of Rootkits
- The Future of Botnets
- The Good Guys Are Busy Too
- The Adventure Has Just Begun
- We've Covered
- Appendix A: The Bootup Process
- The Windows Bootup Process
- BIOS-Based system
- EFI-Based System
- Appendix B: Useful Links
- Vulnerability Information
- Free Online Security Products
- Free File Scanner and Analysis Tools
- Web Security
- Malware Trackers
- Other Important Links
- Glossary
- Index.