Malware Fighting Malicious Code

ISBN-10: 0131014056

ISBN-13: 9780131014053

Edition: 2004

Authors: Ed Skoudis, Lenny Zeltser

List price: $64.99 Buy it from $8.18
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy


Malicious code is a set of instructions that runs on your computer and makes your system do something that you do not want it to do. For example, it can delete sensitive configuration files from your hard drive, rendering your computer completely inoperable; infect your computer and use it as a jumping-off point to spread to all of your buddies' computers; and steal files from your machine. Malicious code in the hands of a crafty attacker is indeed powerful. It's becoming even more of a problem because many of the very same factors fueling the evolution of the computer industry are making our systems even more vulnerable to malicious code. Specifically, malicious code writers benefit from the trends toward mixing static data and executable instructions, increasingly homogenous computing environments, unprecedented connectivity, an ever-larger clueless user base, and an unfriendly world. Skoudis addressed malicious code in just one chapter of his previous book. Here, a dozen chapters focus on one of the most interesting and rapidly developing areas of computer attacks.*Chapter 11, "Defender's Toolbox," rolls together the defensive strategies described in the book. As a bonus, Skoudis gives recipes for creating your own malicious code analysis laboratory using cheap hardware and software.
Used Starting from $29.40
New Starting from $46.54
what's this?
Rush Rewards U
Members Receive:
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS PowerPoint® 2010 Online content $4.95 $1.99
Customers also bought

Book details

List price: $64.99
Copyright year: 2004
Publisher: Prentice Hall PTR
Publication date: 11/7/2003
Binding: Paperback
Pages: 672
Size: 6.75" wide x 9.25" long x 1.75" tall
Weight: 3.080
Language: English

Defining the Problem
Why Is Malicious Code So Prevalent?
Mixing Data and Executable Instructions: A Scary Combo
Malicious Users
Increasingly Homogeneous Computing Environments
Unprecedented Connectivity
Ever Larger Clueless User Base
The World Just Isn't a Friendly Place
Types of Malicious Code
Malicious Code History
Why This Book?
What To Expect
The Early History of Computer Viruses
Infection Mechanisms and Targets
Infecting Executable Files
Companion Infection Techniques
Infecting Boot Sectors
Infecting Document Files
Other Virus Targets
Virus Propagation Mechanisms
Removable Storage
E-Mail and Downloads
Shared Directories
Defending against Viruses
Antivirus Software
Configuration Hardening
User Education
Malware Self-Preservation Techniques
Polymorphism and Metamorphism
Antivirus Deactivation
Thwarting Malware Self-Preservation Techniques
Why Worms?
Taking over Vast Numbers of Systems
Making Traceback More Difficult
Amplifying Damage
A Brief History of Worms
Worm Components
The Worm Warhead
Propagation Engine
Target Selection Algorithm
Scanning Engine
Bringing the Parts Together: Nimda Case Study
Impediments to Worm Spread
Diversity of Target Environment
Crashing Victims Limits Spread
Overexuberant Spread Could Congest Networks
Don't Step on Yourself!
Don't Get Stepped on By Someone Else
The Coming Super Worms
Multiplatform Worms
Multiexploit Worms
Zero-Day Exploit Worms
Fast-Spreading Worms
Polymorphic Worms
Metamorphic Worms
Truly Nasty Worms
Bigger Isn't Always Better: The Un-Super Worm
Worm Defenses
Ethical Worms?
Antivirus: A Good Idea, but Only with Other Defenses
Deploy Vendor Patches and Harden Publicly Accessible Systems
Block Arbitrary Outbound Connections
Establish Incident Response Capabilities
Don't Play with Worms, Even Ethical Ones, Unless...
Malicious Mobile Code
Browser Scripts
Resource Exhaustion
Browser Hijacking
Stealing Cookies via Browser Vulnerabilities
Cross-Site Scripting Attacks
ActiveX Controls
Using ActiveX Controls
Malicious ActiveX Controls
Exploiting Nonmalicious ActiveX Controls
Defending against ActiveX Threats: Internet Explorer Settings
Java Applets
Using Java Applets
Java Applet Security Model
Malicious Java Applets
Mobile Code in E-Mail Clients
Elevated Access Privileges via E-Mail
Defending against Elevated E-Mail Access
Web Bugs and Privacy Concerns
Defending against Web Bugs
Distributed Applications and Mobile Code
Additional Defenses against Malicious Mobile Code
Antivirus Software
Behavior-Monitoring Software
Antispyware Tools
Different Kinds of Backdoor Access
Installing Backdoors
Starting Backdoors Automatically
Setting Up Windows Backdoors to Start
Defenses: Detecting Windows Backdoor Starting Techniques
Starting UNIX Backdoors
Defenses: Detecting UNIX Backdoor Starting Techniques
All-Purpose Network Connection Gadget: Netcat
Netcat Meets Standard In and Standard Out
Netcat Backdoor Shell Listener
Limitation of Simple Netcat Backdoor Shell Listener
Shoveling a Shell with Netcat Backdoor Client
Netcat + Crypto = Cryptcat
Other Backdoor Shell Listeners
Defenses against Backdoor Shell Listeners
GUIs Across the Network, Starring Virtual Network Computing
Let's Focus on VNC
VNC Network Characteristics and Server Modes
Shoveling a GUI with VNC
Remote Installation of Windows VNC
Remote GUI Defenses
Backdoors without Ports
ICMP Backdoors
Nonpromiscuous Sniffing Backdoors
Promiscuous Sniffing Backdoors
Defenses against Backdoors without Ports
Trojan Horses
What's in a Name?
Playing with Windows Suffixes
Mimicking Other File Names
The Dangers of Dot "." in Your Path
Trojan Name Game Defenses
Wrap Stars
Wrapper Features
Wrapper Defenses
Trojaning Software Distribution Sites
Trojaning Software Distribution the Old-Fashioned Way
Popular New Trend: Going after Web Sites
The Tcpdump and Libpcap Trojan Horse Backdoor
Defenses against Trojan Software Distribution
Poisoning the Source
Code Complexity Makes Attack Easier
Test? What Test?
The Move Toward International Development
Defenses against Poisoning the Source
Co-opting a Browser: Setiri
Setiri Components
Setiri Communication
Setiri Defenses
Hiding Data in Executables: Stego and Polymorphism
Hydan and Executable Steganography
Hydan in Action
Hydan Defenses
User-Mode RootKits
UNIX User-mode RootKits
LRK Family
The Universal RootKit (URK)
File System Manipulation with RunEFS and the Defiler's Toolkit
A Brief Overview of the ext2 File System
UNIX RootKit Defenses
Windows User-Mode RootKits
Manipulating Windows Logon with FakeGINA
WFP: How It Works and Attacks against It
DLL Injection, API Hooking, and the AFX Windows RootKit
User-Mode RootKit Defenses on Windows
User-Mode RootKit Response on Windows
Kernel-Mode RootKits
What Is the Kernel?
Kernel Manipulation Impact
The Linux Kernel
Adventures in the Linux Kernel
Methods for Manipulating the Linux Kernel
Defending the Linux Kernel
The Windows Kernel
Adventures in the Windows Kernel
Methods for Manipulating the Windows Kernel
Defending the Windows Kernel
Going Deeper
Setting the Stage: Different Layers of Malware
Going Deeper: The Possibility of BIOS and Malware Microcode
The Possibility of BIOS Malware
Microcode Malware
Combo Malware
Lion: Linux Worm/RootKit Combo
Bugbear: Windows Worm/Virus/Backdoor Combo
But That's Not All (Unfortunately)
Combo Malware Defenses
A Fly in the Ointment
Invasion of the Kernel Snatchers
Silence of the Worms
Malware Analysis
Building a Malware Analysis Laboratory
Caveats: Using Nonproduction Systems and Staying off of the Internet
Overall Lab Architecture
Virtualizing Everything
Malware Analysis Process
Analysis of Malware and Legitimate Software
Preparation and Verification
Loading the Specimen and Getting Ready for Analysis
Static Analysis
Dynamic Analysis
Foiling Malware Analysis with Burneye
Useful Web Sites for Keeping Up
Packet Storm Security
Security Focus
Global Information Assurance Certification
Phrack Electronic Magazine
The Honeynet Project
Mega Security
Infosec Writers
Parting Thoughts
Parting Thoughts: Pessimist's Version
Parting Thoughts: Optimist's Version
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.