TABLE OF CONTENTS [TOC]
ABSTRACT ___________________________________________ 05
1. Introduction _________________________________________ 06
1.1 Malware Overview . . . . . . . . . . . . . . . . . . 06
1.2 Importance of This Paper . . . . . . . . . . . . . . 10
2. SANS Six Step Incident Handling Process ________________ 11
3. Viruses __________________________________________ 13
3.1 Introduction . . . . . . . . . . . . . . . . . . . . 13
3.2 Subtypes and Working . . . . . . . . . . . . . . . . 14
3.2.1 Memory Based Classification 15
3.2.2 Target Based Classification 17
3.2.3 Obfuscation Technique Based Classification 27
3.2.4 Payload Based Classification 32
3.2.5 The Congregation 34
3.3 Incident Handling Process. . . . . . . . . . . . . . 36
3.3.1 Preparation 36
3.3.2 Identification 51
3.3.3 Containment 56
3.3.4 Eradication 58
3.3.5 Recovery 61
3.3.6 Lessons Learned 62
4. Conclusion __________________________________________ 64
5. References __________________________________________ 65
A. Appendix A – Boot Process ______________________________ 69
B. Appendix B – malinfo.bat _______________________________ 71
C. Appendix C – malinfo.bat Output ________________________ 72
The full paper is available at
http://www.sans.org/reading_room/whitepapers/incident/malware-101-viruses_32848
http://giac.org/certified_professionals/practicals/GSEC/10226.php
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment