hakin9_2010_08_33.pdf

(7063 KB) Pobierz
349521428 UNPDF
349521428.009.png
349521428.010.png
349521428.011.png
PRACTICAL PROTECTION IT SECURITY MAGAZINE
8/2010 (33)
team
Dear Readers,
We decided to devote this issue to malware. As you all know
malicious software is one of the biggest concern and is definitely
on the top of the security issues list nowadays.
Malware easily infects your computers – it doesn’t matter if
you are visiting a website, use devices like USB, download files,
open an attachment of an email etc. We are exposed to this type
of danger all the time. The most serious threat is that malware is
very often a Trojan and our personal information can be stolen
easily. That is why it is very important to stay up to date with recent
knowledge about them, so that you know how to protect your
computers.
This issue is a perfect fit for those of you, who would like to
be more familiar with malicious software. In the attack section
you will find the second part of the Web Malware article from a
previous issue by Rajdeep Chakraborty. Another must-read is
a paper by Israel Torres- Armoring Malware: Hiding Data within
Data. The third article also discussing malware is written by our
ID fraud expert, Julian Evans and it is titled: Mobile Malware – the
new cyber threat. Another paper discussing malware problem in
details is written by our regular contributor Gary S. Miliefsky and
is titled: Is Antivirus Dead? The answer is YES. Here’s why…
I am sure that after reading the information in this magazine,
your knowledge about malicious software will be much deeper
and you will be more careful and malware-aware!
Enjoy!
Karolina Lesińska
Editor in Chief: Karolina Lesińska
karolina.lesinska@hakin9.org
Editorial Advisory Board: Matt Jonkman, Rebecca Wynn,
Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt
DTP: Ireneusz Pogroszewski
Art Director: Ireneusz Pogroszewski
Proofreaders: Henry Henderson aka L4mer, Michael Munt,
Jonathan Edwards, Barry McClain
Top Betatesters: Rebecca Wynn, Bob Folden, Carlos Ayala, Steve
Hodge, Nick Baronian, Matthew Sabin, Laszlo Acs, Jac van den
Goor, Matthew Dumas, Andy Alvarado
Special Thanks to the Beta testers and Proofreaders who
helped us with this issue. Without their assistance there would
not be a Hakin9 magazine.
Senior Consultant/Publisher: Paweł Marciniak
CEO: Ewa Łozowicka
Production Director: Andrzej Kuca
andrzej.kuca@hakin9.org
Marketing Director: Karolina Lesińska
karolina.lesinska@hakin9.org
Subscription: Iwona Brzezik
Publisher: Software Press Sp. z o.o. SK
02-682 Warszawa, ul. Bokserska 1
Phone: 1 917 338 3631
www.hakin9.org/en
REGULARS
6 In Brief
Latest news from the IT security world
Armando Romeo, eLearnSecurity
ID Theft Protect
Whilst every effort has been made to ensure the high quality of
the magazine, the editors make no warranty, express or implied,
concerning the results of content usage.
All trade marks presented in the magazine were used only for
informative purposes.
45 Tools
ProCurve MultiService Mobility Solution course.
by Class on Demand
Michael Munt
All rights to trade marks presented in the magazine are
reserved by the companies which own them.
To create graphs and diagrams we used program
by
The editors use automatic DTP system
Mathematical formulas created by Design Science MathType™
46 ID fraud expert says...
Mobile Malware – the new cyber threat
Julian Evans
BASICS
DISCLAIMER!
The techniques described in our articles may only
be used in private, local networks. The editors
hold no responsibility for misuse of the presented
techniques or consequent data loss.
8 Botnet: The Six Laws And Immerging
Command & Control Vectors
Richard C. Batka
industry is not prepared. For the next 20 years, BotNets will
be what viruses were for the last 20.
4
08/2010
4
349521428.012.png 349521428.001.png 349521428.002.png 349521428.003.png 349521428.004.png 349521428.005.png 349521428.006.png
 
CONTENTS
ATTACK
12 Hacking Trust Relationships – Part 2
Thomas Wilhelm
trust relationships. This article focuses specifically on Vulnerability
Identification against a target system, in order to identify and exploit
potential trust relationships.
18 Web Malware – Part 2
Rajdeep Chakraborty
various statistics that showed us the increase of Web Malware activity in
recent years and why the focus of Malware authors has changed from
creating havoc in the infrastructure to infecting the endpoints for various
other henious purpose, we have seen it all. Once we are aware of these
facts and figures, in the next section we will look into the technical Details
of Web Malwares (Part 2).
28 Defeating Layer-2 – A ttacks in VoIP
Abhijeet Hatekar
now and one may think that they are absolute. However, we still see
them quite often on the network. The biggest advantage is easy access
to sensitive information like passwords, credit card details, phone
conversations etc.
32 Armoring Malware: Hiding Data within Data
Israel Torres
enables with various services; most common are via e-mail and web
surfing. At any one time you can be sitting idly on the ‘net when you
are presented with something that could be malicious either overtly or
covertly. We’ll play through the scenario of where you’ve discovered a
binary on your network and unsure of it’s purpose... and then reveal how
it was done.
DEFENSE
38 Is Anti-virus Dead?
The answer is YES. Here’s why…
Gary Miliefsky
the Internet. These exploiters are intelligent cyber terrorists, criminals and
hackers who have a plethora of tools available in their war chest – ranging
from spyware, rootkits, trojans, viruses, worms, zombies and botnets to
various other blended threats. From old viruses to these new botnets, we
can categorize them all as malware.
www.hakin9.org/en
55
349521428.007.png 349521428.008.png
 

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin