Download Malware, Rootkits & Botnets A Beginner's Guide PDF

TitleMalware, Rootkits & Botnets A Beginner's Guide
File Size44.8 MB
Total Pages385
Table of Contents
                            Cover
Title Page
Copyright Page
About the Author
	About the Technical Editors
Contents at a Glance
Contents
Acknowledgments
Foreword
Introduction
	Why This Book?
	Who Should Read This Book
	What This Book Covers
	How to Use This Book
	How This Book Is Organized
		Part I
		Part II
		Part IV
	About the Series
		Lingo
		IMHO
		Budget Note
		In Actual Practice
		Your Plan
		Into Action
Part I: Establishing the Foundation
	Chapter 1: Getting In Gear
		A Malware Encounter
		A Brief Overview of the Threat Landscape
		Threat to National Security
		Starting the Journey
		We’ve Covered
		References
	Chapter 2: A Brief History of Malware
		Computer Viruses
			Classification of Computer Viruses
			Early Challenges
		Malware
			Classification of Malware
			Evolution of Malware
		Riskware
			Classification of Riskware
		Malware Creation Kits
		The Impact of Malware
		We’ve Covered
	Chapter 3: Cloak of the Rootkit
		What Is a Rootkit?
		Environment Mechanics
			The Operating System Kernel
			User Mode and Kernel Mode
			Rings
			Switching from User Mode to Kernel Mode
		Types of Rootkits
			User-Mode Rootkits
			Kernel-Mode Rootkits
		Rootkit Techniques
			Hooking
			DLL Injection
			Direct Kernel Object Manipulation
		Tackling Rootkits
		We’ve Covered
	Chapter 4: Rise of the Botnets
		What Is a Botnet?
			Main Characteristics
			Key Components
			C&C Structure
		Botnet Usage
			Distributed Denial of Service Attack
			Click Fraud
			Spam Relay
			Pay-Per-Install Agent
			Large-Scale Information Harvesting
			Information Processing
		Botnet Protective Mechanisms
			Bulletproof Hosting
			Dynamic DNS
			Fast Fluxing
			Domain Fluxing
		The Fight Against Botnets
			The Technical Front
			The Legal Front
		We’ve Covered
		References
Part II: Welcome to the Jungle
	Chapter 5: The Threat Ecosystem
		The Threat Ecosystem
			The Technical Element
			The Human Element
			The Evolution of the Threat Ecosystem
		Advanced Persistent Threat
			The Attack Method
			The Attack Profitability
		Malware Economy
			Malware Outsourcing
		We’ve Covered
	Chapter 6: The Malware Factory
		The Need to Evade Antivirus
			Malware Incident Handling Process
			Malware Detection
			Circumventing the Antivirus Product
		The Need for an Army of Malware
			Next-Generation Malware Kits
			Stand-Alone Armoring Tools
			The Impact of an Armored Army of Malware
		The Malware Factory
			The Malware Assembly Line
			The Proliferation of Attacker Tools
			Malware Population Explosion
		We’ve Covered
	Chapter 7: Infection Vectors
		Infection Vectors
			Physical Media
			E-mail
			Instant Messaging and Chat
			Social Networking
			URL Links
			File Shares
			Software Vulnerabilities
		The Potential of Becoming an Infection Vector
		We’ve Covered
	Chapter 8: The Compromised System
		The Malware Infection Process
			Installation of Malware Files
			Setting Up Malware Persistency
			Removing Evidence of the Malware Installer
			Passing Control to the Malware
		The Active Malware
			Maintaining the Foothold
			Communicating with the Attacker
			Executing the Payload
		We’ve Covered
Part III: The Enterprise Strikes Back
	Chapter 9: Protecting the Organization
		The Threat Incident Responders
		Understanding the Value of the System
			Value to the Organization
			Value to the Attacker
		Understanding the Characteristics of the System
			System Type
			Operational Impact
			Sensitivity of Hosted Data
			Users of the System
			Network Location
			Accessibility to the Asset
			Asset Access Rights
			Recovery
			System Status
		Prioritizing the Systems
		The Organization’s Security Posture
		Understanding the Cost of Compromise
			Direct Cost
			Indirect Cost
		Protecting the Systems
			Threat Modeling
			Identifying the Appropriate Solutions
			Proactive Threat Detection
		Creating an Incident Response Plan
			Identify Different Compromise Scenarios
			Identify Solution Patterns
			Define Roles and Responsibilities
			Establish Protocols
			Conduct Periodic Dry-Runs
			Review and Improve
		Putting Everything into Action
		Beyond Protection
		We’ve Covered
	Chapter 10: Detecting the Threat
		Establishing a Baseline
			Establishing a Network Baseline
			Establishing a Host Baseline
		Detecting Anomalies
			Detecting Network Anomalies
			Detecting Host Anomalies
		Isolating the Source of the Anomaly
		Diving into the Compromised Asset
			Pinpointing the Malware
			Classifying the Malware Based on Its Attack Directive
		We’ve Covered
	Chapter 11: Mitigating the Threat
		Threat Mitigation
		Immediate Response
			Containment
			Verification
			Threat Detection and Classification
			Remediation and Restoration
		Proactive Response
			Preventive Measures
			Conducting a Periodic Security Audit
		The Threat from Insiders
			Who Are the Insider Threats?
			Mitigating the Insider Threat
		Be Vigilant
		We’ve Covered
Part IV: Final Thoughts
	Chapter 12: The Never-Ending Race
		A Short Review of the Book
		Predictions
			The Future of Malware
			The Future of Rootkits
			The Future of Botnets
		The Good Guys Are Busy Too
		The Adventure Has Just Begun
		We’ve Covered
Appendix A: The Bootup Process
	The Windows Bootup Process
		BIOS-Based system
		EFI-Based System
Appendix B: Useful Links
	Vulnerability Information
	Free Online Security Products
	Free File Scanner and Analysis Tools
	Web Security
	Malware Trackers
	Other Important Links
Glossary
Index
                        

Similer Documents