|
|
 |
| Авторизация |
|
|
|
| Поиск по указателям |
|
|
|
|
|
|
|
 |
|
|
|
| John Aycock — Computer Viruses and Malware |
|
|
|
| Предметный указатель |
Absolute security 2 201
Access-for-sale worm 179—181
Address space randomization 132 160 202
Adleman, L. 14
adware 17 194
Aho — Corasick algorithm 56—61 64
Anderson, J.P. 13
Animal 17
Anti-anti-virus 97—106
Anti-debugging 101—103 105
Anti-disassembly 103—105
Anti-emulation 99—100 102 168
Anti-stealth 88
Anti-virus, community 191—197
Anti-virus, marketing 195—196
Anti-virus, performance 55 65—69 74 76 78—81 99 195
Anti-virus, researcher 19 20 192
Anti-virus, scanning 55—70 79
Anti-virus, testing 64—65
Anti-virus, virus 97
Appending virus 30 31 69 72 83
Armored virus 101—105
ARPANET 14
Array bounds check 113 131—132 146
Asymmetric encryption see "Public-key encryption"
Asymmetric warfare 183
Austria 3
Authentication 13 16 17 135 145
Author of malware 21 189—192 201
Author of virus 14 19 21 181—182 189—191
Author of worm 5 149 179—181
Automated theorem proving 46
Backdoor 13—14 17 179 181
bacteria see "Rabbit"
Basic Input/Output System 29 88
batch file 30 71
Behavior blocker 71—74 132
Behavior monitor see "Behavior blocker"
Benevolent malware 177—178
Benford, G. 14
big-endian 117
binary comparison 133—134
Binary virus 47
BIOS see "Basic input/output system"
Blacklist 18
Blackmail 179
Blended threat 18
Booster 69—71 75
Boot sequence 28—30
Boot-sector infector 28—30 32 70
bot 19
Botnet 19 149 151 191
Breakpoint 101 103 104
Brunner, j. 15
Brute-force search 46 48 132
Buddy list 153
Buffer overflow 113—122 124 130 133 143 148 151 159 160
Bug 1 2 15 27 86 87 89 100 106 113 127 129 132 135 177
Cache 66—67 73—74 78—79 132 161
Canary 129—131 160
Checksum 48 66—68 70 82—84 101 106
Chosen-plaintext attack 83
Cleaning, see disinfection code auditing 128 132
Code inlining 43—44
Code outlining 44
Cohen, F. 14
collateral damage 147 183
Companion virus 32—33 70 89 106
Compiler 17 41 46 47 68 69 87 90—91 99 104 110 111 116 130 131 134 147
Compression 32 68 87 152
Conspiracy theory 192
Constant propagation 90
core dump 147
Core War 14
Covert channel 181
Cracker 22 194
Creeper 15
Cryptovirology 181—182
Cyberterrorism 185
Darwin 14
Data diddler 83
Data Mining 70 179
Data reordering 41 131
Database 19 20 55 67 68 70 73 79 85—87 89 98 106 138 160 192—194
DDoS attack see "Distributed denial-of-service attack"
Dead code elimination 90
Debugging 13 162 see
Decompiler 133 196
Decryptor loop 35 37 38 40—46 69 75 100
Deep packet inspection 164 165
Defense 131
Dellinger, J. 14
Delta 87
Denial-of-service attack 1—2 18 166 174 183 184 see
Detection 53—80
Detection, comparison of methods 79—80
Detection, dynamic 71—79
Detection, dynamic heuristic 74
Detection, known viruses 54
Detection, static 55—71
Detection, static heuristic 69—70 80 105
Detection, unknown viruses 54 see
dictionary attack 146
Disassembly 46 133 134 see
Disinfection 37 53 54 80—85 163
Disinfection, known viruses 54
Disinfection, unknown viruses 54 see
Disinformation 185
Distributed denial-of-service attack 18 149 172 179 185
DNS see "Domain name system"
Domain name 48 98 150 173
Domain Name System 173
Dormant virus 15 53
DoS attack see "Denial-of-service attack"
Drive-by download 17 135
Dropper 18
Dumpster diving 135
Dynamic memory allocation 110 120—122 124 131 132
ECCM see "Electronic counter-countermeasure"
ECM see "Electronic countermeasure"
Edwards, D.J. 13
EICAR test file 65
Electronic counter-countermeasure 184
Electronic countermeasure 183—184
ELF file 33
Email worm 21 143 153 158 168 169
Emulation 74—79 132 160 168 see
Encrypted virus 35—38 46 47 70 76 79 81 97 104
Encrypted worm 144 166
Encryption see "Strong encryption"
Endianness 117
Endnote convention 7
Entry library 101
entry point 30 65—66 69 72 77 83 88
Entry point obfuscation 99
Entry subroutine 130 131 see
environment variable 115—116
Environmental key generation 47 104
EPO see "Entry point obfuscation"
Error correction 101
Error detection 101
Espionage 3 185 191
Ethics 178 190
Expert system 70
Exploit string 114 115 117 131
Extortion 12 181—182 191
Fail-open system 166
Failure function 56 60
False negative 54
False positive 40 54 65 68 73 80—82 89 106 170 173 194 195
| Fast burner 148
Females 189 191
File infector 30—33
FileSystem 29 32 37 39 67 78 160 162 182
finger 145—146
Finite automaton 56 60
FireWall 98 163—165 192 196 202 see
Fixed point scanning 66
Flash worm 148
Footnote convention see "Endnote convention"
Forced quarantine virus 184
Ford, R. 185
Fork bomb 16
Format defense 128—129
Format function 125 126 128 129 133
Format string vulnerability 125—127 131
Frame pointer 112—114 116 117 119 129
Frame pointer overwriting 116—118
Free list 121 122
Frequency analysis 81
Full Disclosure 133
Generic decryption 74—75
Generic detection 4 54 82
Generic disinfection 54 80 83 84
Genetic algorithm 46
Germ 15
Gerrold, D. 14
Ghost positive 54
Goat file 77—78 83 168
Google 154
Gordon, S. 185
Graffiti 190 191
Graph isomorphism 134
Grappling hook 147
Gray area detection 194—196
Grunt scanning 65 67
Hacker 21—22 190
Halting problem 76
Hard drive password 182
Hash function 40 62 104
Hash table 60—64
header file 30 33 39 72 83
Header packet 163—164 169
Heap overflow 119—120 122 124
HIDs see "Intrusion detection system"
histogram 70 76
Hit-list scanning worm 151—152 169 172
honeypot 168—169 173 181 192
Host-based defense 158 169
Hruska, J. 189
Hupp, J.A. 144
Hybrid malware 17
ICMP see "Internet control message protocol"
Identity theft 4 6 135 179
IDS see "Intrusion detection system"
IM worm see "Instant messaging worm"
Immune system 71—72
Immunization 177—178
Impersonation 135 179
Infection 14 143
Infection mechanism 27 34
Infection vector 27 47 154 196
Infestation see "Infection"
Information embargo 182
Information warfare 182—185 191
Inoculation 40
Input terminator 115 130
Insider threat 87
Instant messaging worm 143 153
Instruction fetching 43 77 102
Instruction reordering 41
Instruction scheduling 41
Instruction sequence equivalence 40 46
Integer overflow 123—124
Integer sign error 124
Integer truncation error 124
Integrity attack 106
Integrity checker 66 70—71 80 83 160 169
Integrity shell 71
Intended virus 15 53
Internet control message protocol 164
Internet protocol address 150 151 153 154 164 169 173
Internet Relay Chat 19 47
Internet stealth 147
Internet Worm 15 18 114 145—147 153
Interpreted code 11 33 42—44 88—90 163
interrupt handler 37 77 101—104
Interrupt vector 37 69
Intrusion Detection System 56 164—167
Intrusion Prevention System see "Intrusion detection system"
IP address see "Internet protocol address"
IPS see "Intrusion detection system"
IRC see "Internet relay chat"
ItW see "Wild in
Jamming 183
JIT compilation see "Run-time code generation"
Junk code 42 47 69 99
just-in-time compilation see "Run-time code generation"
KeyLogger 16
Legal considerations 8 18 75 167 178 183 195 196 see negligence"
Liability 4
little-endian 117 127
load balancing 172
locality of reference 161 171
Localized scanning worm 151
Logic bomb 12—13 27 184
Macro virus 33—34 41 46
Macro virus detection 89—90
Macro virus disinfection 89—90
Mail Transport Agent 145 172
Mail User Agent 145 169
malicious software see "Malware"
malware 2
Malware analysis 7 19 20 48 97 101 103 104 192—194
Malware collection 4
Malware cost 3—4
Malware distributor 21
Malware instance 11
Malware naming 19—21
Malware sample 4 168 192—194
Malware taxonomy 11
Malware type 11—20
man-in-the-middle attack 87
Memory allocator attack 120—122
Memory layout 110
Memory protection 110 118 129 131 161—163
Memory scanning 161—163
Metamorphism 46—47 74 76 82 103 144 166
Miller, B.P. 125
MISS see "False negative"
Mobile agent 178
Moms, R., Jr. 15
monoculture 202
Moral development 189
Morris worm see "Internet worm"
Motivation 190—191
Multipartite virus 27
Mutation engine 40 46 48
Negative heuristic see "Stopper"
negligence 3 197
Neural network 70
NIDS see "Intrusion detection system"
NOP sled 114 115 165
NTFS alternate data stream 39
Obfuscation 35 40 46 72 80 103
Oligomorphism 38 144
On-access scanning 55 68
On-demand scanning 55
Open proxy 178
Operating system scheduler 98
|
|
|
| Реклама |
|
|
|
|
|
О проекте