You are previewing Malware, Rootkits & Botnets: A Beginner’s Guide.
O'Reilly logo
Malware, Rootkits & Botnets: A Beginner’s Guide

Book Description

Security Smarts for the Self-Guided IT Professional Learn how to improve the security posture of your organization and defend against some of the most pervasive network attacks. Malware, Rootkits & Botnets: A Beginner's Guide explains the nature, sophistication, and danger of these risks and offers best practicesfor thwarting them. After reviewing the current threat landscape, the book describes the entire threat lifecycle, explaining how cybercriminals create, deploy, and manage the malware, rootkits, and botnets under their control.

Table of Contents

  1. Cover 
  2. Copyright
  3. Dedication
  4. About the Author
  5. Contents at a Glance
  6. Contents 
  7. Acknowledgments
  8. Foreword
  9. Introduction
  10. Part I: Establishing the Foundation
    1. 1. Getting In Gear
      1. A Malware Encounter
      2. A Brief Overview of the Threat Landscape
      3. Threat to National Security
      4. Starting the Journey
      5. We’ve Covered
      6. References
    2. 2. A Brief History of Malware
      1. Computer Viruses
        1. Classification of Computer Viruses
        2. Early Challenges
      2. Malware
        1. Classification of Malware
        2. Evolution of Malware
      3. Riskware
        1. Classification of Riskware
      4. Malware Creation Kits
      5. The Impact of Malware
      6. We’ve Covered
    3. 3. Cloak of the Rootkit
      1. What Is a Rootkit?
      2. Environment Mechanics
        1. The Operating System Kernel
        2. User Mode and Kernel Mode
        3. Rings
        4. Switching from User Mode to Kernel Mode
      3. Types of Rootkits
        1. User-Mode Rootkits
        2. Kernel-Mode Rootkits
      4. Rootkit Techniques
        1. Hooking
        2. DLL Injection
        3. Direct Kernel Object Manipulation
      5. Tackling Rootkits
      6. We’ve Covered
    4. 4. Rise of the Botnets
      1. What Is a Botnet?
        1. Main Characteristics
        2. Key Components
        3. C&C Structure
      2. Botnet Usage
        1. Distributed Denial of Service Attack
        2. Click Fraud
        3. Spam Relay
        4. Pay-Per-Install Agent
        5. Large-Scale Information Harvesting
        6. Information Processing
      3. Botnet Protective Mechanisms
        1. Bulletproof Hosting
        2. Dynamic DNS
        3. Fast Fluxing
        4. Domain Fluxing
      4. The Fight Against Botnets
        1. The Technical Front
        2. The Legal Front
      5. We’ve Covered
      6. References
  11. Part II: Welcome to the Jungle
    1. 5. The Threat Ecosystem
      1. The Threat Ecosystem
        1. The Technical Element
        2. The Human Element
        3. The Evolution of the Threat Ecosystem
      2. Advanced Persistent Threat
        1. The Attack Method
        2. The Attack Profitability
      3. Malware Economy
        1. Malware Outsourcing
      4. We’ve Covered
    2. 6. The Malware Factory
      1. The Need to Evade Antivirus
        1. Malware Incident Handling Process
        2. Malware Detection
        3. Circumventing the Antivirus Product
      2. The Need for an Army of Malware
        1. Next-Generation Malware Kits
        2. Stand-Alone Armoring Tools
        3. The Impact of an Armored Army of Malware
      3. The Malware Factory
        1. The Malware Assembly Line
        2. The Proliferation of Attacker Tools
        3. Malware Population Explosion
        4. We’ve Covered
    3. 7. Infection Vectors
      1. Infection Vectors
        1. Physical Media
        2. E-mail
        3. Instant Messaging and Chat
        4. Social Networking
        5. URL Links
        6. File Shares
        7. Software Vulnerabilities
      2. The Potential of Becoming an Infection Vector
      3. We’ve Covered
    4. 8. The Compromised System
      1. Introduction
      2. The Malware Infection Process
        1. Installation of Malware Files
        2. Setting Up Malware Persistency
        3. Removing Evidence of the Malware Installer
        4. Passing Control to the Malware
      3. The Active Malware
        1. Maintaining the Foothold
        2. Communicating with the Attacker
        3. Executing the Payload
      4. We’ve Covered
  12. Part III: The Enterprise Strikes Back
    1. 9. Protecting the Organization
      1. The Threat Incident Responders
      2. Understanding the Value of the System
        1. Value to the Organization
        2. Value to the Attacker
      3. Understanding the Characteristics of the System
        1. System Type
        2. Operational Impact
        3. Sensitivity of Hosted Data
        4. Users of the System
        5. Network Location
        6. Accessibility to the Asset
        7. Asset Access Rights
        8. Recovery
        9. System Status
      4. Prioritizing the Systems
      5. The Organization’s Security Posture
      6. Understanding the Cost of Compromise
        1. Direct Cost
        2. Indirect Cost
      7. Protecting the Systems
        1. Threat Modeling
        2. Identifying the Appropriate Solutions
        3. Proactive Threat Detection
      8. Creating an Incident Response Plan
        1. Identify Different Compromise Scenarios
        2. Identify Solution Patterns
        3. Define Roles and Responsibilities
        4. Establish Protocols
        5. Conduct Periodic Dry-Runs
        6. Review and Improve
      9. Putting Everything into Action
      10. Beyond Protection
      11. We’ve Covered
    2. 10. Detecting the Threat
      1. Establishing a Baseline
        1. Establishing a Network Baseline
        2. Establishing a Host Baseline
      2. Detecting Anomalies
        1. Detecting Network Anomalies
        2. Detecting Host Anomalies
      3. Isolating the Source of the Anomaly
      4. Diving into the Compromised Asset
        1. Pinpointing the Malware
        2. Classifying the Malware Based on Its Attack Directive
      5. We’ve Covered
    3. 11. Mitigating the Threat
      1. Introduction
      2. Threat Mitigation
      3. Immediate Response
        1. Containment
        2. Verification
        3. Threat Detection and Classification
        4. Remediation and Restoration
      4. Proactive Response
        1. Preventive Measures
        2. Conducting a Periodic Security Audit
      5. The Threat from Insiders
        1. Who Are the Insider Threats?
        2. Mitigating the Insider Threat
      6. Be Vigilant
      7. We’ve Covered
  13. Part IV: Final Thoughts
    1. 12. The Never-Ending Race
      1. Introduction
      2. A Short Review of the Book
      3. Predictions
        1. The Future of Malware
        2. The Future of Rootkits
        3. The Future of Botnets
      4. The Good Guys Are Busy Too
      5. The Adventure Has Just Begun
      6. We’ve Covered
    2. A: The Bootup Process
      1. The Windows Bootup Process
        1. BIOS-Based System
        2. EFI-Based System
    3. B: Useful Links
      1. Vulnerability Information
      2. Free Online Security Products
      3. Free File Scanner and Analysis Tools
      4. Web Security
      5. Malware Trackers
      6. Other Important Links
  14. Glossary
  15. Index