Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: email@example.com
Polymorphic Macro Viruses, Part One
Polymorphic viruses change their code in fundamental ways, such as changing the encryption routine or the sequence of instructions, in order to avoid detection by anti-virus scanners. This article is the first of a two-part series that will offer a brief overview of the use of polymorphic strategies in macro viruses.
Malware Infection Vectors: Past, Present, and Future
The vectors that malicious software use to invade systems are constantly evolving: adapting to new technologies, changing to avoid defense mechanisms and adding on to attack new weaknesses. This article will look at what infection vectors have been historically effective, how they've changed over time and what they probably will do in the future.
Life After AV: If Anti-Virus is Obsolete, What Comes Next?
In a previous article, SecurityFocus writer Paul Schmehl discussed the reasons why that anti-virus scanning as we now know it is obsolete and must be replaced. In this article, he will address what he believes will be its replacement - behavioral blocking - including what is currently available, and how behavioral blocking needs to function for it to successfully defeat malicious code.
A Virus by Any Other Name: Virus Naming Practices
How are viruses named? Why is it that some viruses have numerous different names? This article will offer a brief overview of naming conventions that are used to develop names for viruses and other malware.
The Viral Mind: Understanding the Motives of Malicious Coders
In this article, the writer will draw upon his experiences as a virus writer and as a member of the virus (and anti-virus) community to explore some of the reasons that people would devote their time to developing viruses. The article will also offer a brief historical overview of virus writing.
VBA Emulation: A Viable Method of Macro Virus Detection? Part Two
This is the second of two articles discussing emulation as a viable method of virus detection. In this article, we will discuss code execution flow, underlying operating system problems, and incompatibility issues with incompatibility in different versions of Office, as well as VBA emulator environment.
VBA Emulation: A Viable Method of Macro Virus Detection? Part One
This article is the first in a two-part series that will examine some of the problems that exist with emulation, with the end in mind of determining whether or not it is a realistic anti-virus method.
Past its Prime: Is Anti-Virus Scanning Obsolete?
Anti-virus scanning is based upon the age-old principle of Newton's law: for every action there is an equal and opposite reaction. Each time a new virus, or a new viral approach, is discovered, anti-virus scanners must be updated. This article will examine the weaknesses of virus scanning that will cause its eventual downfall.
Behavior Blocking: The Next Step in Anti-Virus Protection
Traditional anti-virus technologies based on fingerprinting are proving less than effective against the fastest spreading threats. This article will provide a high-level look at behavior blocking technology and explore how this technique may help save corporations from the next generation of fast spreading worms and blended threats.
Building an Anti-Virus Engine
The article will describe the basic ideas, concepts, components and approaches involved in developing an anti-virus program from scratch from a developer’s/software engineer’s point of view. It will focus on the main elements of an anti-virus engine (hereafter referred to as AV engine) and will exclude aspects like graphical user interfaces, real-time monitors, file system drivers and plug-ins for certain application software like Microsoft Exchange or Microsoft Office.