Browse archive

Latest news

Microsoft to pay up to 150k for vulnerabilities

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

How to detect hidden administrator apps on Android

Hacking charge stations for electric cars

Crimeware: Understanding New Attacks and Defenses

by HNS Staff - Monday, 2 June 2008.

Authors: Markus Jakobsson and Zulfikar Ramzan
Pages: 582
Publisher: Addison-Wesley Professional
ISBN: 0321501950

Introduction

Even as the security industry celebrates solid sales thanks to compliance laws, the last few years have not been characterized by a state of growing security. In fact, evolving attacks have fueled a strong underground economy and malware authors now have a solid cash incentive to make sure their malicious code infects as many computers as possible and avoids detection.

Two well-known security researchers and several contributors are the authors behind "Crimeware", a book that promises to deliver information about new attacks and provide advice when it comes to defenses. Read on to find out what it offers.

About the authors

Markus Jakobsson, Ph.D., is the principal scientist at Palo Alto Research Center and an adjunct associate professor at Indiana University. The coauthor of more than one hundred peer-reviewed articles and co-inventor of more than fifty patents, Markus studies the human factor of security and cryptographic protocols with an emphasis on privacy.

Zulfikar Ramzan, Ph.D., is a senior principal researcher with Symantec Security Response. Coauthor of more than fifty technical articles and one other book, Zulfikar is a frequent speaker on his areas of expertise: theoretical and practical aspects of information security and cryptography.

Inside the book

Despite not having the weight of a telephone book, this title contains a significant amount of information. There's enough background to get you into the topic but the most interesting parts are naturally those dedicated to the illustration of current threats and how the work. Gary McGraw writes about coding errors, a group of authors discuss crimeware and peer-to-peer networks and there are also details on crimeware in firmware and small devices.

Although short, the chapter dedicated to virtual worlds and fraud can be considered a look into the future as it provides details on threats that are certainly going to become bigger as more people discover these computer-generated worlds. Both gamers and security professionals would benefit in learning what threats exist in massively multiplayer online games (MMOGs). I suspect that the second edition of this book will have a significantly larger chapter about the topic.

Online advertising fraud is a significant problem and "Crimeware" presents a chapter with compelling data written by several authors and the Google Ad Traffic Quality Team. Also a hot topic - cybercrime and politics - gets its own share with an illustration of domain name abuse, phishing, malicious code, and more.

When it comes to technical defense techniques, you discover details about crimeware-resistant authentication and there's also a case study dedicated to an in-depth defense against spyware.

Final thoughts

"Crimeware" is an eye-opening book that shows you what the bad guys are doing, it teaches you defensive techniques, and even offers a glimpse of what the future might bring.A very informative read that will kickstart your interest to discover more information about the topic.