book

Malware, Rootkits & Botnets A Beginner's Guide

Name: Malware, Rootkits & Botnets A Beginner's Guide
Author: Christopher Elisan
ISBN: 9780071792059

by Christopher Elisan

September 2012

Beginner

432 pages

9h 25m

English

McGraw-Hill

Read now

Unlock full access

Cover
Copyright
Dedication
About the Author
Contents at a Glance
Contents
Acknowledgments
Foreword
Introduction
Part I: Establishing the Foundation

1. Getting In Gear
A Malware EncounterA Brief Overview of the Threat LandscapeThreat to National SecurityStarting the JourneyWe’ve CoveredReferences
2. A Brief History of Malware
Computer VirusesClassification of Computer VirusesEarly ChallengesMalwareClassification of MalwareEvolution of MalwareRiskwareClassification of RiskwareMalware Creation KitsThe Impact of MalwareWe’ve Covered
3. Cloak of the Rootkit
What Is a Rootkit?Environment MechanicsThe Operating System KernelUser Mode and Kernel ModeRingsSwitching from User Mode to Kernel ModeTypes of RootkitsUser-Mode RootkitsKernel-Mode RootkitsRootkit TechniquesHookingDLL InjectionDirect Kernel Object ManipulationTackling RootkitsWe’ve Covered
4. Rise of the Botnets
What Is a Botnet?Main CharacteristicsKey ComponentsC&C StructureBotnet UsageDistributed Denial of Service AttackClick FraudSpam RelayPay-Per-Install AgentLarge-Scale Information HarvestingInformation ProcessingBotnet Protective MechanismsBulletproof HostingDynamic DNSFast FluxingDomain FluxingThe Fight Against BotnetsThe Technical FrontThe Legal FrontWe’ve CoveredReferences
Part II: Welcome to the Jungle
5. The Threat Ecosystem
The Threat EcosystemThe Technical ElementThe Human ElementThe Evolution of the Threat EcosystemAdvanced Persistent ThreatThe Attack MethodThe Attack ProfitabilityMalware EconomyMalware OutsourcingWe’ve Covered
6. The Malware Factory
The Need to Evade AntivirusMalware Incident Handling ProcessMalware DetectionCircumventing the Antivirus ProductThe Need for an Army of MalwareNext-Generation Malware KitsStand-Alone Armoring ToolsThe Impact of an Armored Army of MalwareThe Malware FactoryThe Malware Assembly LineThe Proliferation of Attacker ToolsMalware Population ExplosionWe’ve Covered
7. Infection Vectors
Infection VectorsPhysical MediaE-mailInstant Messaging and ChatSocial NetworkingURL LinksFile SharesSoftware VulnerabilitiesThe Potential of Becoming an Infection VectorWe’ve Covered
8. The Compromised System
IntroductionThe Malware Infection ProcessInstallation of Malware FilesSetting Up Malware PersistencyRemoving Evidence of the Malware InstallerPassing Control to the MalwareThe Active MalwareMaintaining the FootholdCommunicating with the AttackerExecuting the PayloadWe’ve Covered
Part III: The Enterprise Strikes Back
9. Protecting the Organization
The Threat Incident RespondersUnderstanding the Value of the SystemValue to the OrganizationValue to the AttackerUnderstanding the Characteristics of the SystemSystem TypeOperational ImpactSensitivity of Hosted DataUsers of the SystemNetwork LocationAccessibility to the AssetAsset Access RightsRecoverySystem StatusPrioritizing the SystemsThe Organization’s Security PostureUnderstanding the Cost of CompromiseDirect CostIndirect CostProtecting the SystemsThreat ModelingIdentifying the Appropriate SolutionsProactive Threat DetectionCreating an Incident Response PlanIdentify Different Compromise ScenariosIdentify Solution PatternsDefine Roles and ResponsibilitiesEstablish ProtocolsConduct Periodic Dry-RunsReview and ImprovePutting Everything into ActionBeyond ProtectionWe’ve Covered
10. Detecting the Threat
Establishing a BaselineEstablishing a Network BaselineEstablishing a Host BaselineDetecting AnomaliesDetecting Network AnomaliesDetecting Host AnomaliesIsolating the Source of the AnomalyDiving into the Compromised AssetPinpointing the MalwareClassifying the Malware Based on Its Attack DirectiveWe’ve Covered
11. Mitigating the Threat
IntroductionThreat MitigationImmediate ResponseContainmentVerificationThreat Detection and ClassificationRemediation and RestorationProactive ResponsePreventive MeasuresConducting a Periodic Security AuditThe Threat from InsidersWho Are the Insider Threats?Mitigating the Insider ThreatBe VigilantWe’ve Covered
Part IV: Final Thoughts
12. The Never-Ending Race
IntroductionA Short Review of the BookPredictionsThe Future of MalwareThe Future of RootkitsThe Future of BotnetsThe Good Guys Are Busy TooThe Adventure Has Just BegunWe’ve Covered
A: The Bootup Process
The Windows Bootup ProcessBIOS-Based SystemEFI-Based System
B: Useful Links
Vulnerability InformationFree Online Security ProductsFree File Scanner and Analysis ToolsWeb SecurityMalware TrackersOther Important Links
Glossary
Index

Content preview from Malware, Rootkits & Botnets A Beginner's Guide

Glossary

acceptable use of computers Defines what activities are acceptable on computer systems owned by the organization.

access attack The attempt to gain information the intruder is not authorized to see.

access control A mechanism used to restrict access to files, folders, or systems based on the identification and authentication of the user.

accountability The process an organization uses to account for an individual’s activities and to assign responsibility for actions that have taken place on an information system.

address resolution protocol (ARP) spoofing A tactic whereby the MAC address of a system is forged to get packets directed to the attacking computer.

administrative practices Practices that fall under the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780071792066

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Malware, Rootkits & Botnets A Beginner's Guide

by Christopher Elisan

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.