|
Preface |
7 |
|
|
Contents |
15 |
|
|
List of Figures |
21 |
|
|
List of Tables |
23 |
|
|
Genesis and Theory of Computer Viruses |
25 |
|
|
1 Introduction |
27 |
|
|
2 The Formalization Foundations: from Turing to von Neumann (1936 – 1967) |
31 |
|
|
2.1 Introduction |
31 |
|
|
2.2 Turing Machines |
32 |
|
|
2.2.1 Turing Machines and Recursive Functions |
33 |
|
|
2.2.2 Universal Turing Machine |
37 |
|
|
2.2.3 The Halting Problem and Decidability |
39 |
|
|
2.2.4 Recursive Functions and Viruses |
41 |
|
|
2.3 Self-reproducing Automata |
43 |
|
|
2.3.1 The Mathematical Model of Von Neumann Automata |
44 |
|
|
2.3.2 Von Neumann’s Self-reproducing Automaton |
52 |
|
|
2.3.3 The Langton’s Self-reproducing Loop |
55 |
|
|
3 F. Cohen and L. Adleman’s Formalization (1984 – 1989) |
63 |
|
|
3.1 Introduction |
63 |
|
|
3.2 Fred Cohen’s Formalization |
65 |
|
|
3.3 Leonard Adleman’s Formalization |
89 |
|
|
3.4 Conclusion |
101 |
|
|
Exercises |
102 |
|
|
Study Projects |
104 |
|
|
4 Taxonomy, Techniques and Tools |
105 |
|
|
4.1 Introduction |
105 |
|
|
4.2 General Aspects of Computer Infection Programs |
107 |
|
|
4.3 Non Self-reproducing Malware (Epeian) |
122 |
|
|
4.4 How Do Viruses Operate? |
127 |
|
|
4.5 Virus and Worms Classification |
146 |
|
|
4.5.1 Viruses Nomenclature |
146 |
|
|
4.6 Tools in Computer Virology |
171 |
|
|
Exercises |
173 |
|
|
5 Fighting Against Viruses |
175 |
|
|
5.1 Introduction |
175 |
|
|
5.2 Protecting Against Viral Infections |
177 |
|
|
5.2.1 Antiviral Techniques |
179 |
|
|
5.2.2 Assessing of the Cost of Viral Attacks |
187 |
|
|
5.2.3 Computer Hygiene Rules |
188 |
|
|
5.2.4 What To Do in Case of a Malware Attack |
191 |
|
|
5.2.5 Conclusion |
194 |
|
|
5.3 Legal Aspects Inherent to Computer Virology |
196 |
|
|
5.3.1 The Current Situation |
196 |
|
|
5.3.2 Evolution of The Legal Framework: The Law Dealing With |
199 |
|
|
Learning Computer Viruses by Programming |
203 |
|
|
6 Introduction |
205 |
|
|
7 Computer Viruses in Interpreted Programming Language |
209 |
|
|
7.1 Introduction |
209 |
|
|
7.2 Design of a Shell Bash Virus under Linux |
210 |
|
|
7.2.1 Fighting Overinfection |
212 |
|
|
7.2.2 Anti-antiviral Fighting: Polymorphism |
214 |
|
|
7.2.3 Increasing the |
218 |
|
|
7.2.4 Including a Payload |
220 |
|
|
7.3 Some Real-world Examples |
221 |
|
|
7.4 Conclusion |
227 |
|
|
Exercises |
227 |
|
|
Study Projects |
228 |
|
|
8 Companion Viruses |
231 |
|
|
8.1 Introduction |
231 |
|
|
8.2 The companion virus |
234 |
|
|
8.2.1 Analysis of the Virus |
235 |
|
|
8.2.2 Weaknesses and Flaws of the |
243 |
|
|
8.3 Optimized and Stealth Versions of the Vcomp ex Virus |
245 |
|
|
8.4 The Vcomp ex v3 Companion Virus |
262 |
|
|
8.5 A Hybrid Companion Virus: the Virus Case |
265 |
|
|
8.6 Conclusion |
273 |
|
|
Exercises |
273 |
|
|
Study Projects |
277 |
|
|
9 Worms |
281 |
|
|
9.1 Introduction |
281 |
|
|
9.2 The Internet Worm |
283 |
|
|
9.3 IIS Worm Code Analysis |
290 |
|
|
9.4 Xanax Worm Code Source Analysis |
310 |
|
|
9.5 Analysis of the UNIX.LoveLetter Worm |
331 |
|
|
9.6 Conclusion |
340 |
|
|
Exercises |
341 |
|
|
Study Projects |
343 |
|
|
Computer Viruses and Applications |
345 |
|
|
10 Introduction |
347 |
|
|
11 Computer Viruses and Applications |
351 |
|
|
11.1 Introduction |
351 |
|
|
11.2 The State of the Art |
354 |
|
|
11.3 Fighting against Crime |
364 |
|
|
11.4 Environmental Cryptographic Key Generation |
366 |
|
|
11.5 Conclusion |
371 |
|
|
Exercises |
372 |
|
|
12 BIOS Viruses |
373 |
|
|
12.1 Introduction |
373 |
|
|
12.2 bios Structure and Working |
375 |
|
|
12.3 vbios Virus Description |
381 |
|
|
12.4 Installation of vbios |
386 |
|
|
12.5 Future Prospects and Conclusion |
388 |
|
|
13 Applied Cryptanalysis of Cipher Systems: The ymun20 Virus |
391 |
|
|
13.1 Introduction |
391 |
|
|
13.2 General Description of Both the Virus and the Attack |
393 |
|
|
13.3 Detailed Analysis of the Virus |
397 |
|
|
13.3.1 The Attack Context |
397 |
|
|
13.3.2 The ymun20-V1 Virus |
399 |
|
|
13.4 Conclusion |
404 |
|
|
Study Project |
404 |
|
|
Conclusion |
407 |
|
|
14 Conclusion |
409 |
|
|
References |
415 |
|
|
Index |
423 |
|