VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum
Top 5 articles
P. Ször «The Art of Computer Virus Research and Defense» (89074)
D. Harley, R. Slade, U. Gattiker «Viruses Revealed: Understanding and Counter Malicious Software» (61077)
J. Aycock «Computer Viruses and Malware» (59514)
A. Solomon «All About Viruses» (20832)
J. Hruska «Computer viruses and anti-virus warfare» (18602)

Library: Anti-virus general

«Edinburgh University PC Virus Review 1992» 28.12Kb 11595 hits
«Edinburgh University PC Virus Review 1993» 27.98Kb 8762 hits
Throughout 1993, PC computer viruses continued to make their presence felt at Edinburgh University. Last years review revolved around what generalisations could be drawn about PC viruses using the apparently random sample which were identified here. The following areas of reference were used: date of origin, country of origin, classification, payload and aliases. I concluded then that most infections were caused by common viruses from a variety of countries, which incorporated similar techniques in respect of their infection mechanisms and their payloads. Most had acquired several aliases and may destroy data either through careless programming or by design. (Scobie, 1993) This years review will compare the new sample along similar lines, in order to see whether such generalisations continue to provide a useful framework for the study of this phenomenon and whether this conclusion is valid for the latest influx of viruses.
«Edinburgh University PC Virus Review 1994» 14.29Kb 8023 hits
The 1993 Virus Review stated that I expected to see ...more previously undetected viruses come into Edinburgh coupled with an increase in the number of reported infections." (Scobie, 1993)Looking back over 1994 this is exactly what happened. More new viruses appeared while reported infections were up on the previous year. The pros and cons of why there should be an increase were outlined in last years review so I refer the reader to that as I feel they are still valid for this present review.The last two reviews have concerned themselves with features which are typical of the large majority of computer viruses. It is important to understand the basics of what computer viruses are about and I hope that the previous reviews provide a useful overview. This review departs from that format and concerns itself with some of my own observations on the virus situation as it is reported to me here at Edinburgh University. One or two other events of note are also featured and for good measure of couple of viruses are singled out for special mention. Next year, the review for 1995 will look back over the previous five years of viruses at Edinburgh and consider all the viruses reported to date.
«Edinburgh University PC Virus Review 1995» 17.51Kb 7650 hits
«Edinburgh University PC Virus Review 1996» 8.39Kb 7576 hits
«Edinburgh University PC Virus Review 1997» 17.62Kb 7681 hits
«Edinburgh University PC Virus Review 1998» 12.84Kb 8586 hits
«Edinburgh University PC Virus Review 1999» 17.01Kb 7920 hits
«How AVs Detect Viruses» 15.68Kb 9185 hits
Natural Selection [1] (2002)
Over the last 10 years, Anti-Virus products evolved a great deal to well beyond the simple scan-stringers of the early 90s. Yet, beyond some vague concepts like "emulation", the AV industry has been reasonably successful in keeping everyone in the dark as to exactly the mechanisms by which viruses are detected. The time has come (in fact been long overdue) to shed light on a little of the info the AV guys don't want you to know.
Ghannam Al-Dossary
«Computer virus prevention and containment on mainframes» 39.67Kb 14009 hits
Proceedings of International Carnahan Conference on Security Technology, 1989. Zurich, Switzerland (1989)
A computer virus can be a vicious and insidious form of code. It has the ability to replicate itserf, to attach itself to other code, to spread through a computer system or network, and often to initiate a harmful series of instructions when a "trigger" point is reached. Viruses can havea major impact on productivity because of the steadily increasing dependence of industrial, business, and government functions on the availability and integrity of data processing systems. Although mainframe computers have been the target of virus attacks less often than microcomputers up until now, there is no room for complacency when the stakes are so high. The novelty, the technical nature, and the tendency to romanticize this phenomenon, have resulted in a "blackbox" syndrome ("I don't know what's going on in there.") and a feeling of overwhelming impotence in the business community.The risk of viruses can be reduced. One approach is to examine the constituent parts from which a virus is composed, and to design a comprehensive defense which reckons with each of these parts. The protection chain will only be as strong as its weakest link. The author of this paper suggests a classification scheme which is useful in understanding the components of a virus and useful methods for maintaining the integrity of a computer system.This paper outlines basic prevention, detection, and correction techniques which are available today to reduce the threat of damages caused by viruses. These include software "vaccines" or filters; encryption; access control software (e.g. RACF, ACF2, and Top Secret); "test-to-production" control procedures; back-up and recovery procedures; personnel selection and review controls; and physical access control.The concepts presented in this paper conform to the "Trusted Computer System Evaluation Criteria" developed by the United States Computer Security Center and use eramples from major published virus incidents to illustrate the price of control weaknesses. The paper concludes that no working computer system is impregnable but that much can be done by industry to make most computer systems less inviting to attacks from viruses.A bibliography is included for further study.
Timothy Arulsuthan
«The race against malicious software» 12.68Kb 9967 hits
The Internet went from a technological marvel in the late 1980’s and early 1990’s to something that has become common-place in society today. However, as people log onto the World Wide Web and networks at a continually-increasing rate, the “hidden” threat of encountering malicious software programs also increases. Malicious software typically comes in the form of viruses and worms which “infect” its intended target and rapidly spread within the system or across a network. Exactly how they spread differentiates based on the type of code contained within.
John Aycock
«Computer Viruses and Malware» [TeX] [SRC] 499.38Kb 59514 hits
Advances in Information Security, Vol. 22 (2006)
Our Internet-connected society increasingly relies on computers. As a result, attacks on computers from malicious software have never been a bigger concern. Computer Viruses and Malware draws together hundreds of sources to provide an unprecedented view of malicious software and its countermeasures. This book discusses both the technical and human factors involved in computer viruses, worms, and anti-virus software. It also looks at the application of malicious software to computer crime and information warfare.Computer Viruses and Malware is designed for a professional audience composed of researchers and practitioners in industry. This book is also suitable as a secondary text for advanced-level students in computer science.Written for:Computer and information security practitioners
«Stux in a rut: Why Stuxnet is boring» 16.83Kb 9643 hits
Virus Bulletin, September 2011, page 14-17 (2011)
The much-storied Stuxnet worm is unworthy of the hype surrounding it. The biggest surprise is that Stuxnet contains no surprises, and as such it suggests a general failure of security to respond to threats that are well known. The erroneous characterization of Stuxnet as ‘game-changing’ does raise other questions, however: what are the hallmarks of real game-changing security events, and why don’t we see more of them?
Paul Baccas
«Book worm» 7.51Kb 7146 hits
Virus Bulletin, December 2011, pp. 17-18 (2011)
Review of the Mark Bowden's book "Worm: The First Digital World War"
Justin Balthrop, Stephanie Forrest, M. Newman, Matthew Williamson
«Technological Networks and the Spread of Computer Viruses» 13.82Kb 11152 hits
SCIENCE VOL 304 23 APRIL 2004 pp.527-529 (2004)
Computer viruses and worms are an increasing problem throughout the world. By some estimates 2003 was the worst year yet: Viruses halted or hindered operations at numerous businesses and other organizations, disrupted cashdispensing machines, delayed airline flights, and even affected emergency call centers. The Sobig virus alone is said to have caused more than $30 billion in damage (1). And most experts agree that the damage could easily have been much worse. For example, Staniford et al. describe a worm that could infect the entire Internet in about 30 s (2). A worm of this scale and speed could bring the entire network to a halt, or worse.
Timothy Barmann
«Virus attacks can come from strange places» 6.44Kb 9949 hits
Matt Bishop
«An Overview of Computer Viruses in a Research Environment» 84.03Kb 14889 hits
Technical Report: PCS-TR91-156 (1991)
The threat of attack by computer viruses is in reality a very small part of a much more general threat, specifically attacks aimed at subverting computer security. This paper examines computer viruses as malicious logic in a research and development environment, relates them to various models of security and integrity, and examines current research techniques aimed at controlling the threats viruses in particular, and malicious logic in general, pose to computer systems. Finally, a brief examination of the vulnerabilities of research and development systems that malicious logic and computer viruses may exploit is undertaken.
Vesselin Bontchev
«Possible Virus Attacks Against Integrity Programs And How To Prevent Them» 56.66Kb 11780 hits
Proc. 6th Int. Virus Bull. Conf., 1996, pp. 97-127. (1996)
With the advent of the polymorphic viruses it is becoming obvious that the virus-specific scanners have exhausted themselves. Currently one of the most powerful methods to detect viruses is the so-called integrity programs.
Stephen Cass
«Anatomy of Malice» 20.8Kb 10012 hits
IEEE Spectrum vol. 38, issue 11, p.56-60 (2001)
For anyone worried about viruses and worms, perhaps the best advice is Know Thy Enemy
David Chess
«Security in Agent Systems» 21.81Kb 9558 hits
IBM Thomas J. Watson Research Center (1998)
Is it safe to click on this hyperlink? Do I trust the person who sent me this Word document? If I send this program out into the Web to find me some bargain CD's, will it get cheated? "Mobile" and "intelligent" agents are hot topics, and both have security implications. This talk will address some of these implications, and try to answer, or at least ask, some of the more obvious questions.
David Chess, John Morar
«Is Java still secure?» 33.02Kb 10585 hits
Virus Bulletin Conference; October, 1999 (1999)
Java 2 (version 1.2) has now been released, and with it a new Java security architecture. We discuss the differences between the initial Java security architecture, the interim architectures in popular browsers, and the Java 2 model, including the implications of the new model for Java viruses and Trojan horses.
Fred Cohen
«The Computer Security Encyclopedia. Computer Viruses.» 68.09Kb 18043 hits
A sequence of symbols which, when interpreted by an the environment in which it operates, replicates and/or evolves
«Defense-In-Depth Against Computer Viruses» [TeX] 69.27Kb 11387 hits
Computers and Security, Volume 11, Issue 6, pp. 563-579 (1992)
In this paper, we discuss software based fault tolerant computing techniques used in defense against computer viruses and other integrity corruptions in modern computer systems. We begin with a summary of research on computer viruses, their potential for harm, and the extent to which this potential has been realized to date. We then examine major results on the application of fault tolerant software techniques for virus defense, including; the problems with conventional coding schemes in detecting intentional corruptions and the use of high performance cryptographic checksums for reliable detection; an optimal method for detecting viruses and preventing their further spread in untrusted computing environments; the use of redundancy and automated decision making for automatic and transparent repair of corruption and continuity of operation; and the use of fault avoidance techniques for limiting viral spread. Next we discuss the state-of-the-art in virus defense, its use of redundancy for defense-in-depth, the impact of this on the reliability of the mechanism, the implications of these results to other computing environments, and architectural issues in implementing hardware assisted virus defense based on the software fault tolerance techniques already in widespread use. Finally we summarize results, draw conclusions, and discuss further work.
Peter Denning
«Computer Viruses» 17.75Kb 11888 hits
Computers under attack: intruders, worms, and viruses, pp. 285-292 (1990)
«Computers Under Attack: Intruders, Worms and Viruses» 13926 hits
Addison-Wesley Professional (1990)
Shaun DeRosa
«The Evolution of the Computer Virus» 4.66Kb 10127 hits
In the last twenty years our society’s dependence on technology has grown exponentially. With the advent of the internet geographical boarders were in effect broken; distance is no longer a factor in human communication and interaction. Unfortunately, with the expansion of technology and all of the positive aspects associated with it comes the opposite; malware or as they are more commonly referred to as: viruses.Computer viruses have taken much the same path of evolution as the computers they infect. Starting as simple programs in the early days of computer technology, they have adapted and evolved into complex programs. As we see new horizons opening up before us with the ever expanding internet and new technologies, authors of malicious programs see the possibility of new exploits and security flaws, and so the constant battle to protect ourselves from these attacks will go on indefinitely.
Christophe Devine, Nicolas Richaud
«A study of anti-virus' response to unknown threats» 34.55Kb 12890 hits
EICAR 18th Annual Conference (2009)
This study presents the evaluation of twelve anti-virus products with regards to programs not known from the signature files that show different kinds of malicious behavior. In practical terms, a set of twenty-one tests implementing various actions were developed; they cover key-logging, injection of code into other processes, network evasion, rootkit-like behaviour and exploitation of software vulnerabilities. The test programs were then run against each anti-virus program, and results were collected and consolidated. It was shown that all products tested here show deficiencies in at least one area, and some in all areas. For example, eleven anti-virus programs out of twelve still do not detect one code injection technique, which has been known for more than five years. Programs that spy on the user, such as recording the microphone, are not detected at all. Finally, this study provides recommendations to anti-virus vendors to enhance the capabilities of their products to detect malware, and improve safeguards against known attack techniques.
Al Doran
«The Dreaded Computer Virus and Why You Should be Concerned» 10.73Kb 12576 hits
Michael Erbschloe
«Trojans, Worms and Spyware: A Computer Security Proffesional's Guide to Malicious Code» 10642 hits
Elsevier Butterworth-Heinemann (2005)
Trojans, Worms, and Spyware provides practical, easy to understand, and readily usable advice to help organizations to improve their security and reduce the possible risks of malicious code attacks. Despite the global downturn, information systems security remains one of the more in-demand professions in the world today. With the widespread use of the Internet as a business tool, more emphasis is being placed on information security than ever before. To successfully deal with this increase in dependence and the ever growing threat of virus and worm attacks, Information security and information assurance (IA) professionals need a jargon-free book that addresses the practical aspects of meeting new security requirements. This book provides a comprehensive list of threats, an explanation of what they are and how they wreak havoc with systems, as well as a set of rules-to-live-by along with a system to develop procedures and implement security training. It is a daunting task to combat the new generation of computer security threats ? new and advanced variants of Trojans, as well as spyware (both hardware and software) and ?bombs? ? and Trojans, Worms, and Spyware will be a handy must-have reference for the computer security professional to battle and prevent financial and operational harm from system attacks.
Steven Furnell, Jeremy Ward
«The True Computer Parasite» 23.68Kb 10504 hits
SecurityFocus (2005)
It is now twenty years since Fred Cohen published his seminal research paper suggesting the potential threat of computer viruses. In the years since this publication, the risk that Cohen described has unquestionably been borne out, and alongside hackers, the threat of the computer virus is the security issue that has most clearly permeated the public mind.
Sarah Gordon
«The Anti-Virus Strategy System» 33.44Kb 11365 hits
Virus Bulletin (1995)
The article examine the 'anti-virus' strategy (Policy, Procedure, Software [selection, implementation, maintenance]), focusing on areas where the 'system' can fail.
«Are Good Virus Simulators Still a Bad Idea?» 28.59Kb 13600 hits
Elsevier Advanced Technology, Oxford, UK. (1995)
This article will examine the positive and negative connotations of virus simulators
«What's in a Name?» 13.13Kb 9428 hits
Symantec (2002)
In this article, issues of virus naming as they impact users will be discussed, and some of the ways that naming might affect the reviewing of products will be examined.
Sarah Gordon, Howard Fraser
«Antivirus Software Testing for the New Millenium» 42.32Kb 11124 hits
The nature of technology is changing rapidly; likewise, the nature of viral threats to the data dependent upon the technology is evolving. Thus, the technologies we rely upon to provide protection from these threats must adapt. In the last twelve months, several anti-virus software vendors have announced exciting new technologies which claim to provide “faster, better, cheaper” response to computer virus incidents within organizations. However, there is currently little guidance regarding the best way to evaluate the efficacy of such claims. Faster than what? Better than what? Less costly compared to what? Clearly, there can only be one technology which is “faster, better, most cost efficient" than all of the others, yet if the advertising claims are to be believed, all products are not merely created equal, they are all created superlative!In this paper, the requirements for these next generation anti-virus systems will be examined. There will be a discussion of reviewing strategies that can help to determine to what extent those requirements have been met. To this end, the problem will be approached from a functional perspective, not gearing the test design to particular implementations. In this way, an array of tests will be created which are not vendor or product specific, but which can and should be employed industry-wide.
Roger Grimes
«Malicious Mobile Code: Virus Protection for Windows» 10628 hits
O'Reilly (2001)
Malicious mobile code is a new term to describe all sorts of destructive programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug proved the experts wrong, attacking Windows computers when recipients did nothing more than open an email. Today, writing programs is easier than ever, and so is writing malicious code. The idea that someone could write malicious code and spread it to 60 million computers in a matter of hours is no longer a fantasy.
David Harley, Robert Slade, Urs Gattiker
«Viruses Revealed: Understanding and Counter Malicious Software» [SRC] 1.34Mb 61077 hits
McGraw-Hill Companies (2001)
Defend your system against the real threat of computer viruses with help from this comprehensive resource. Up-do-date and informative, this book presents a full-scale analysis on computer virus protection. Through use of case studies depicting actual virus infestations, this guide provides both the technical knowledge and practical solutions necessary to guard against the increasing threat of virus attacks.
Jan Hruska
«Computer viruses and anti-virus warfare» [TeX] [SRC] 521.67Kb 18602 hits
Ellis Horwood, p.224 (1992)
Given the relationship between Hruska, Sophos, and Virus Bulletin, the similarity of material which also appears in "The Survivor's Guide to Computer Viruses" is not terribly surprising. We have the identical Virus Bulletin virus reports (frequency of total reports), the same interest in the AIDS Information diskette scam, the same vendor list (also without product information), the same insistence on calling the virus everyone else knows as Stoneed by the term, "New Zealand", and the same MS-DOS only emphasis.There is no statement as to the intended audience for the book, but it seems to be directed at that very small segment of the population who are interested in computer virus research. Unfortunately, and very oddly, much of the material in this book is of as much use to the virus writer as to the antiviral researcher. There are no full virus samples in the book, but there are handy snippets such as a simple encryption scheme, a master boot record extractor and a chunk of the dBASE virus, with full instructions for turning it into a disk killer.Those lowly souls who wish merely to protect their own systems may not be lost by this book, but will very probably be bemused by it all. There is a short but helpful (to the virus writer) section on disassembly of a virus. Two paragraphs are devoted to explaining how to use the DEBUG program to write your own code to extract the master boot record for examination. There follows the off-hand comment that the same thing can be done with common utility programs. The hygiene rules for reducing the risk of virus infection include the usual lame points regarding BBSes, shareware, and public domain programs. Recommended is a setup to "quarantine" a workgroup from outside disks (surprise, surprise: Sophos makes software to support this) and change detection antiviral software (surprise, surprise: Sophos makes such a program).The book is good at the basic technical explanations. How viral programs function, and how antiviral programs function, are clearly set forth in basic terms. Most of the illustrations and figures are helpful, although some are extremely puzzling. (The inclusion of the full text of a virus source code opening comment seems to have no justification, nor does the highlighting of portions thereof.) An examination of Novell operations and testing against viral programs is probably a useful inclusion. As long as Hruska sticks with technical details, he's fine.Given the names mentioned in the acknowledgements, parts of the commentary are very odd in their departure from general understanding within the research community. Hruska speaks of the recent rise of "network aware" viral programs. (I can recall, and he gives as an example, only one.) There is mention of a media sensation over the BRAIN virus in 1986; I don't recall any such thing. Early viral programs from 1987 are contrasted with more recent, destructive, viral programs; both Lehigh and Jerusalem caused erasure of materials. The ABC News report of the mythical Desert Storm/Iraqi printer virus is mentioned as barely believable, even though the story had been utterly debunked months before the book was written.Chapter five, Who Writes Viruses, is astonishing. Hackers are defined as being "analogous to drug addicts". Then there are freaks, who have "serious social adjustment problems". University students are linked to software piracy. Employees are mentioned, even though employee "attacks" usually utilize insider knowledge which viral programs don't need. Computer clubs are mentioned (I get the impression Hruska is *not* a joiner) as are terrorist organizations. All of these profiles are caricatures, if not outright fabrications. Ultimately, this entire section is not only useless, but promotes misunderstanding of the situation by fostering false images. Virus writers tend to be self-important and irresponsible - but they aren't freaks (and they generally grow out of it).For those with antiviral policies and procedures already in place, this work has a position in ongoing study and development. (R. Slade)
Mikko Hyppönen
«Retroviruses - How viruses fight back» 29.93Kb 6196 hits
Virus Bulletin Conference, VDAT (1994)
This paper will discuss the methods viruses use or might use in the future to attack anti-virus programs. Attacks of this kind are becoming more common, as virus writers seem to be constantly looking for ways to make their viruses more efficient and vigorous. This paper also suggests how to make anti-virus products more resistant to such attacks. The scope of this paper is limited to PC-compatible machines.
Zsombor Kurdi
«Viruses using .NET Framework» 13.06Kb 12076 hits
4th Serbian-Hungarian Joint Symposium on Intelligent Systems, SISY 2006, pp.473-478 (2006)
In our age, programming languages and development tools advance to make programmers' work much easier. The tools can assemble programs written different programming languages, they can build executables can be run independently of the operating system. This simplification of software development causes the simplification of writing programs with the prepense of malice (e.g. viruses). So developers of these tools have to care about the security. Farther this virtual equivalency of computers – and the spreading of Internet – make easier to viruses infecting a computer.
Peter Ladkin, Harold Thimbleby
«Comments on a paper by Voas, Payne & Cohen: “A model for detecting the existence of software corruption in real time”» [TeX] 14.49Kb 10130 hits
Computers & Security, 13(6), pp527–531, 1994. (1994)
We discuss a procedure proposed by Voas, Payne & Cohen [6] for detecting the existence of software corruption in real time. In particular, we discuss problems posed by the concurrent execution of programs. In the cases where the proposed method may work, corruption is unlikely to be a problem; and where corruption by viruses and Trojans are a problem, major problems with the method remain.
Mark Ladue
«When Java Was One: Threats From Hostile Byte Code» 30.23Kb 11662 hits
Proc. 20th NIST-NCSC National Information Systems Security Conference (1997)
In Java's first year it has become clear that many of the problems posed by executable content have not been solved. The almost exclusive focus of the Java community on executable content has left numerous avenues unexplored for threats. It has been observed that there is no one-to-one correspondence between Java source code (programs) and Java byte code (class files). While every program written in Java can be compiled to byte code by a Java compiler, it is possible to create classfiles which no Java compiler can produce, and yet, which pass the Java Verifier with flying colors. This fact has one very serious implication -No matter what claims are made, and even formally demonstrated, for the security of the Java language, all bets are off when it comes to byte code running in the Java Virtual Machine. This paper will explore some of the implications of this curious lack of coherence between Java source code and byte code. It will also illustrate how easy it is to alter Java class files for malicious purposes.
Ferenc Leitold
«The solution in the naming chaos» 31.79Kb 11701 hits
EICAR 2005 Conference: Best Paper Proceedings, pp.365-378 (2005)
As the first computer virus born there were a lot of godfather of it. Every antivirus solution uses its own naming convention so now there are more than hundred-thousand different computer viruses in the world and there are at least one million virus names for them. This problem is highlighted in this paper. Unfortunately it is impossible that antivirus developers change their naming convention and use the same identification of the same computer virus. Virus and worm nomenclature is typically left up to the security vendor which first discovers the malware. Until the beginning of 2004 the process worked, more or less. But the large scale and rapid release of multiple variants of worms in the Netsky, Bagle, MyDoom and other families last year led to confusion, with antivirus firms out of sync in their naming. One vendor would tag a new Bagle as Bagle.w, for instance, while others would call it Bagle.u or Bagle.t.
Allan Lundell
«Virus! The Secret World of Computer Invaders That Breed and Destroy» 12488 hits
Contemporary Books (1989)
Bhaskar Mukherjee
«Threats to Digitization: Computer Virus» 30.38Kb 11399 hits
6th International CALIBER-2008, University of Allahabad, Allahabad, February 28-29, March 1, 2008 (2008)
Discusses historical background of Internet and pointed out how threats to digitization has increased with the development of Internet. The paper mentioned common symptoms of virus infection and suggests some measures towards protecting computers from virus as recommended by Microsoft and Symantec Corporation. Also lists some authorized anti-virus software available on Internet.
Igor Muttik
«Stripping down an AV engine» 31.96Kb 6803 hits
Virus Bulletin Conference (2000)
The complexity of anti-virus software has grown enormously over the last five years. The methods used to detect viruses have evolved from dumb-grunt scanning of the whole file from top to bottom for a specific search string to very intelligent methods based on a combination of heuristic and specific detection methods. This paper discusses this evolution in detail: from old-fashioned methods to the most complex contemporary ones. When speaking to the people not directly involved in the AV business I found it rather amusing that they are usually surprised to find that these days we do not use scan strings as such any more. In fact, we do, but not frequently, because for contemporary malware better methods can be used. What are they?
Carey Nachenberg
«Computer Virus-Antivirus Coevolution» 29.05Kb 16300 hits
COMMUNICATIONS OF THE ACM January 1997/Vol. 40, No. 1, pp. 46-51 (1997)
The battle to conquer computer viruses is far from won, but new and improved antidotes are controlling the field.
«Understanding and Managing Polymorphic Viruses» 19.68Kb 10871 hits
The Symantec Enterprise Papers, Volume XXX (1996)
Polymorphic computer viruses are the most complex and difficult viruses to detect, often requiring anti-virus companies to spend days or months creating the detection routines needed to catch a single polymorphic
Martin Overton
«FAT32 New Problems for Anti-Virus, or Viruses? (version 1.01)» 69.77Kb 15653 hits
The sudden appearance of FAT32 in service pack 2 for Windows '95 has brought some new complications for both viruses and anti-virus software. What's worse is the update is only available to OEMs to ship on new PCs. It's been dubbed Windows '96-and-a-half, as it is just a short stop from Windows '97 (now finally called Windows '98). What are the implications of Microsoft's latest addition to the file system format jungle? Can the existing anti-virus software handle FAT32? Can the existing boot and partition sector viruses infect FAT32 successfully, and without making the system unbootable or unusable? Will file-infecting viruses be affected? This paper aims to deflate the myths, clarify the differences and report the results of testing the above scenarios.
Adam Reynolds
«I.T. IN PRACTICE: Computer viruses» 5.67Kb 9864 hits
Law Institute Journal, 75 No 11, p.26 (2001)
This article looks at computer viruses, the types of damage they cause and ways of minimising this damage.
Bruce Schneier
«Secrets & Lies: Digital Security in a Networked World (excerpt)» 20.06Kb 12010 hits
John Wiley & Sons, 2000 (2000)
Information security expert Bruce Schneier explains what everyone in business needs to know about security in order to survive and be competitive. Pragmatic, interesting, and humorous, Schneier exposes the digital world and the realities of our networked society. He examines the entire system, from the reasons for technical insecurities to the minds behind malicious attacks. You'll be guided through the security war zone, and learn how to understand and arm yourself against the threats of our connected world.
Sasha Segan
«Killer Apps» 8.39Kb 9622 hits
SmartComputing, August 2002, vol. 13, issue 8, pp.54-57 (2002)
Computer Viruses Are Nothing New. Don't be ashamed. Everybody's had a virus at one time or another. The social diseases of the Internet age, computer viruses vary from the unnoticeable to the utterly horrifying. There are more of them than you think, and they're not going away. According to research firm TruSecure, 28% of corporations had a "virus disaster" resulting in 25 or more infected computers between January and September 2001. "The malicious code problem...continues its seven-plus year trend of worsening every year," Peter Tippett, chief technology officer of antiviral firm TruSecure, said in the 2001 report.
Zubair Shafiq, Momina Tabish, Muddassar Farooq
«Are Evolutionary Rule Learning Algorithms Appropriate for Malware Detection?» [TeX] 11.91Kb 11323 hits
Proceedings of the 11th Annual conference on Genetic and evolutionary computation, pp.1915-1916 (2009)
In this paper, we evaluate the performance of ten well-known evolutionary and non-evolutionary rule learning algorithms. The comparative study is performed on a real-world classification problem of detecting malicious executables. The executable dataset, used in this study, consists of a total of 189 attributes which are statically extracted from the executables of Microsoft Windows operating system. In our study, we evaluate the performance of rule learning algorithms with respect to four metrics: (1) classification accuracy, (2) the number of rules in the developed rule set, (3) the comprehensibility of the generated rules, and (4) the processing overhead of the rule learning process. The results of our study highlight important shortcomings in evolutionary rule learning classifiers that render them infeasible for deployment in a real-world malware detection system.
Robert Slade
«File infecting viri» 2.41Kb 9086 hits (1991)
«Infection variations» 2.71Kb 8766 hits (1991)
«Slade's Virus Books Reviews» [SRC] 190.8Kb 7796 hits
Reviews of various books about computer viruses
«Viral code "association"» 2.76Kb 8158 hits (1991)
«Viral code addition» 2.4Kb 7072 hits (1991)
«Viral code insertion» 2.26Kb 7013 hits (1991)
Alan Solomon
«All About Viruses» 41.3Kb 20832 hits
[...] In my experience, a lot of the `damage done by viruses' is actually damage done by people doing things before they've made sure of what they ought to do, which is another way of saying panic. So, don't panic! [...]
«A Guide to Evaluating Anti-Virus Software» 57.88Kb 12430 hits
[...] The purpose of this guide is to answer some of the most common questions about how to test and evaluate anti-virus software [...]
«Guidelines for an Anti-Virus Policy» 21.39Kb 11003 hits
[...] The virus threat is real. It is not the world-shattering problem sometimes outlined in the pages of the press; nor is it the non-existent 'urban myth' suggested by others. Many 'in the wild' viruses cause no damage; but a significant number are specifically designed to cause data loss [...]
«Java, ActiveX and the Virus Threat» 8.86Kb 12081 hits
[...] New technologies, such as Java and ActiveX, create fresh environments that hackers can potentially exploit. Luckily, while there has been a lot of press given to potential security problems with these and other Internet technologies, to date there are no documented "in-the-wild" attacks based on Java or ActiveX [...]
«Plumbing the Depths» 9.3Kb 10767 hits
[...] PC users sometimes resort to drastic measures to remove a virus. The use [more precisely, misuse] of low-level programs like FDISK, to remove viruses, is more common than might be expected [...]
«Windows 95 and Viruses» 3.31Kb 9008 hits
[...] Shortly after Windows 95 was released, we carried out a series of tests designed to see what effect boot sector viruses and DOS executable file viruses would have on the [new] operating system [...]
«Worms» 1.9Kb 8775 hits
[...] The worms described below affect computers utilizing mIRC software to access IRC (Internet relay Chat) channels [...]
Richard Stallman
«MyDoom and You» 3.91Kb 9352 hits (2004)
If anyone has knowledge or evidence about who developed the virus, I hope he or she will come forth and make an accusation against specific people based on specific proof. But nobody should make accusations without proof, and there is no excuse for guilt by association. Not in New York, not in Cambridge, and not in the Free World.
David Stang
«The Computer Virus Problem» 44.72Kb 18461 hits
Seven Locks Software, Inc.
James Stanger
«E-mail Virus Protection Handbook» 10222 hits
Syngress Media (2000)
E-mail has been called the killer application of the Internet with so many web-based commerce applications, business-to-business transactions, and Application Service Providers dependent on the e-mail client/server relationship. Now, because of that reliance, it is possible for e-mail software to become killer applications in an entirely different sense\x{2014}if they\x{2019}re down, they can kill your business. E-mail Virus Protections Handbook will help systems administrators and the end-users secure their e-mail. It shows how to encrypt e-mail messages, use antivirus and personal firewall software, and secure the operating system from attack. Know what\x{2019}s lurking in your e-mail! (Bur)
Péter Ször
«The Art of Computer Virus Research and Defense» [TeX] [SRC] 1.41Mb 89074 hits
Addison Wesley Professional (2005)
Peter Szor takes you behind the scenes of anti-virus research, showing howthey are analyzed, how they spread, and - most importantly - how to effectively defend against them. This book offers an encyclopedic treatment of thecomputer virus, including: a history of computer viruses, virus behavior, classification, protection strategies, anti-virus and worm-blocking techniques,and how to conduct an accurate threat analysis. The Art of Computer VirusResearch and Defense entertains readers with its look at anti-virus research, but more importantly it truly arms them in the fight against computer viruses.As one of the lead researchers behind Norton AntiVirus, the most popularantivirus program in the industry, Peter Szor studies viruses every day. Byshowing how viruses really work, this book will help security professionals andstudents protect against them, recognize them, and analyze and limit thedamage they can do.
Andrew Tanenbaum
«Modern operating systems» 58.13Kb 16530 hits (2001)
The threats discussed in the previous sections were largely caused from the inside, that is, perpetrated by users already logged in. However, for machines connected to the Internet or another network, there is a growing external threat. A networked computer can be attacked from a distant computer over the network. In nearly all cases, such an attack consists of some code being transmitted over the network to the target machine and executed there doing damage. As more and more computers join the Internet, the potential for damage keeps growing. In the following sections we will look at some of the operating systems aspects of these external threats, primarily focusing on viruses, worms, mobile code, and Java applets.
James Tarala
«Virii Generators: Understanding the Threat» 35.06Kb 14592 hits
The most common generators are the virii script generators, polymorphic, and encryption generation engines. Each of these generators comes in multiple forms with multiple types of interfaces, the most common being GUI interfaces, command line interfaces, and assembly level interfaces. Thankfully, the government as has sought to deter the practice of virii creation through clear consequences spelled out for those who engage in such activities. Each of these precepts needs to be thought through more, however, to really understand the threat against the enterprise, caused by such virii generators.
Mario Tinto
«Computer viruses: Prevention, Detection, and Treatment» 40.27Kb 14320 hits
This publication contains technical observations, opinions, and evidence prepared for informal exchange among individuals involved with computer security. The information contained herein represents the views of the author and is not to be construed as representing an official position of the National Computer Security Center.
John Wack, Lisa Carnahan
«Computer Viruses and Related Threats: A Management Guide» 92.39Kb 16516 hits
Computer Systems Technology, NIST Special Publication (1989)
This document provides guidance for technical managers for the reduction of risk to their computer systems and networks from attack by computer viruses, unauthorized users, and related threats. The guidance discusses the combined use of policies, procedures, and controls to address security vulnerabilities that can leave systems open to attack. The aim of this document is not to provide solutions to the wide range of specific problems or vulnerabilities, rather it is to help technical managers administer their systems and networks such that manifestations of viruses and related threats can be initially prevented, detected, and contained.
Wallace Wang
«Stalking a Computer Virus» 9.03Kb 11442 hits
When most people find a computer virus lurking on their hard disk, the first reaction is to grab an anti-virus program such as The Norton AntiVirus or McAfee's VirusScan, and kill the virus as quickly as possible. The two common ways to kill a computer virus are to delete the infected file (which is like killing cancer by shooting the patient) or attempting a slightly riskier method of cleaning the infected file.Cleaning an infected file means the anti-virus program tries to remove the computer virus program code from a file without harming the infected file. In many cases, a computer virus attaches itself so firmly to a file that removing the computer virus irreparably damages the infected file as well. When this happens, you have no choice but to delete the infected file.But rather than delete an infected file or let an anti-virus program try to clean it, you might be interested in trying a third approach, if you like living dangerously - study the computer virus and dissect it.Such amateur virus sleuthing can be interesting but dangerous, much like trying to make pipe bombs from plans you find on the Internet. Before attempting to isolate and dissect a virus, make backups of all your important files. That way if the virus gets loose and wipes out your hard disk, you won't lose everything for good. (Better yet, practice looking for a virus on a computer that you don't care about, such as an old computer or a computer belonging to your boss or disliked co-worker. That way if a virus gets loose and wipes everything out, at least your computer data will still be safe.)
Trudy Wassenaar, Martin Blase
«Contagion on the Internet» 10.34Kb 11823 hits
Emerging Infectious Deseases, Vol 8, No. 3, March 2003, pp.335-336 (2002)
Steve White
«Covert Distributed Processing with Computer Viruses» [TeX] 9.03Kb 12678 hits
Advances in Cryptology - Crypto '89, Lecture Notes in Computer Science, Vol. 435, pp. 616-619, 1989. (1989)
Computer viruses can be used by their authors to harness the resources of infected machines for the author's computation. By doing so without the permission or knowledge of the machine owners, viruses can be used to perform covert distributed processing. We outline the class of problems for which covert distributed processing can be used. A brute-force attack on cryptosystcms is one such problem, and we give estimates of the time required to complete such an attack covertly.
«Open Problems in Computer Virus Research» 40.95Kb 13073 hits
Virus Bulletin Conference, Oct 22, 1998, Munich Germany (1998)
Over a decade of work on the computer virus problem has resulted in a number of useful scientific and technological achievements. The study of biological epidemiology has been extended to help us understand when and why computer viruses spread. Techniques have been developed to help us estimate the safety and effectiveness of anti-virus technology before it is deployed. Technology for dealing with known viruses has been very successful, and is being extended to deal with previously unknown viruses automatically. Yet there are still important research problems, the solution to any of which significantly improve our ability to deal with the virus problems of the near future. The goal of this paper is to encourage clever people to work on these problems. To this end, we examine several open research problems in the area of protection from computer viruses. For each problem, we review the work that has been done to date, and suggest possible approaches. There is clearly enough work, even in the near term, to keep researchers busy for quite a while. There is every reason to believe that, as software technology evolves over the next century or so, there will plenty of important and interesting new problems that must be solved in this field.
Steve White, David Chess, Chengi Kuo
«Coping with Computer Viruses and Related Problems» 63.76Kb 13339 hits
We discuss computer viruses and related problems. Our intent is to help both executive and technical managers understand the problems that viruses pose, and to suggest practical steps they can take to help protect their computing systems.
Kurt Wismer
«The Anti-Virus Cook Book v1.5» 41.28Kb 13015 hits
The purpose of this document is to serve as an educational tool. I have felt for a long time now that the computer virus is much like a headache and that the average user should be able to administer proper anti-virus techniques on their computer as easily as they administer Tylenol, instead of having to run frantically to a specialist all the time (especially since most of those same specialists make available several tools that would take care of almost all the problems a user is likely to encounter).
Ian Witten
«Computer (In)security: Infiltrating Open Systems» [SRC] 83.07Kb 15383 hits
ABACUS, Vol. 4, No. 4, Summer 1987, pp. 7-25. (1987)
Despite advances in authentication and encryption methods, computer systems are just as vulnerable as ever.
Sung Yang
«Productivity, Technology and AntiVirus Industry» 29.86Kb 10392 hits
The technological equilibrium in antivirus industry will be ended by the appearance of superior antivirus technologies. The end of technological equilibrium will be a crisis and an opportunity. Scientifically managed process of brain works will bring a productivity revolution among knowledge workers, which economists have failed to identify, and will transform this world into a new world, as Taylor's scientific management in making and moving things did. Scientific management of brain works and scientific management in making and moving things have in common: process, which is a form of knowledge. Superior technologies and successful application of scientific management of brain works will divide antivirus industry into survivors and losers.Any feedback is very much appreciated, please contact author. This may freely be copied and distributed without any modification for non-commercial use.
54 authors, 81 titles
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka