Trojans, Worms, and Spyware: A Computer Security Professional’s Guide to Malicious Code

Michael Erbschloe0750678488, 9780750678483, 9781417544479

“Trojans, Worms, and Spyware provides practical, easy to understand, and readily usable advice to help organizations to improve their security and reduce the possible risks of malicious code attacks. Despite the global and domestic (US) economic downturn, information systems security remains one of the more in-demand professions in the world today. With the widespread use of the internet as a business tool, more emphasis is being placed on information security than ever before. To successfully deal with this increase in dependence and the ever-growing threat of virus and worm attacks, information security and information assurance (IA) professionals need a jargon-free book that addresses the practical aspects of meeting new security requirements. Everyone in business today knows what a virus is and, loosely, what effects it can have on computers and networked systems. This book provides a comprehensive list of threats, an explanation of what they are, and how they wreak havoc with systems, as well as a set of rules-to-live-by along with a system to develop procedures and implement security training. It is a daunting task to combat the new generation of computer security threats – new and advanced variants of Trojans, as well as spyware (both hardware and software) and “bombs” – and Trojans, Worms, and Spyware will be a handy must-have reference for the computer security professional to battle and prevent financial and operational harm from system attacks.

---

Table of contents :
Team DDU……Page 1
Table of Contents……Page 8
Preface……Page 14
Introduction……Page 16
Inside This Book……Page 18
Acknowledgements……Page 20
1 Malicious Code Overview……Page 22
Why Malicious Code Attacks Are Dangerous……Page 24
Impact of Malicious Code Attacks on Corporate Security……Page 27
Why Malicious Code Attacks Work……Page 29
Action Steps to Combat Malicious Code Attacks……Page 36
2 Types of Malicious Code……Page 38
E-mail Viruses and Miscellaneous Viruses……Page 39
Trojans and Other Backdoors……Page 43
Worms……Page 44
Blended Threats……Page 45
Spyware……Page 46
Adware……Page 47
Stealware……Page 49
Action Steps to Combat Malicious Code Attacks……Page 50
3 Review of Malicious Code Incidents……Page 52
Historic Tidbits……Page 53
The Morris Worm……Page 56
Melissa……Page 57
Love Bug……Page 58
Code Red(s)……Page 63
SirCam……Page 64
Slammer……Page 65
The Summer of 2003 Barrage of Blaster, Sobig, and More……Page 66
Early 2004 with MyDoom, Netsky, and More……Page 67
Action Steps to Combat Malicious Code Attacks……Page 68
4 Basic Steps to Combat Malicious Code Attacks……Page 72
Understanding the Risks……Page 73
Using Security Policies to Set Standards……Page 75
System and Patch Updates……Page 77
Establishing a Computer Incident Response Team……Page 78
Training for IT Professionals……Page 80
Training End Users……Page 81
Applying Social Engineering Methods in an Organization……Page 82
Working with Law Enforcement Agencies……Page 83
Action Steps to Combat Malicious Code Attacks……Page 86
Organization of the IT Security Function……Page 90
Where Malicious Code Attack Prevention Fits into the IT Security Function……Page 93
Staffing for Malicious Code Prevention in IT……Page 95
Budgeting for Malicious Code Prevention……Page 98
Evaluating Products for Malicious Code Prevention……Page 101
Establishing and Utilizing an Alert System……Page 102
Establishing and Utilizing a Reporting System……Page 104
Corporate Security and Malicious Code Incident Investigations……Page 105
Action Steps to Combat Malicious Code Attacks……Page 106
6 Controlling Computer Behavior of Employees……Page 110
Policies on Appropriate Use of Corporate Systems……Page 111
Monitoring Employee Behavior……Page 113
Web Site Blockers and Internet Filters……Page 114
Cookie and Spyware Blockers……Page 118
Pop-up Blockers……Page 120
Controlling Downloads……Page 121
SPAM Control……Page 124
Action Steps to Combat Malicious Code Attacks……Page 128
7 Responding to a Malicious Code Incident……Page 130
About the Case Study……Page 131
The First Report of a Malicious Code Attack……Page 133
The Confirmation Process……Page 135
Mobilizing the Response Team……Page 136
Using an Alert System and Informing End Users……Page 137
Cleanup and Restoration……Page 138
Controlling and Capturing Malicious Code……Page 140
Identifying the Source of Malicious Code……Page 141
When to Call Law Enforcement and What to Expect……Page 143
Enterprise-wide Eradication……Page 145
Returning to Normal Operations……Page 147
Analyzing Lessons Learned……Page 149
Action Steps to Combat Malicious Code Attacks……Page 151
8 Model Training Program for End Users……Page 154
Explaining Why the Training Is Important……Page 155
Explaining the Appropriate-Use Policy for Computers and Networks……Page 162
Explaining How the Help Desk and PC Support of the Organization Works……Page 164
Providing Basic Information about Malicious Code……Page 166
Covering the Basic Do’s and Don’ts of Computer Usage to Prevent Attacks……Page 170
Explaining How to Identify and Report Malicious Code……Page 172
Explaining What Employees Should Expect from the IT Department During Incident Response……Page 173
Action Steps to Combat Malicious Code Attacks……Page 175
9 The Future of Malicious Code……Page 178
Military-Style Information Warfare……Page 179
Open-Source Information Warfare……Page 187
Militancy and Social Action……Page 195
Homeland Security Efforts……Page 198
References……Page 205
Common Vulnerabilities and Exposures (CVE)……Page 206
InfraGuard……Page 207
NIST Computer Security Resource Clearinghouse……Page 208
Sophos Virus Information……Page 209
VirusList.com……Page 210
Index……Page 212