TROJANS, WORMS, AND SPYWARE A Computer Security Professional’s Guide to Malicious Code

Michael Erbschloe
Release at: 2005
Pages: 233
First Edition
File Size: 1 MB
File Type: pdf
Language: English

Content of TROJANS, WORMS, AND SPYWARE A Computer Security Professional’s Guide  to Malicious Code

1 Malicious Code Overview 1

Why Malicious Code Attacks Are Dangerous 3

Impact of Malicious Code Attacks on Corporate Security 6

Why Malicious Code Attacks Work 8

Action Steps to Combat Malicious Code Attacks 15

2 Types of Malicious Code 17

E-mail Viruses and Miscellaneous Viruses 18

Trojans and Other Backdoors 22

Worms 23

Blended Threats 24

Time Bombs 25

Spyware 25

Adware 26

Stealware 28

Action Steps to Combat Malicious Code Attacks 29

3 Review of Malicious Code Incidents 31

Historic Tidbits 32

The Morris Worm 35

Melissa 36

Love Bug 37

Code Red(s) 42

SirCam 43

Nimda 44

Slammer 44

The Summer of 2003 Barrage of Blaster, Sobig, and More 45

Early 2004 with MyDoom, Netsky, and More 46

Action Steps to Combat Malicious Code Attacks 47

4 Basic Steps to Combat Malicious Code Attacks 51

Understanding the Risks 52

Using Security Policies to Set Standards 54

System and Patch Updates 56

Establishing a Computer Incident Response Team 57

Training for IT Professionals 59

Training End Users 60

Applying Social Engineering Methods in an Organization 61

Working with Law Enforcement Agencies 62

Action Steps to Combat Malicious Code Attacks 65

5 Organizing for Security, Prevention, and Response 69

Organization of the IT Security Function 69

Where Malicious Code Attack Prevention Fits into the IT Security Function 72

Staffing for Malicious Code Prevention in IT 74

Budgeting for Malicious Code Prevention 77

Evaluating Products for Malicious Code Prevention 80

Establishing and Utilizing an Alert System 81

Establishing and Utilizing a Reporting System 83

Corporate Security and Malicious Code Incident Investigations 84

Action Steps to Combat Malicious Code Attacks 85

6 Controlling Computer Behavior of Employees 89

Policies on Appropriate Use of Corporate Systems 90

Monitoring Employee Behavior 92

Web Site Blockers and Internet Filters 93

Cookie and Spyware Blockers 97

Pop-up Blockers 99

Controlling Downloads 100

SPAM Control 103

Action Steps to Combat Malicious Code Attacks 107

7 Responding to a Malicious Code Incident 109

About the Case Study 110

The First Report of a Malicious Code Attack 112

The Confirmation Process 114

Mobilizing the Response Team 115

Notifying Management 116

Using an Alert System and Informing End Users 116

Cleanup and Restoration 117

Controlling and Capturing Malicious Code 119

Identifying the Source of Malicious Code 120

Preserving Evidence 122

When to Call Law Enforcement and What to Expect 122

Enterprise-wide Eradication 124

Returning to Normal Operations 126

Analyzing Lessons Learned 128

Action Steps to Combat Malicious Code Attacks 130

8 Model Training Program for End Users 133

Explaining Why the Training Is Important 134

Explaining the Appropriate-Use Policy for Computers and Networks 141

Explaining How the Help Desk and PC Support of the Organization Works 143

Providing Basic Information about Malicious Code 145

Covering the Basic Do’s and Don’ts of Computer Usage to Prevent Attacks 149

Explaining How to Identify and Report Malicious Code 151

Explaining What Employees Should Expect from the IT Department During Incident Response 152

Performing the Administrative Aspects of a Training Program 154

Action Steps to Combat Malicious Code Attacks 154

9 The Future of Malicious Code 157

Military-Style Information Warfare 158

Open-Source Information Warfare 166

Militancy and Social Action 174

Homeland Security Efforts 177

Action Steps to Combat Malicious Code Attacks 184

References 184

Appendix–Computer Security Resources 185

Central Command 185


CIO Security and Privacy Research Center 185

CISSP and SSCP Open Study Guide 185

Common Vulnerabilities and Exposures (CVE) 185

Computer Associates Virus Information Center 186

Department of Homeland Security 186

Federal Trade Commission 186

F-Secure Security Information Center 186

GFI Security Lab 186

ICSA Information Security Magazine 186

InfoSysSec 186

InfraGuard 186

Internet Security Review Magazine 187

Internet Storm Center 187

McAfee AVERT Virus Information Library 187

MessageLabs: Current Threats 187

Microsoft Security Advisor 187

NIST Computer Security Resource Clearinghouse 187

NIST Virus Information Page 188

NSA Information Assurance Program 188

Panda Software Virus Info 188

SC Info Security Magazine 188

Security Magazine 188

SecurityFocus 188

SecurityGeeks 188

Sophos Virus Information 188

Symantec Security Response 189

Trend Micro Virus Information Center 189

Virus Bulletin 189 189

Index 191

Similar Books