Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Malicious cryptography, part two
This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part two continues the discussion of armored viruses and then looks at a Bradley worm - a worm that uses cryptography in such a way that it cannot be analyzed. Then it is shown how Skype can be used for malicious purposes, with a crypto-virus that is very difficult to detect.
Malicious cryptography, part one
This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part one introduces the concepts behind cryptovirology and offers examples of malicious potential with the SuckIt rootkit and a possible SSH worm. It then introduces armored viruses that use shape shifting (polymorphism and metamorphism) to avoid detection.
Fighting EPO Viruses
This article studies complex Entry Point Obscuring (EPO) viruses, by looking at the detection and removal of the difficult Win32.CTX.Phage virus.
The True Computer Parasite
This article examines the evolution of malware, highlighting developments in replication techniques as well as significant changes in the nature of payload activities -- which now often generate profit for the malware creators.
Detecting Complex Viruses
The purpose of this paper is to examine the difficulties of detecting complex viruses, including polymorphic, metamorphic and entry-point obscuring viruses. Whether or not an anti-virus (AV) technology can detect these viruses can be a useful metric to consider when evaluating AV products.
Lessons Learned from Virus Infections
This article discusses how a virus outbreak will produce a few unique opportunities to examine the health of an organization's network -- and learn ways to further harden the network from future automated attacks.
Detecting Worms and Abnormal Activities with NetFlow, Part 2
This paper discusses the use of NetFlow, a traffic profile monitoring technology available on many routers, for use in the early detection of worms, spammers, and other abnormal network activity in large enterprise networks and service providers. Part 2 of 2.
Detecting Worms and Abnormal Activities with NetFlow, Part 1
This paper discusses the use of NetFlow, a traffic profile monitoring technology available on many routers, for use in the early detection of worms, spammers, and other abnormal network activity in large enterprise networks and service providers.
Malware Analysis for Administrators
The purpose of this article is to help administrators and power users use behavioral analysis to determine if a binary is harmful malware, by analyzing it in a lab environment without the use of anti-virus software, debuggers, or code disassembly.
Antivirus Concerns in XP and .NET Environments
This article will discuss new antivirus concerns within Microsoft's .NET framework and Windows XP applications.