Malicious cryptography, part two
This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part two continues the discussion of armored viruses and then looks at a Bradley worm - a worm that uses cryptography in such a way that it cannot be analyzed. Then it is shown how Skype can be used for malicious purposes, with a crypto-virus that is very difficult to detect. 2006-05-16 http://www.securityfocus.com/infocus/1866 Malicious cryptography, part one This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part one introduces the concepts behind cryptovirology and offers examples of malicious potential with the SuckIt rootkit and a possible SSH worm. It then introduces armored viruses that use shape shifting (polymorphism and metamorphism) to avoid detection. 2006-05-08 http://www.securityfocus.com/infocus/1865 Fighting EPO Viruses This article studies complex Entry Point Obscuring (EPO) viruses, by looking at the detection and removal of the difficult Win32.CTX.Phage virus. 2005-06-29 http://www.securityfocus.com/infocus/1841 The True Computer Parasite This article examines the evolution of malware, highlighting developments in replication techniques as well as significant changes in the nature of payload activities -- which now often generate profit for the malware creators. 2005-06-01 http://www.securityfocus.com/infocus/1838 Detecting Complex Viruses The purpose of this paper is to examine the difficulties of detecting complex viruses, including polymorphic, metamorphic and entry-point obscuring viruses. Whether or not an anti-virus (AV) technology can detect these viruses can be a useful metric to consider when evaluating AV products. 2004-12-06 http://www.securityfocus.com/infocus/1813 Lessons Learned from Virus Infections This article discusses how a virus outbreak will produce a few unique opportunities to examine the health of an organization's network -- and learn ways to further harden the network from future automated attacks. 2004-10-04 http://www.securityfocus.com/infocus/1804 Detecting Worms and Abnormal Activities with NetFlow, Part 2 This paper discusses the use of NetFlow, a traffic profile monitoring technology available on many routers, for use in the early detection of worms, spammers, and other abnormal network activity in large enterprise networks and service providers. Part 2 of 2. 2004-09-23 http://www.securityfocus.com/infocus/1802 Detecting Worms and Abnormal Activities with NetFlow, Part 1 This paper discusses the use of NetFlow, a traffic profile monitoring technology available on many routers, for use in the early detection of worms, spammers, and other abnormal network activity in large enterprise networks and service providers. 2004-08-16 http://www.securityfocus.com/infocus/1796 Malware Analysis for Administrators The purpose of this article is to help administrators and power users use behavioral analysis to determine if a binary is harmful malware, by analyzing it in a lab environment without the use of anti-virus software, debuggers, or code disassembly. 2004-05-20 http://www.securityfocus.com/infocus/1780 Antivirus Concerns in XP and .NET Environments This article will discuss new antivirus concerns within Microsoft's .NET framework and Windows XP applications. 2003-07-07 http://www.securityfocus.com/infocus/1707 |
|
Privacy Statement |