Program Security:

Web Standards Project(WaSP) - A group (Web Standards Project(WaSP)), citing recommendations by the US Computer Emergency Readiness Team not to use Internet Explorer because of its security problems, has set up a web site featuring testimonials from users who have switched from IE to alternative web browsers. Some of the alternatives to IE listed on the site are Mozilla, Firefox, Safari and Opera.MAIL CALL - Defining user and enterprise restrictions with security and acceptable-use policies can help corporations mitigate e-mail risks. E-mail policies need to be explicit when defining what is and is not acceptable as far as attachments, protecting intellectual property, acceptable language, identification and authentication, and broadcast messages and spam. This article also covers managerial governance of e-mail security policies.
UpdateExpert - UpdateExpert is a application utility that provides software patch management. St. Bernard, the manufacturer of Update Expert, retrieves and tests all patches from Corporations such as Microsoft. Patches can then be downloaded at scheduled times by a network administrator. Local computer updates can then be scheduled, which at that point they pull the patches from the host computer and not the internet. This relieves the internet connection from massive bandwidth usage. UpdateExpert can also be used to monitor versions of other applications such as AutoCad, Adobe, MS Office, MS Project, etc. It can then be used to push upgrades to specific computers. If the computer needs to be rebooted it will prompt the user to do so.Contains a study of NSA's high confidence software and systems
Digital defenses A business's network is its castle. By Lee Bruno, January 13, 2003Viruses get smarterBy DAN VERTON; JANUARY 27, 2003Viruses, Worms and Security Holes; More special coverage pages
Threats to Instant Messaging by Symantec.com, Neal Hindocha - Instant Messaging ("IM") is extremely popular and, as this white paper details, extremely vulnerable. From transmissions that bypass normal server protection mechanisms to file and disk sharing, IMs can be significant risks if users are not educated and cautious. The protocols four most popular IM packages (AOL Instant Messager, ICQ, MSN Messager and Yahoo! Messager) are analyzed in detail and threats specific to each are discussed.10 Tips for Beating Virus Threats; By DAN VERTON - JANUARY 27, 2003Immune computer systems
Java securityProgram SecurityHigh-Risk IT Program Security Reviews
Program security VulnerabilitiesApplication program securitychildcare Program security
Program Security and AccessCameo Program SecurityE-Mail Program security
program securityProgram Security AdvisorComputer Program Security Flaws
Application Program SecurityChecking Program securityProgram security with ids and Passwords
Mobile Program SecurityStandard Seven Program SecurityPS Overview CSEE
DelphionProgram Security DeviceGovernment-backed software security study takes offSoftware, Security, and Ethnicity
Program Security by Lance Hoffman (1998); This site provides information on a variety of program security topics. Some of the major topics include program security, viruses, worms, trapdoors, salami attacks, various types of controls, and computer security ethics. The document can be viewed over the web or downloaded in powerpoint format.Forum of Incident Response and Security Teams (FIRST) - This coalition, the Forum of Incident Response and Security Teams (FIRST), brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST provides a forum for facilitating trusted interactions among incident response and security teams. The site provides computer-security related information such as information on security products and informational papers.CERT® Coordination Center - One of the most widely used program security rsources. This site contains up-to-date information on the latest security breaches, potential code flaws, security bugs, hacker attacks, and general information related to computer security.
Network device drivers reuse old frame buffer data to pad packets - Network device drivers reuse old frame buffer data to pad packets This is a notice from CERT.ORG, a great site for all types of security related issues. This particular notice warns that some NIC cards driver software do not properly implement the 802.3 standards, which say that if a data packet needs to be padded (packets sizes less than the mandated 46 bytes, would need padding), then the driver should pad with 0’s, however, some drivers use old frame buffer data, which could contain sensitive information.Shifting the Odds Writing (More) Secure Software - Steve Bellovin's (1996); "firewalls are a network response to a software engineering problem"... Steve Bellovin is a researcher at ATT, this is a presentation/paper he wrote that addresses several of the topics in chapter 3. Specifically addressing principles of software enginnering, interface design, and transitive trust. The author also presents the idea that Firewalls are necessary because software is so poorly designed.A Lab engineers check list for writing secure Unix code - This paper specifically addresses a checklist for writing secure UNIX code, but a quick review shows that these are generally good principles for other languages as well. copyright 1996 by O'Reilly & Associates and by AUSCERT, The University of Queensland
How to find security holes - A very interesting paper. Although there are some very technical areas that went way over my head, this paper gives insight to how intruders might begin their hunt for software vulnerabilities. For example: a great explanation how you might exploit buffer overflows and resources deprivation.Want Good Security? Write Good Code. - Dev Zaborav (2002); This is a short article that discusses some of the “whys” of insecure software. Here is a quote from the article as an example. ”Companies seem to believe that security isn't a value-added asset; it isn't a bell or whistle that encourages a user to select that product. It's considered easier and more cost-effective to simply release the software with bugs and issue patches as needed.” . The author goes on to discuss some of the other excuses or reasons for insecure code.Cumulative Patch for Internet Explorer - Microsoft has just released a patch for IE 5.01, 5.5, and 6.0. This patch is supposed to fix two cross-domain vulnerabilities( keeps windows of different domains from sharing information). The first fixes a problem with incomplete security checking of dialog boxes, the second with the showHelp() function.
Application Security Information - This is an excellent resource. It talks about the methods hackers or crackers use to break computer software code or serial numbers.Protecting Java Code Via Code Obfuscation - By Douglas Low; This article talks about protecting java code from reverse engineering. Since all java code is compiled to byte code, reverse engineering it is easy.Protecting against malicious attacks - This article talks about methods of stopping malicious attacks on your code.
How to toughen the weakest link in the security chain - By Douglas Schweitzer,JANUARY 08, 2003; Organizations are employing the use of firewalls, antivirus software and sophisticated intrusion-detection systems but neglect the human element.Reduce risk and simplify maintenance via minimal installs - By Tom Palmieri, JANUARY 20, 2003; One way to avoid security holes is to eliminate unnecessary software and services.Security Flaws Found in New Opera Browser - Joris Evers (2003); This site talks about the five new security holes in Opera
This sells different kinds of hacking toolsNASA leads efforts to build better software - By PATRICK THIBODEAU, FEBRUARY 07, 2003; In the wake of the Columbia space shuttle crash, NASA has brought renewed attention to complex computer systems and software. Its goal, along with other agencies, universities, and corporations is to design "highly dependable" software. This means that systems, as well as software, would tolerate hardware faults well, maintain security in an attack, and would always be available to the user.Security flaw found in firewall program BlackIce Defender - By TODD R. WEISS, FEBRUARY 11, 2002; A flaw in the firewall software, BlackIce Defender, would allow an attacker to crash or take control of the system. The "ping flood vulnerability" would overwhelm a system by sending huge amounts of data packets to it.
Zlib security flaw could affect numerous programs - By TODD R. WEISS, MARCH 15, 2002; Zlib compression/decompression library, which was used in MicroSoft's DirectX, FrontPage, Internet Explorer, Netscape Navigator, and Norton Antivirus had a design flaw. A memory allocation routine built into the program tried to free used memory twice. This would, in most cases, crash the system. Testing for Failure - New tools ease the burden of building secure code. - BY Pete Lindstrom,January 2003; The writer states that software developers must beat hackers to the punch by attacking software before it reaches the market. This would help to detect vulnerabilities before hackers exploited it. Improved testing of the software would also help to lower its cost. A source for this article said that security must be incorporated directly into the software. It can't be "bolted" on later. Paying for Protection - Customers see immediate results, buy time to patch at their leisure. - BY Anne Saita, October 2002; The article deals with intrusion prevention and patching. The author states that intrusion prevention buys administrators time to patch at their leisure. It also reduces cost and downtime.
High-Risk IT Program Security Reviews - An organization that was established by the National Institute of Standards and Technology to oversee federal agency’s computer security. The site lists evaluation criteria for agencies, which include application security, data security and physical security.pcAudit™ - A free vulnerability scanner that simulates an attack and determines if you have a security problem.Vulnerability Scanners - COUNTERPOINT: BEWARE THE RED HERRING - An interesting article which states that vulnerability scanners can be counter productive and give a company a false sense of security.
Microsoft launches 'Gold' security partner program - An article in CNN about a program that Microsoft announced in December of 2001. This program allowed businesses access to security information and consultants. It also made companies agree to a code of conduct. This code states that the company will not disclose the information about a security vulnerability until patches have been created. Software QA and Testing Resource Center - This is a great site for Quality Assurance Engineer information. This is a very important step in the software development lifecycle. Quality Assurance can stop flaws in code from ever turning into vulnerabilities.
Gates: We must improve security; By Robert Lemos ZDNet News January 16, 2002, 9:40 PM PT; This is an article annoucing Microsoft's Trustworthy Computing initiative last year. It also discusses the importance of security for the .NET platform.A taxonomy of Computer Security Flaws - by Carl Landwehr; This is a paper written by Landwehr discussing Flaws in software.Microsoft criticized for lack of software security - By Paul Festa and Joe Wilcox, Staff Writer, CNET News.com, May 5, 2000, 5:15 PM PT; An article discussing many of Microsoft's security problems in their programs.
Detecting Format String Vulnerabilities with Type Qualifiers - by David Wagner & Umesh Shankar (2001); This is a paper discusses a new system of detecting security vulnerabilities in C programs dealing with the format string.Statically Detecting Likely Buffer Overflow Vulnerabilities - by David Larochelle (2002); This paper discusses the Buffer Overflow and security problems associated with it. It aslo discusses their analysis tool used to check code for possible vulnerabilities.Microsoft patches patch for NT - by Paul Roberts (2003); Microsoft released a patch on 12/11/02 to address a vulnerability affecting the WM_TIMER function. It was later determined that that patch could cause random crashes and reboots of NT4.0 systems, so MS pulled the patch, and issues a new patch on 2/7.
New program stops Windows 2000/NT/98 security weaknesses and Trojans for free - Brian Livingston (2003); The article discusses a new program that consolidates the strongest features of the best software firewalls, Trojan horse defenses, and Internet security locks in order to stop Windows 2000/NT/98 security weaknesses and Trojans. The program can be used for free by individuals and nonprofit groups. The program is called ZoneAlarm 2.0 and is intended for use with Microsoft Windows 2000/NT/9x. The program offers a combination of firewall protection and the detection of unauthorized, outbound Internet traffic. Stupid, Stupid Protocols: Telnet, FTP, rsh/rcp/rlogin - by Jay Beale (2002); The article discusses the weaknesses and vulnerabilities of the protocols: Telnet, RTP, and rsh/rcp/rlogin, and how each of the protocols can be replaced by secure shell (ssh) which is more secure and lacks the weaknesses and vulnerabilities of the other protocols. For example, the author states that Telnet is a cleartext, password-based protocol and that one of Telnet’s many vulnerabilities occurs when a cracker roots a host which shares a hub with the destination server. The cracker can eavesdrop on the entire session and see user names and passwords. Also, Telnet’s lack of encryption can be used to allow a cracker to take over the Telnet connection. According to the author, it is a better idea to use ssh for remote logging.Analysis of Buffer Overflow Attacks - by Maciej Ogorkiewicz & Piotr Frej (2002); The article examines buffer overflow attacks and possible preventive measures. According to the article, programs written in the C language are most susceptible to this type of attack because more focus is given to the programming efficiency and code length than to the security aspect when using the language. The buffer overflow condition occurs anytime the program writes more information into the buffer than the space it has allocated in the memory. Furthermore, the condition allows an attacker to overwrite data that controls the program execution path and hijack control of the program which allows the execution of the attacker’s code instead the process code.
Killing Daemons! (Minimize Access Points to Secure Linux Boxes) - by Jay Beale (2000); The articles describes the purpose of running daemons on a Red Hat 6.1/6.x "Server" box and offers solutions in the deactivation of daemons for security purposes. According to the article, daemons are optional background system programs that run whether or not they are needed by default. Examples of daemons are an FTP server, printer daemon, or NFS system. Daemons are considered convenient and easy to use and are vulnerable to attackers because daemons may have security vulnerabilities which can be exploited by attackers to obtain root access. One solution to the problem is to reduce the number of possible paths to system compromise by reducing the number of privileged programs.Crying over spilled data - What are buffer overflows, and how can you protect yourself from them? - by Maggie Biggs (2003); This article deals with the problem of buffer overflows and states that it will continue to be a problem because of the large number of applications already deployed that do not validate buffer sizes. According to the author, nearly half of all security vulnerabilities are due to buffer overflows.Application Security Information - Good site for how crackers use tools available, the tools are listed and some links to them as well, to crack into programs. The site takes the standpoint of having knowledge of this will help make you more secure.
Rooting Out Vulnerabilities at the Source - by Dennis Fisher (2003); Good article on how Sanctum Inc. released an application to help point out vulnerabilities during the testing process. (provided the product is tested before release)Feds Push for Secure Systems - by Dennis Fisher (2003); A very interesting article about how the Federal government is bypassing their "normal" (long and tedious) procurement process in order to obtain more secure systems.Cyber Attacks Decline; Vulnerabilities Surge - by Dennis Fisher (2003); We didn't hear about too many attacks over the last 6 months did we? Except of course for the Slammer. But what has happened? Are we better at defending our systems? Not according to this article.
Buffer Overflow In NOD32 Antivirus Software for Unix - (2003); When NOD32 parses a path with a length of over 500 characters, a buffer overflow occurs allowing the attachers to gain root privileges. NOD32 is a cross-platform anit-virus application for unix machines.Avoiding Buffer Overflows - by Danny Kalev (2001); This article describes buffer overflows, and explains how to avoid them in your code.Security-specific Programming Errors - by Thomas Beige / SUSE (2002); This eight-part series discusses a wide variety of programming errors. It includes very detailed graphics and step-by-step analysis of what makes these practices vulnerable, how they can be exploited, and suggestions for avoiding these vulnerabilities in your code.
Detecting Format String Vulnerabilities with Type Qualifiers - by Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, David Wagner(2001);In this paper, the authors describe a method for using a new constraint-based type-inference system to detect format string vulnerabilities in C programs at compile time. C is "especially difficult to secure", claim the authors, because of the tendency of C (they actually mean C programmers) to "sacrifice safety for efficiency".Using Redundancies to Find Errors - by Yichen Xie and Dawson Engler; This paper details an exploration of the hypothesis that redundancies in code can indicate higher-level correctness errors. Four categories of redundancies were checked for, all varieties that would compile correctly and pass standard type checking. The findings were that not only did these redundancies often correlate to known hard errors, they also detected new errors and flagged poorly written code.Applying Aspect-Oriented Programming to Security by ; Aspect-Oriented Programming allows security policy implementation to be separated from the functional code and modularized to be applied to the main program in a uniform manner such that functional code is still fully protected. Most the examples given are new wrapper functions that replace calls to vulnerable functions with protective code.
Programming PHP with Security in Mind - Posted on October 01, 2002 by Nuno Loureiro; This article reviews several common ways vulnerabilities can creep into PHP code and how to avoid them. Design flaws bite Apple - by Chris White(2002); This article dates back to July 2002 and discusses Apple's first big security scare. A software update mechanism in the Mac OS X can be exploited by malicious hackers to effectively give them control of your computer. Apple was quick to respond to this problem and produced an update within days but the question of why this technique wasn't part of the original design leaves certain questions to be asked. CERT Reports Flaws in Compaq GUI - by Michael Chait (2002); Two vulnerabilities were discovered in the Common Desktop Environment (CDE) ToolTalk RPC database server that could allow hackers to delete files or cause a denial-of-service (DoS) attack. CDE is an integrated graphical user interface (define) that runs on UNIX and Linux operating systems, and is widely installed as a default program. The ToolTalk RPC database server manages communication between ToolTalk applications. Sun, Hewlitt-Packard, Compaq, Caldera, IBM, and Xi Graphics have all admitted to susceptibility on some on their machines. The first vulnerability results from improper checks on user-supplied RPC arguments. The second vulnerability stems from inadequate validation of file operations.
Government Against Full Disclosure of Vulnerabilities - By Thor Olavsrud (2002); This article published August 1, 2002 suggests hacking for purposes of determining vulnerabilities is acceptable. The government is urging "white hat" hackers to search for security flaws in software, but also wants them to only pass information about those flaws on to software vendors and the government, not to the rest of the security community as is common practice today. Speaking at the annual Black Hat Conference of Information Technology Professionals in Las Vegas, Richard Clarke, President Bush's special advisor for cyber space security, said security professionals have an obligation to be responsible with the disclosure of security vulnerabilities. They should first report vulnerabilities to the vendor who makes the software in which the vulnerability is found, and then tell the government if the vendor doesn't take action. Only after a patch for the vulnerability is distributed, he said, should others be notified about the vulnerability. The debate over "full disclosure" has raged for years with many vendors taking the stance that information about security flaws should not be communicated to the world. Full disclosure was came out of efforts to release the details of security fixes so that members of the public could repair problems on their own without waiting for vendors to respond.Microsoft Word, Outlook security flaws identified - By Paul Roberts IDG News Service, 09/13/02; Vulnerabilities have been identified in two widely used Microsoft products, Microsoft Word and Outlook Express. In order to exploit this vulnerability, an attacker would have to know the names and the locations of the victim's files containing the information he wanted to steal. The hidden fields would look for data in specific files, and not do a general scan of the hard disk. Because of this complexity, Microsoft and most security experts qualified their warnings concerning the vulnerability by noting that the potential threat of being attacked using fields is limited. The problem lies not with Microsoft's e-mail program, experts say, so much as with the filtering engines from third parties that failed to detect the ruse. Now we see the effect of third party software has on program security.Microsoft Warns of New Security Issues in PowerPoint, Excel - by Jaikumar Vijayan, Computerworld (2001); The article briefly discussed a vulnerability that existed in Microsoft’s Power Point and Excel Programs. The vulnerability allowed macros to execute automatically without permission, and as a result a hacker could create a document that when opened would cause malicious code to run in the background undetected.
Assessing the risks of open source - by Thomas Murphy (2002); The article discusses the risk of open source code. It states that there are several risks associated with using software developed by others such as copyrights and patents, liability and security, and quality.The value of open source - by Thomas Murphy (2002); This article is a run off from "Assessing the Risk of Open Source Code." It discusses how open source code can compromise program security intentionally and non-intentionally.ITS4: A Static Vulnerability Scanner for C and C++ Code - by John Viega, J.T. Bloch, Yoshi Kohno, Gary McGraw (2000); this article decribes an automated security scanner for C++ code. The article is rather lengthy and has some very detailed explainations of how the program actually does its work. However, I found that my quick read gave me plenty of information on the requirements needed to create such a product, as well as some of the pitfalls.
Security in Software Engineering - by Nick Feamster (2002); Security in software engineering a broad topic. This article limits its scope to defining and discussing software security, software reliability, developer responsibility, and user responsibility

Viruses and other Malicious Code

The SQL WORM - This link involves "The SQL Worm" / a.k.a "Spida". It documents the code that was used to find vulnerable SQL databases that had a sa account with a blank password. The worm then created a guest account on the box and elevated it privileges to the domain admin account then passes files to the %Win32% system directories and hides them using the command interpreter. The article also discusses fixes and tools to find the worm.You're Being Watched: Another interesting link I found discusses the reality of a type of the Rbot worm infecting web cams of unsuspecting users. Then worm then uses the access to spy on the user. This worm works by invoking remote access of the user's computer like its other versions. According to the article, users who worry that they are being watched should turn the web cam off when it is not in use.Top 10 Viruses and Hoaxes: Making its way to number 5 on Sophos top ten virus and hoax lists, phishing scams arrive as a "new" entry. For anyone not aware of phisher scams, this malicious technique has to do with Bogus US Bank email. After encountering an episode that my husband experience a couple of months ago, I can see why this would be up on the list. An example of a phisher scam is an email requesting confidential bank and login information so that these lawbreakers can access your financial records. The trick is that they send emails falsely representing themselves as a company that is demanding confirmation of this information from the user; or else they will cancel the account. Users are advised to forward the email to the company that is falsely being represented, delete it, and NEVER respond to them.
Spyware Wins a Round - Merijn Bellekom, the prolific programmer, spyware crusader and graduate student, has announced the final update of CWShredder, the standard for removing the infamous CoolWebSearch (CWS). CoolWebSearch is the name of a variety of different browser hijackers, all of which redirect users to coolwebsearch.com and other sites affiliated with its operators.information about spyware, adware and electronic privacy issues affecting internet users.Java programming - This series of articles will provide a general understanding of network security as well as the unique aspects of the Java programming language.
"First cell phone worm emerges" - by Celeste Biever
On June 15, 2004 the Russian anti-virus software vendor Kaspersky Labs announce that the first virus that can spread between cell phones has been created. The significant of this virus is that this virus is the first one to have the ability to spread through a cell phone network. This virus was created in a controlled laboratory and there are no know cases yet in the wild.
The virus only affects Symbian operating systems phones that have Bluetooth connection. This virus does not exploit any vulnerability in the operating system. The article states that the virus exploits "how the phone is supposed to work". Even though the operating system uses Bluetooth automatic connections for file transfers, it still requires the owner of the phone to accept the file transfer before the virus can infect the phone. The virus is exploiting the default function of Bluetooth of seeking other Bluetooth devices and security experts have been warning about the combination of Bluetooth and the complexity of cell phone would lead to malicious phone viruses.
Kaspersky Labs states that owners of the phone would accept the file transfer when the virus is masqueraded as security software. The article does state that virus is not live in the wild and has no malicious payload that experts are concern that other virus writers can create more dangerous worms on this basis of this virus.
"AMD develops hardware fix to target major XP security risk" - by James Roger (January 27, 2004)
Microsoft and AMD have teamed up to fight a major Windows XP security risk called buffer overflow. Majority of virus attacks against Windows-PCs involves buffer overflow. Worms and Virus like MSBlaster and Code Read are to major examples of buffer overflow attacks. AMD has implemented a hardware security fix that Microsoft will be using to prevent malicious code from miss using computer memory. Microsoft Windows XP SP2 will use the NX (no execute) bit which will allows the CPU to enforce the separation of application code and data.
"Virus targets 64-bit Windows" - by Robert Lemos of CNET News.com
Symantec announced on August 23, 2004 that virus writers have created and set lose the first program that infects 64-bit files. This virus dubbed W64.Shruggle appears to be an experimental virus and is not actively spreading. Though the article states it ironic that a virus for 64-bit Windows so early which I disagree. Virus writers are not going to wait around for official release of any operating system. They will be active to find any type of vulnerability, exploits, and security holes that can be found in both software and hardware. The article does mention and has a link to "Mosquito software bites smart phones" by Ben Charny of recent viruses that targets new platforms of Symbian and Windows CE operating systems. Virus writers are proving that there is always a viable threat to new operating systems even if they are still in beta form.
Spybot Search and Destroy - This is a very useful utility that aids in cleaning computers of various adware and malware type applications. The program checks against a database of various different programs that are considered adware, malware, spyware, etc. It also provides an option to immunize the computer from various attacks. The program is free to use and updates are posted to the website on a regular basis for the users to download free of charge. The developer of spybot is Patrick Kolla.Antivirus Protection Tips for today's enterprise - The author, Jim Boyce, discusses the differences between a virus and a worm. The virus usually requires another application for it to deliver its payload where the worm can propagate on its own via different services running on a computer or portals that are open. The main idea of the article is to provide information in protection one's network from threats such as worms and viruses. Key points of the article are protecting servers, email systems and local client computers. Two very good ideas are to 1) use multiple scan engines on servers to thwart an attack against one vendor and 2) scan outbound email as well.
Computer VirusesThe Spread of the Sapphire/Slammer Worm - Feb. 2003; preliminary analysis of the Sapphire worm, principally focused on determining the speed and scope of its spread and the mechanisms that were used to achieve this result.How Computer Viruses Work
Virus attacks rising, Symantec says - Francine Brevetti (2003); This atricle states that there were more than 2,500 new software vulnerabilities detected over the past year. More software companies are willing to to acknowledge holes in their software. One expert quoted in the atricle stated that product quality was improving, but that there were so many vulnerabilities being aired today, that hackers and virus writers couldn't exploit them all. Slammer report: More headaches - by Robert Lemos (2003); Bank of America, Continental Airlines, City of Seattle, Washington Mutual, and MICROSOFT were all slammed by the Slammer worm last Tuesday. This is well after the major reports and 'fixes' were in place.The Cost of Malicious Code to Businesses - by Erik Williams (2001); This article describes the different types of malicious code types, and the costs to prevent and repair these types of codes in businesses.
Trojan Horse Attacks - by Joseph Lo (2003); This site explains everything about a Trojan Horse virus. It also gives information about how systems get infected with Trojan Horse viruses, how to avoid getting the virus, and how to get rid of this virus once infected.Alternative protection against malicious code- by Robert Vamosi (2003); This article explains another method that can detect programs against malicious code. Heuristic software is making this possible.Hunting Malicious Code - by Roger A. Grimes (2002); This article gives seven ways to find viruses on your system when the expert tools can't find anything.
Macromedia Shockwave Flash Malformed Header Overflow #2Music files can disguise hack attackAntivirus Glossary
Overview Malicious code Types - This document is in .pdf format. It provides a breakdown and description of some of the most common types of malicious code that affects computing systems. It includes information on viruses, worms, trojan horses, salami attacks, covert channels, buffer overflows, as well as example of each type of code. It concludes by defining various types of control measures.SQL Slammer Worm Spread Worldwide in 10 Minutes - It only took 10 minutes for the SQL Slammer worm to race across the globe and wreak havoc on the Internet two weeks ago, making it the fastest-spreading computer infection ever seen, researchers said on Tuesday. The worm exploited a flaw in Microsoft's SQL server database software. This is a short article regarding the propagation of the Slammer worm.Malicious Code Moves to Mobile Devices - This article talks about malicious code on wireless devices.
Beyond Email: Defending Against Malicious Code in a Healthcare Setting - Dianne Belt, January, 11, 2002; This article talks about patient privacy as computer software is being deployed more in the healthcare setting.Virus Encyclopedia - A detailed site for information on computer viruses. Provides technical information on each virus.CERT® Advisory CA-1999-02 Trojan Horses - This website gives some general information about Trojan horses and descriptions of some of the incidents that have occurred. It also provides advice for system and network administrators, end users, software developers, and distributors. It describes how Trojan horses are installed on computer system and gives several ways Trojan Horses may be avoided.
Practical Patching - by Fred Avolio; March 2003; Six steps to help decide when you must patch...and when it's OK to wait.Virus Alert: Email Worm Redlof.B. Lurking - January 22, 2003 By eSecurityPlanet Staff; A new email worm called Redlof.B., or VBS_Redlof.B. is making the rounds. This new malicious code is a variant of Redlof.A, which tops the list of viruses most frequently detected in Asia. Although it has similar characteristics to its predecessor, Redlof.B uses a different encryption routine and is classified as a polymorphic worm, meaning it occurs in several distinct forms. Redlof.B spreads using e-mail and hides its code inside the background design sent by users with Microsoft Outlook e-mail client. Symantec is reporting the appearance of two backdoor Trojans: The Backdoor.Zdemon and The Backdoor.Talex. The former allows a hacker to remotely control your computer. Backdoor.Zdemon can listen on any port, though, by default, it listens on ports 31,556 and 6,051. Although Symantec is rating Backdoor.Zdemon as a low distribution threat, the damage potential is significant. This article provides link to more details regarding this worm.The Problem with JavaScript - By Joe "Zonker" Brockmeier, NewsFactor Network, December 17, 2002; A non-technical artical discussing the security implications of javaScript. Pretty much light reading, but a good, basic introduction to the subject for lay people seeking a general introduction to the topic of JavaScript security concerns.
"How Computer Worms Work - and Why They Never Die" Author: Jay Lyman, News factor, November 2001; Summary: The author talks about several different computer worms created and how they affect your system. The major problem with worms is they tend to spread like wild fire. Worms tend to stay in circulation on larger enterprise networks and home computers through social engineering. Social engineers spread worms through pictures and emails. A lot of the problems with the spread of worms are computer users do not keep virus protection updated. The author state a problem is that when a worm hits has gained attention is when it has hit big and caused a large mess, but only part of the mess is cleaned. One way to rid the worm is through the advancement of technology. As technology is changed or upgraded the portion of the worm that may lay unnoticed to the system is killed, because it no longer has the old software to hang on too."A ''Good'' Computer Virus? Can Microsoft Not Fix Their Software?," Author: Unknown, August 19, 2003, "Are You a Good or a Bad Worm? ," Author: Michelle Delio, August 19, 2003; Summary: Both articles discuss the worm that was created to patch the worm. "Good worm vs. Bad Worm." The author's discusses how a worm called "Welchia" or "Nachi" was created in order to patch the blaster worm that exploited several computer systems. Some tend to think that using a worm to patch up another worm is bad idea. Blaster affected 570,000 Windows XP and 2000 computers. Welchia downloaded itself only on Korean, English and Chinese computers in an attempt to clean up the mess created by blaster. The only problem with this is that it is still a worm and it spreads to other systems that have the same vulnerability. Welchia is programmed to delete itself in the year 2004. It is currently spreading in Asia (particularly Japan). Despite what professional say about how it is such a bad idea to use a worm to fix a worm, there are some people who are very pleased with this idea. They feel as if there system has been "healed" by the Welchia.STRIPPING DOWN AN AV ENGINE - This guy describes doing anti-virus searches pretty well.
CERT® Coordination Center - Computer Virus Resources - a complete virus resource page. Just about anything you need to know about viruses can be found here.


Back to Information Assurance e-Library Index   Back to Information Assurance e-Library Index


Click here to return to Wayne's World's homepage: return to Wayne's World


written by Wayne Summers summers_wayne@ColumbusState.edu