ebook img

Computer viruses and anti-virus warfare PDF

217 Pages·2011·90.62 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Computer viruses and anti-virus warfare

COMPUTER VIRUSES AND ANTI-VIRUS WARFARE Second Revised Edition COMPUTER VIRUSES AND ANTI-VIRUS WARFARE Second Revised Edition JAN HRUSKA Technical Director, SOPHOS Limited, Abingdon, Oxfordshire ELLIS HORWOOD NEW YORK LONDON TORONTO SYDNEY TOKYO SINGAPORE First published in 1992 by ELLIS HORWOOD LIMITED Market Cross House, Cooper Street, Chichester, West Sussex, P019 1EB, England A division of Simon & Schuster International Group A Paramount Communications Company © Ellis Horwood Limited, 1992 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission, in writing, of the publisher Printed and bound in Great Britain by Hartnolls, Bodmin British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN 0-13-036377-4 Pbk Library of Congress Cataloging-in-Publication Data Available from the publisher TABLE OF CONTENTS PREFACE AND ACKNOWLEDGEMENTS 13 CHAPTER 1 AN OVERVIEW OF THREATS TO COMPUTER SYSTEMS 17 1.1 TROJAN HORSES . 18 1.1.1 TROJAN EXAMPLE 1: BATCH FILES 18 1.1.2 TROJAN EXAMPLE 2: ANSI. SYS 19 1.1.3 TROJAN EXAMPLE 3: THE AIDS DISK THROUGH THE POST 20 1.2 LOGIC BOMBS 23 1.3 VIRUSES 24 1.4 WORMS 25 1.4.1 WORM EXAMPLE 1: CHRISTMAS TREE ON IBM VM 26 1.4.2 WORM EXAMPLE 2: INTERNET WORM ON UNIX 26 1.4.3 WORM EXAMPLE 3: SPAN WORM ON VAX/VMS 26 CHAPTER 2 HOW CAN A VIRUS PENETRATE A COMPUTER? 29 2.1 HOW DOES AN INFECTION HAPPEN? 30 2.2 EXECUTABLE PATH 32 2.3 VIRUS CARRIER MEDIA 35 2.3.1 FLOPPY DISKS 35 2.3.2 REMOVABLE HARD DISKS 36 2.3.3 MAGNETIC TAPE CARTRIDGES 36 6 TABLE OF CONTENTS 2.3.4 OTHER STORAGE MEDIA 36 2.3.5 NETWORKS 36 2.3.6 MODEMS 36 2.4 VIRUS INFILTRATION ROUTES AND METHODS 36 2.4.1 PIRATED SOFTWARE 36 2.4.2 BULLETIN BOARDS (BBS) 37 2.4.3 SHAREWARE 37 2.4.4 PUBLIC DOMAIN SOFTWARE ... 38 2.4.5 SHARED PCS (PC AT HOME) 39 2.4.6 FLOPPY DISKS SUPPLIED BY COMPUTER MAGAZINES 39 2.4.7 SERVICE ENGINEERS 39 2.4.8 SHRINK-WRAPPED SOFTWARE 40 CHAPTER 3 VIRUS STRUCTURE 41 3.1 VIRUS TYPES 42 3.1.1 BOOTSTRAP SECTOR VIRUSES 42 3.1.2 PARASITIC VIRUSES 44 3.1.3 MULTI-PARTITE VIRUSES 46 3.1.4 COMPANION VIRUSES 46 3.1.5 LINK VIRUSES 47 3.2 VIRUS BEHAVIOUR AFTER GAINING CONTROL 49 3.2.1 MEMORY-RESIDENT VIRUSES 49 3.2.2 NON-MEMORY-RESIDENT VIRUSES 49 3.2.3 HYBRIDS 49 3.3 VIRUS HIDING MECHANISMS 49 3.3.1 ENCRYPTION 49 3.3.2 INTERRUPT INTERCEPTION: STEALTH VIRUSES 51 3.3.3 BINARY VIRUSES 52 3.3.4 VIRUSES WHICH INFECT THE FIRST CLUSTER OF THE DATA AREA 54 3.3.5 SPARSE INFECTION: THE UNSCANNABLE VIRUS 54 3.3.6 HIGH LEVEL LANGUAGE VIRUSES 55 3.4 VIRUS SIDE-EFFECTS 55 CHAPTER 4 VIRUS FACTS AND FICTION 57 4.1 THE NUMBERS GAME 57 4.1 HOW ARE VIRUS ATTACKS DISCOVERED 59 4.2 VIRUSES AND THE CALENDAR 59 4.3 CAN VIRUSES CAUSE HARDWARE DAMAGE 60 4.4 MODEM VIRUS, CMOS VIRUS AND OTHER NONSENSE 61 CHAPTER 5 WHO WRITES VIRUSES? 63 5.1 VIRUS WRITERS' PROFILE 63 5.1.1 HACKERS 64 7 TABLE OF CONTENTS 5.1.2 FREAKS 64 5.1.3 UNIVERSITY STUDENTS 65 5.1.4 EMPLOYEES 65 5.1.5 COMPUTER CLUBS 65 5.1.6TERRORIST ORGANISATIONS 66 5.2 DISSECTION OF A CAPTURED VIRUS 66 5.2.1 VIRUS DISASSEMBLY 66 5.3 FORENSIC EVIDENCE 69 5.3.1 WHICH ASSEMBLER? 69 5.3.2 ILLEGAL INSTRUCTIONS 69 5.3.3 PROGRAMMING STYLE 69 5.3.4 LANGUAGE AND SPELLING 70 5.3.5 PLACE AND TIME OF FIRST DETECTION 70 5.3.6 ANCESTORS 71 5.4 VIRUS MUTATIONS 71 5.4.1 CHANGING VIRUS SIDE-EFFECTS 71 5.4.2 VIRUS 'IMPROVEMENTS' 72 5.4.3 MUTATIONS TO FOOL PATTERN-CHECKING PROGRAMS 72 5.4.4 NEW VIRUSES 74 5.5 VIRUS EXCHANGE BULLETIN BOARDS 74 CHAPTER 6 ANTI-VIRUS PROCEDURES - FIVE COUNTERMEASURES 75 6.1 PREPARATION 76 6.1.1 REGULAR AND SOUND BACKUPS 76 6.1.2 WRITE-PROTECTED SYSTEM FLOPPY DISK 76 6.1.3 CONTINGENCY PLAN 77 6.2 PREVENTION 77 6.2.1 CREATING USER AWARENESS 77 6.2.2 HYGIENE RULES 78 6.2.3 ACCESS CONTROL 79 6.2.4 DIRTY PC 79 6.2.5 QUARANTINE PC 80 6.3 DETECTION 80 6.3.1 'STRANGE' OCCURRENCES 80 6.3.2 ANTI-VIRUS SOFTWARE 80 6.3.3 CONFIRMING THAT THE VIRUS IS NOT A MUTATION 80 6.4 CONTAINMENT 81 6.4.1 NETWORK ACCESS 82 6.4.2 DISK INTERCHANGE 82 6.4.3 WRITE-PROTECTTABS 82 6.5 RECOVERY 83 6.5.1 CLEANING HARD DISKS 83 6.5.2 CLEANING FLOPPY DISKS 84 8 TABLE OF CONTENTS 6.5.3 REINFECTION 84 6.5.4 RECOVERY FROM VIRUS SIDE-EFFECTS 84 6.5.3 OTHER POINTS 85 CHAPTER 7 ANTI-VIRUS SOFTWARE 87 7.1 ANTI-VIRUS SOFTWARE TYPES 88 7.1.1 SCANNING SOFTWARE (VIRUS-SPECIFIC) 88 7.1.2 CHECKSUMMING SOFTWARE (VIRUS NON-SPECIFIC) 88 7.1.3 MONITORING SOFTWARE (VIRUS-SPECIFIC) 89 7.1.4 MONITORING SOFTWARE (VIRUS NON-SPECIFIC) 90 7.1.5 'INOCULATION' SOFTWARE (VIRUS-SPECIFIC) 91 7.1.6 INTEGRITY SHELLS (VIRUS NON-SPECIFIC) 91 7.1.7 DISINFECTION SOFTWARE (VIRUS-SPECIFIC) 91 7.1.8 VIRUS REMOVAL SOFTWARE (VIRUS NON-SPECIFIC) 92 7.2 TESTING ANTI-VIRUS PRODUCTS 92 7.3 FALSE POSITIVES AND FALSE NEGATIVES 93 7.3.1 VIRUS-SCANNING SOFTWARE 93 7.3.2 CHECKSUMMING SOFTWARE 94 7.3.3 VIRUS NON-SPECIFIC MONITORING SOFTWARE 94 7.3.4 VIRUS-SPECIFIC MONITORING SOFTWARE 95 7.4 SUMMARY OF ANTI-VIRUS SOFTWARE 95 CHAPTER 8 VIRUSES AND NETWORKS . 97 8.1 PATHOLOGY OF A VIRUS INFECTION ON NETWARE 97 8.1.1 VIRUS ENTRY INTO THE NETWORK 98 8.1.2 PRACTICAL TRIAL - JERUSALEM ON NETWARE 2.12 98 8.2 NETWARE 3.11 SECURITY MECHANISMS 98 8.3 NETWARE3.il PRACTICAL EXPERIMENTS 99 8.3.1 PARASITIC VIRUSES 99 8.3.1.1 Default NetWare 3.11 Security 100 8.3.1.2 Rights Set to Read-only 100 8.3.1.3 File Attributes Set to Read-only 100 8.3.1.4 File Attributes Set to Execute-only 100 8.3.1.5 Running Under Supervisor Mode 101 8.3.2 BOOT SECTOR VIRUSES 101 8.3.3 MULTI-PARTITE VIRUSES 101 8.4 NETWARE 3.11-SPECIFIC VIRUSES 101 8.4.1 FIRST NOVELL 'VIRUS' 101 8.4.2 JON DAVID'S FALSE ALARM 102 8.4.3 NETWARE VIRUS FROM THE NETHERLANDS 102 8.4.3.1 Virus Structure 102 8.4.3.2 Practical Trials on NetWare 286 103 8.4.3.3 Practical Trials on NetWare 3.11 103 8.5 IMPLICATIONS OF STEALTH VIRUSES ON NETWARE 3.11 103 9 TABLE OF CONTENTS 8.6 PRACTICAL ANTI-VIRUS MEASURES FOR NETWARE 3.11 NETWORK ADMINISTRATORS 103 8.6.1 DISKLESS WORKSTATIONS 103 8.6.2 REMOTE BOOTSTRAP ROMS 104 8.6.3 ENHANCED ACCESS CONTROL 104 8.6.4 ANTI-VIRUS SOFTWARE 104 8.6.5 TWO IDS FOR NETWORK SUPERVISORS 105 8.6.6 SECURE ACCESSING OF NETWARE 3.11 105 8.6.7 TIGHTENING NETWARE 3.11 SECURITY 105 8.6.8 CONCLUSIONS 106 8.6.8.1 NetWare 3.11 Administration 106 8.6.8.2 NetWare 3.11 Virus Infections 106 8.6.8.3 Other Points 106 APPENDIX A BIBLIOGRAPHY AND OTHER SOURCES OF INFORMATION 107 A. 1 BOOKS ON VIRUSES AND DATA SECURITY 107 A.2 PERIODICALS ON VIRUSES AND DATA SECURITY 108 A.3 ELECTRONIC BULLETIN BOARDS CARRYING VIRUS-RELATED DISCUSSIONS 109 A.4 VIRUS INFORMATION AVAILABLE ON DISK 109 A.5 VIRUS TRAINING VIDEOS 109 A.6 OTHER USEFUL BOOKS 110 APPENDIX B 'SEARCH': VIRUS-SPECIFIC DETECTION PROGRAM Ill B.l DESCRIPTION OF 'SEARCH' 112 B.2 COMPILING 'SEARCH' 112 B.3 'SEARCH' CODE IN 'C' 113 B.4 SEARCH CODE IN ASSEMBLY LANGUAGE 122 APPENDIX C 'FINGER': VIRUS NON-SPECIFIC DETECTION PROGRAM 125 C.l DESCRIPTION OF FINGER 125 C.2 COMPILING 'FINGER' 126 C.3 FINGER CODE IN 'C' 127 APPENDIX D ANTI-VIRUS SOFTWARE MANUFACTURERS 135 NOTES ON TELEPHONE AND FAX NUMBERS 135 APPENDIX E GLOSSARY OF TERMS 139 10 TABLE OF CONTENTS APPENDIX F VIRUS HUNTER'S CHECKLIST 153 APPENDIX G KNOWN IBM-PC VIRUSES 155 G.l VIRUS NAMES AND ALIASES 155 G.2 VIRUS HEX PATTERNS 156 G.3 IBM-PC VIRUSES 157 G.4 TROJAN HORSES 220 INDEX

Description:
printed on a Hewlett-Packard LaserJet-IIISi. I wish to thank addicts remain reasonably responsible (and use sterile needles), others (psychopaths).
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.