| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
AntiVirus Software
|
|
Spam
|
|
Worms
|
|
VBA Emulation - A Viable Method of Macro Virus Detection? Part Two This is the second of two articles discussing emulation as a viable method of virus detection. In the first article we briefly examined how emulation worked and began a discussion of some of the problems of emulation, particularly with macro source and macro execution. In this article, we will discuss code execution flow, underlying operating system problems, and incompatibility issues with incompatibility in different versions of Office, as well as VBA emulator environment.
03/23/2004
|
|
VBA Emulation - A Viable Method of Macro Virus Detection? Part One According to the data collected by the International Computer Security Association (ICSA) Loveletter was the fastest spreading virus ever. In the early era of computing a successful virus, like Form, could become the world's most prevalent virus in about 3 years from its first appearance. Five years later, in 1995 Concept needed 4 months to become No.1. WM97.Melissa reached the top of the virus list in 4 days. All this is nothing compared to Loveletter which has become the most widespread virus only after 4 hours of its first encounter, infecting already over a million PCs by then.
03/23/2004
|
|
The Negatives of (False) Positives It is a classic truth in computer science that "the rarer a warning is, the more likely it is to be noticed." Particularly in a GUI-based operating system, the more common a warning is, the more likely the user is to want to swat it away like a mosquito on the monitor screen. So the crucial question for security systems administrators is this: Are you hanging up on your virus checking or firewall software?
03/23/2004
|
|
Dealing with Viruses - Taking another look at the approaches used First was LoveLetter, then came NewLove, and then it was Stages. In the space of six weeks, three viruses and a few of their variants caused many organizations to stop, look and listen to the virus problem as serious amounts of money were spent to deal with these latest virus threats. For some organizations, it was also a time to question their Anti-Virus suppliers as to the efficacy of the product being supplied. Given that the Anti-Virus approaches used did not in many cases prevent the damage from being done, it makes sense to review what technology is being used and what we can expect to see from Anti-Virus companies in the future.
03/23/2004
|
|
Can Viruses Be Detected? Like the fabled sorcerer's apprentice, a virus had been eating away bit by bit at Tumpic's system, corrupting his data behind his back. It took weeks before it cleared its throat and roared to get his attention. And by the time he noticed that anything was wrong, his operating system, programs and data were corrupted beyond recognition.
03/23/2004
|
|
Are You Infected? Detecting Malware Infection Discussing all causes of system malfunction is not easy due to the diversity of systems in terms of hardware, software, firmware, and other configurations. The end of a discussion about one system usually opens discussions about other systems. It is then reasonable that we discuss here how a malware causes systems to malfunction. Once in a while, malware tends to introduce technological innovations but the approaches and concepts remain the same.
03/23/2004
|
|
The Viral Mind: Understanding the Motives of Malicious Coders Over the years I have seen many people offer opinions on why virus writers do what they do. While I accept that many of these people have indeed spoken to a small number of malware authors, it has become all too apparent that much of their text has been based on opinion and not fact. In this article, I will draw upon my own experiences as a virus writer and as a member of the virus (and anti-virus) community to explore some of the reasons that people would devote their time to developing viruses.
03/23/2004
|
|
Protecting Your Organization From Electronic Message Viruses The most important thing to remember about virus protection is that no system is infallible. No matter how good your anti-virus (AV) software is, and how stringent your security processes are, there is still the chance that a completely new virus will enter your organization and disrupt operations. Of course, completely isolating your systems from the Internet and removing them from external e-mail will greatly minimize your exposure; however, in today's digital economy that is no longer a practical option.
03/23/2004
|
|
Polymorphic Macro Viruses, Part Two This article is the second of a two-part series that will offer a brief overview of polymorphic strategies in macro viruses. The first installment of this series looked at some early examples of polymorphism, along with some of the early polymorphic techniques. This installment will look at the first serious polymorphic macro viruses, as well as the evolution of viruses into true polymorphic and, ultimately, metamorphic viruses.
03/23/2004
|
|
Polymorphic Macro Viruses, Part One Polymorphic viruses change their code in fundamental ways with each replication in order to avoid detection by anti-virus scanners. This may mean changing the encryption routine, the sequence of instructions, or other such changes in the behaviour of the virus. This article is the first of a two-part series that will offer a brief overview of the use of polymorphic strategies in macro viruses. This installment will focus on some early examples of polymorphic techniques.
03/23/2004
|
|
Page: 1234567 8 910 |
