Sign in or 
Share this
VIRUS
virus_info
http://csrc.nist.gov/publications/drafts/sp800-53A-ipd.pdf this is a 150 page document detailing controls from the network to viruses http://www.codebreakers-journal.com/ Journal for Algorithms, Virus-Research, Software-Protection and Reverse Code Engineering. The first issue will be published this summer. virushelpdesk nieuwsbrief http://www.sophos.com/virusinfo/notifications/ http://www.antivirus.com/trendsetter/virus_report/ weekly http://www.getvirushelp.com/
http://www.claymania.com/reference.html collection of anti-virus links Collections
http://vil.nai.com/vil/white-paper.asp papers
Information
While having a manual scan of compressed files; several Antivirus, Trojan, Spy ware scanners suffer a DoS attack if the software tries to completely extract the archive and scan its content for a hostile file. a file like this one http://www.geocities.com/visitbipin/SERVER_dwn.zip (link out of order now) http://the-cabal.com/z0mbi3/forum/viewtopic.php?t=37 best practice delete all files that can't be scanned, no quarantine or forward, just delete
-->http://www.astalavista.com/?section=news&cmd=details&newsid=51 the virusclan wars (netsky-baggle) -->
http://www.dshield.org/port_report.php?port=9898 dabber zombie collector of sasser infected posts which listens on port 9898
http://securityresponse.symantec.com/avcenter/venc/data/detecting.traffic.due.to.rpc.worms.html Detecting network traffic that may be due to RPC worms --> http://www.securityfocus.com/bid/9011/exploit/ blaster code --> http://www.lurhq.com/sinit.html sinit zombie trojan - SINIT trojan Lets learn from viruswriters But let’s turn these bugs into a feature. Cold, dispassionate analysis affirms that such “virmen” are among computerdom’s most successful innovations ever. They’ve utterly transformed the network experience. They’re global; they’re local; they’re persistent; they’re pervasive. They cleverly exploit both human and technical weaknesses. They matter. http://www.technologyreview.com/articles/print_version/schrage0604.asp
How to keep worms out or under control This paper isn't intended to discuss the motives of the author, instead it will help you understand how worms enter your network, how you can block them before they even reach your internal network, and how to act in case they get in http://www.windowsecurity.com/articles/Malware_Getting_Worse.html
http://www.infosecwriters.com/texts.php?op=display&id=186 virus attacks against the telecom infrastructure
How well will any such approach contain a worm epidemic on the Internet? We describe the design space of worm containment systems using three key parameters- reaction time, contain-ment strategy and deployment scenario. http://www.caida.org/outreach/papers/2003/quarantine/
http://www.astalavista.com/?section=dir&act=dnd&id=2551 url encoded attacks
http://www.astalavista.com/?section=dir&cmd=file&id=2572 how .txt attachments can fool antivirus scanners
http://security-protocols.com/modules.php?name=News&file=article&sid=2100 how viruses can become polymorphic and pass viruscheckers - While having a manual scan of compressed files; several Antivirus, Trojan, Spy ware scanners suffer a DoS attack if the software tries to completely extract the archive and scan its content for a hostile file. a file like this one http://www.geocities.com/visitbipin/SERVER_dwn.zip best practice delete all files that can't be scanned, no quarantine or forward, just delete
http://www.gfi.com/whitepapers/why-email-exploit-detection.pdf what are email exploits and how to protect against it
http://www.securityfocus.com/columnists/228 It takes 12KB to zombie your computer and make it a spammer http://www.blackangels.it/Files/Papers/icmprcv.txt How to zombie a computer with only ICMP and hide it
http://www.ebcvg.com/pdf/dl/routing-worm.pdf nowadays worms and bots are stupid because they try to scan whatever ip adress they can think off, existant or not, and so they can easily be discovered and the infected machines can be turned off. The routing worm is much faster and better because he only infects the ip adresses and networks that really exist because they are adressed in the router.
The question is how effective is collaborative worm monitoring http://www.wormblog.com/2005/08/on_the_effectiv.html the technical papers are here http://hinrg.cs.jhu.edu/publications/WormTechReport.pdf and here http://www.caida.org/outreach/papers/2004/tr-2004-04/tr-2004-04.pdf and here In this paper one wants to use a P2P infrastructure in which each station is responsable for watching out for viruses and attack behaviour and to harden itself and the trustrelationships if they detect such a behaviour http://www.dmst.aueb.gr/dds/pubs/jrnl/2004-CompSec-p2pav/html/VAS04.pdf and there seems even to be a tool for it http://netbiotic.jxta.org/
This paper has two components; the first portion goes over the configuration and setup of my honeypot network. It is not written as an exact schematic on how to deploy it within your environment; rather it is listed in fairly generic terms, giving you a framework to use, rather than a blueprint. The second component compares today’s pattern-based detection to the latest anti-virus technologies being developed by industry leaders. One part is a test I composed using the most popular portable executable (PE) packers available today and 13 major anti-virus products. The results will prove that something more than pattern-based detection is needed to handle evolving malware threats http://www.astalavista.com/index.php?section=directory&linkid=5272
Computer scientists at the National Institute of Standards and Technology (NIST) recently launched a new project to improve understanding of how computer grids react to volatile conditions. A computer grid's strength--the teaming of many computers--also makes it more vulnerable to failures, viruses, sudden changes in workload and cyber attacks such as denial of service. NIST researchers are developing computerized models that will help establish how vulnerable grid networks are to failure. They hope to create ways to detect failure quickly and then fix the problem http://scienceblog.com/community/article3463.html
The best worm ever (Witty) It infected only 12.000 critical security appliances with an 0 day exploit in matters of minutes, but it infected them all and so did perfectly what it was supposed to do. http://www.computerworld.com/securitytopics/security/virus/story/0,10801,93584,00.html
Instead of £50,000, the criminals are making demands by email of a mere £50. Unless they're paid off, they threaten to tell the police about the child pornography they've installed on your machine. http://software.silicon.com/security/0,39024655,39122517,00.htm
what are trojans
Trojans are a special kind of virus that is now becoming inherent in some spyware and most viruses because it gives the owners the possibility to recontact your computer and install new things or let it do certain things (such as send a specific spam)
Information
http://www.gfi.com/whitepapers/network-protection-against-trojans.pdf in email
http://csrc.nist.gov/publications/drafts/sp800-53A-ipd.pdf this is a 150 page document detailing controls from the network to viruses http://www.codebreakers-journal.com/ Journal for Algorithms, Virus-Research, Software-Protection and Reverse Code Engineering. The first issue will be published this summer. virushelpdesk nieuwsbrief http://www.sophos.com/virusinfo/notifications/ http://www.antivirus.com/trendsetter/virus_report/ weekly http://www.getvirushelp.com/
http://www.claymania.com/reference.html collection of anti-virus links Collections
http://vil.nai.com/vil/white-paper.asp papers
Information
While having a manual scan of compressed files; several Antivirus, Trojan, Spy ware scanners suffer a DoS attack if the software tries to completely extract the archive and scan its content for a hostile file. a file like this one http://www.geocities.com/visitbipin/SERVER_dwn.zip (link out of order now) http://the-cabal.com/z0mbi3/forum/viewtopic.php?t=37 best practice delete all files that can't be scanned, no quarantine or forward, just delete
-->http://www.astalavista.com/?section=news&cmd=details&newsid=51 the virusclan wars (netsky-baggle) -->
http://www.dshield.org/port_report.php?port=9898 dabber zombie collector of sasser infected posts which listens on port 9898
http://securityresponse.symantec.com/avcenter/venc/data/detecting.traffic.due.to.rpc.worms.html Detecting network traffic that may be due to RPC worms --> http://www.securityfocus.com/bid/9011/exploit/ blaster code --> http://www.lurhq.com/sinit.html sinit zombie trojan - SINIT trojan Lets learn from viruswriters But let’s turn these bugs into a feature. Cold, dispassionate analysis affirms that such “virmen” are among computerdom’s most successful innovations ever. They’ve utterly transformed the network experience. They’re global; they’re local; they’re persistent; they’re pervasive. They cleverly exploit both human and technical weaknesses. They matter. http://www.technologyreview.com/articles/print_version/schrage0604.asp
How to keep worms out or under control This paper isn't intended to discuss the motives of the author, instead it will help you understand how worms enter your network, how you can block them before they even reach your internal network, and how to act in case they get in http://www.windowsecurity.com/articles/Malware_Getting_Worse.html
http://www.infosecwriters.com/texts.php?op=display&id=186 virus attacks against the telecom infrastructure
How well will any such approach contain a worm epidemic on the Internet? We describe the design space of worm containment systems using three key parameters- reaction time, contain-ment strategy and deployment scenario. http://www.caida.org/outreach/papers/2003/quarantine/
http://www.astalavista.com/?section=dir&act=dnd&id=2551 url encoded attacks
http://www.astalavista.com/?section=dir&cmd=file&id=2572 how .txt attachments can fool antivirus scanners
http://security-protocols.com/modules.php?name=News&file=article&sid=2100 how viruses can become polymorphic and pass viruscheckers - While having a manual scan of compressed files; several Antivirus, Trojan, Spy ware scanners suffer a DoS attack if the software tries to completely extract the archive and scan its content for a hostile file. a file like this one http://www.geocities.com/visitbipin/SERVER_dwn.zip best practice delete all files that can't be scanned, no quarantine or forward, just delete
http://www.gfi.com/whitepapers/why-email-exploit-detection.pdf what are email exploits and how to protect against it
http://www.securityfocus.com/columnists/228 It takes 12KB to zombie your computer and make it a spammer http://www.blackangels.it/Files/Papers/icmprcv.txt How to zombie a computer with only ICMP and hide it
http://www.ebcvg.com/pdf/dl/routing-worm.pdf nowadays worms and bots are stupid because they try to scan whatever ip adress they can think off, existant or not, and so they can easily be discovered and the infected machines can be turned off. The routing worm is much faster and better because he only infects the ip adresses and networks that really exist because they are adressed in the router.
The question is how effective is collaborative worm monitoring http://www.wormblog.com/2005/08/on_the_effectiv.html the technical papers are here http://hinrg.cs.jhu.edu/publications/WormTechReport.pdf and here http://www.caida.org/outreach/papers/2004/tr-2004-04/tr-2004-04.pdf and here In this paper one wants to use a P2P infrastructure in which each station is responsable for watching out for viruses and attack behaviour and to harden itself and the trustrelationships if they detect such a behaviour http://www.dmst.aueb.gr/dds/pubs/jrnl/2004-CompSec-p2pav/html/VAS04.pdf and there seems even to be a tool for it http://netbiotic.jxta.org/
This paper has two components; the first portion goes over the configuration and setup of my honeypot network. It is not written as an exact schematic on how to deploy it within your environment; rather it is listed in fairly generic terms, giving you a framework to use, rather than a blueprint. The second component compares today’s pattern-based detection to the latest anti-virus technologies being developed by industry leaders. One part is a test I composed using the most popular portable executable (PE) packers available today and 13 major anti-virus products. The results will prove that something more than pattern-based detection is needed to handle evolving malware threats http://www.astalavista.com/index.php?section=directory&linkid=5272
Computer scientists at the National Institute of Standards and Technology (NIST) recently launched a new project to improve understanding of how computer grids react to volatile conditions. A computer grid's strength--the teaming of many computers--also makes it more vulnerable to failures, viruses, sudden changes in workload and cyber attacks such as denial of service. NIST researchers are developing computerized models that will help establish how vulnerable grid networks are to failure. They hope to create ways to detect failure quickly and then fix the problem http://scienceblog.com/community/article3463.html
The best worm ever (Witty) It infected only 12.000 critical security appliances with an 0 day exploit in matters of minutes, but it infected them all and so did perfectly what it was supposed to do. http://www.computerworld.com/securitytopics/security/virus/story/0,10801,93584,00.html
Instead of £50,000, the criminals are making demands by email of a mere £50. Unless they're paid off, they threaten to tell the police about the child pornography they've installed on your machine. http://software.silicon.com/security/0,39024655,39122517,00.htm
what are trojans
Trojans are a special kind of virus that is now becoming inherent in some spyware and most viruses because it gives the owners the possibility to recontact your computer and install new things or let it do certain things (such as send a specific spam)
Information
http://www.gfi.com/whitepapers/network-protection-against-trojans.pdf in email
|
ekz |
Latest page update: made by ekz
, Jun 22 2006, 6:42 AM EDT
(about this update
About This Update
Edited by ekz
52 words added view changes - complete history) |
|
Keyword tags:
about viruses
More Info: links to this page
|
There are no threads for this page.
Be the first to start a new thread.
