Publisher: McGraw-Hill Professional
During the RSA Conference Europe 2002, book publishers McGraw-Hill were exhibiting their line of Information Technology books. While most of the people were taking a look at the popular "Hacking Exposed" publications, a 600 pager "Viruses Revealed" caught my attention. As I was always interested in viruses and security issues surrounding them, I thought this book would be a good read. A couple of weeks ago I managed to get a copy, so here are my observations.
Inside the book
Ever since my first virus infection, for which I can thank the Marburg virus, viruses and their methods of infection have been my interest. Floppy disks from the friend of a friend were considered evil, as most of the viruses back then propagated via the infected files which were transferred over floppy disks. Nowadays things evolved - virus writers are using various different propagation methods and payloads. In the quest for a new infection playground, most of them are actively exploring platforms and operating systems. After the Cult of the Dead Cow (CDC) released the infamous Back Orifice trojan/remote administration tool (RAT), the Internet users were swamped with loads of new trojans, each offering the total remote control over the trojanized host.
On an another battle front, viruses are more and more limping behind, because a quantity of new Internet worms is emerging. When I think about worms through a viral point of view, two main security issues come to my mind - Melissa and Code Red. When taking a look from the historical perspective, I would also mention the Internet worms milestone - the Morris Worm. Both Melissa and Code Red presented new and smart ways of viral propagation, which in the combination with the payload and the rate of infection, gave them the instant media darlings status. The media coverage helped in informing the people and stopping the infections, but on the other field helped glorify these worms and opened a way for the new worm threats.
The first part of the book introduces the readers with the history behind computer viruses. In the beginning of this very interesting overview, we are returned about 50 years back in time, when computers were a bit different. As the authors note, some people insisted that the first viral programs were written in the mid 1950s. Because of the little similarities between the computers from that period and the computers we are using now, these claims had to be taken with a "very large grain of salt". Some of the operations, such as the opcodes that simply copied itselves to the next available memory location, can be considered as the grandparents of the today's viruses.
After mentioning some of the "golden oldies", authors provide some information on the early days of viruses, as we know them today. The timeline goes from the early Apple II viruses, CHRISTMA EXEC worm (which later received a homage in the way of "Christmas Tree" DOS virus) and the legendary Morris worm to the AIDS trojan, various virus creating kits (I remember one of them was capable of creating the Christmas Tree type viruses with custom text), the infamous Michelangelo virus and the modern macro viruses and VBS worms.
What follows next is a chapter packed with information on malware, which hosts all the related definitions you'll ever need while referencing the viral pests. A nice addition to the trojan section is a mini rant on Easter eggs - functions buried deep into the core of some programs. As an example, authors take the popular Microsoft Word 97 hidden flight simulator. The last two chapters from the first part of the book, deal with virus activities and mechanisms. Well categorized, these two chapters provide a great inside into miscellaneous perspectives related to computer virus internals.
The whole second part, titled "System Solutions" is a guide for understanding the adequate steps for virus prevention, malware management and product evaluation and testing. In these days when people are greatly influenced by marketing, it became tough to chose a top notch quality product from the pool of similar solutions. Because of this the ninth chapter provides a good read in the way of a sharp and vendor neutral overview related to anti-virus solutions evaluation. As all of the book authors are experts in the field of computer viruses, throughout this evaluation guide they note every detail that should be considered while buying an anti-virus product. Within this section there is a part dealing with the EICAR test file, which provided me all the answers regarding this anti-virus testing procedure.
Case studies are always a nice thing to find in the books. "Viruses Revealed" offers three "waves" of case studies: first wave hosts the early viruses and hoaxes, the second one features Macro Concept, Good Times alert and auto-macros and the third one features Melissa, Happy99 SKA worm, Visual Basic Scripting worms and some Linux worms. Social aspects related to computer viruses are the topic of the book's last part. Here the authors discuss the virus origins, social engineering techniques, false issues (hoaxes, chain letters, urban legends) and ethics. Completing the coverage on computer viruses, there is a useful chapter on the legal aspects of malware propagation and the corresponding criminal proceeding.
The book should please a number of different types of users, but I strongly suggest it to security administrators that have anti-virus protection in their job description. Decision makers will also find their interest in the book, especially the product evaluation information. If you are creating security policies for your organization, information provided within this publication should give you the inspiration for the viruses protection policy.
This is one of the rare books covering the world of computer viruses and related malware in so much detail. It is well structured, well organized and provides a thorough overview of computer viruses and their modern reincarnations.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.