AVIEN Malware Defense Guide for the Enterprise

Front Cover
Elsevier, Apr 18, 2011 - Computers - 656 pages
0 Reviews
Members of AVIEN (the Anti-Virus Information Exchange Network) have been setting agendas in malware management for several years: they led the way on generic filtering at the gateway, and in the sharing of information about new threats at a speed that even anti-virus companies were hard-pressed to match. AVIEN members represent the best-protected large organizations in the world, and millions of users. When they talk, security vendors listen: so should you.

AVIEN’s sister organization AVIEWS is an invaluable meeting ground between the security vendors and researchers who know most about malicious code and anti-malware technology, and the top security administrators of AVIEN who use those technologies in real life. This new book uniquely combines the knowledge of these two groups of experts. Anyone who is responsible for the security of business information systems should be aware of this major addition to security literature.

* “Customer Power” takes up the theme of the sometimes stormy relationship between the antivirus industry and its customers, and tries to dispel some common myths. It then considers the roles of the independent researcher, the vendor-employed specialist, and the corporate security specialist.
* “Stalkers on Your Desktop” considers the thorny issue of malware nomenclature and then takes a brief historical look at how we got here, before expanding on some of the malware-related problems we face today.
* “A Tangled Web” discusses threats and countermeasures in the context of the World Wide Web.
* “Big Bad Bots” tackles bots and botnets, arguably Public Cyber-Enemy Number One.
* “Crème de la CyberCrime” takes readers into the underworld of old-school virus writing, criminal business models, and predicting future malware hotspots.
* “Defense in Depth” takes a broad look at DiD in the enterprise, and looks at some specific tools and technologies.
* “Perilous Outsorcery” offers sound advice on how to avoid the perils and pitfalls of outsourcing, incorporating a few horrible examples of how not to do it.
* “Education in Education” offers some insights into user education from an educationalist’s perspective, and looks at various aspects of security in schools and other educational establishments.
* “DIY Malware Analysis” is a hands-on, hands-dirty approach to security management, considering malware analysis and forensics techniques and tools.
* “Antivirus Evaluation & Testing” continues the D-I-Y theme, discussing at length some of the thorny issues around the evaluation and testing of antimalware software.
* “AVIEN & AVIEWS: the Future” looks at future developments in AVIEN and AVIEWS.

* Unique, knowledgeable, unbiased and hype-free commentary.
* Written by members of the anti-malware community; most malware books are written by outsiders.
* Combines the expertise of truly knowledgeable systems administrators and managers, with that of the researchers who are most experienced in the analysis of malicious code, and the development and maintenance of defensive programs.
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

Customer Power and AV Wannabes
1
Stalkers on Your Desktop
51
A Tangled Web
85
Big Bad Botnets
123
Cregraveme de la Cybercrime
181
Defenseindepth
225
Perilous Outsorcery
257
Education in Education
307
DIY Malware Analysis
349
Antimalware Evaluation and Testing
441
AVIEN and AVIEWS the Future
499
Resources
503
Glossary
517
Index
527
Copyright

Other editions - View all

Common terms and phrases

About the author (2011)

David Harley has been researching and writing about malicious software and other security issues since the end of the 1980s. From 2001 to 2006 he worked in the UK's National Health Service as a National Infrastructure Security Manager, where he specialized in the management of malicious software and all forms of email abuse, as well as running the Threat Assessment Centre, and has worked since as an independent author and consultant for Small Blue-Green World. He joined ESET's Research team in January 2008. He was co-author of Viruses Revealed (McGraw-Hill) and lead author and technical editor of The AVIEN Malware Defense Guide for the Enterprise (Syngress), as well as a contributor to Botnets: the Killer Web App (Syngress). He has contributed chapters to many other books on security and education for publishers such as Wiley, Pearson and Vieweg, as well as a multitude of specialist articles and conference papers. In his copious free time he is Chief Operations Officer for AVIEN (the Anti-Virus Information Exchange Network) and administers the MAC Virus web site.

Robert S. Vibert is the administrator and CDO of the Anti-Virus Information Exchange Network (AVIEN), the growing network of Security Professionals working in organizations with 1500 or more PCs who discuss Anti-Virus topics and keep each other informed about upcoming malware threats. He also acts as senior advisor to the administrator of AVIEWS (Anti-Virus Information & Early Warning System), AVIEN’s sister organization, which brings together security specialists and researchers at both vendor and customer organizations. Robert has worked for more than 25 years as a consultant, mentoring and helping companies and individuals get the most out of their resources. Author of five books and more than 200 articles on management, computer security and operations, Robert has also worked as a senior consultant for a major international consulting firm, is regularly interviewed by the media for his expert insights on computer security, and serves as an adviser to Canadian government departments. Currently, he acts as a mentor to several entrepreneurs and is developing the Missing Link series of books, workbooks, CDs and DVDs to provide practical information and processes to get the success you want in life in the areas of finance, relationships, emotional health, career and personal development.

Ken Bechtel has been involved in corporate malware defense since 1988. His work history includes working in the Virus Lab at NCSA (later ICSA), performing virus analysis and Antivirus Product Certifications, as well as user education. He has worked and consulted for all levels of business, from small businesses to Fortune 500 companies. He is the author of several papers published by SecurityFocus, Virus Bulletin, and several other trade magazines. He has appeared 26 times on local and national news for interviews concerning various malicious code threats. Ken is a Founding Member and Adjunct Administrator of the Anti-Virus Information Exchange Network (AVIEN), member of Association Anti-Virus Asian Researchers (AAVAR), WildList Reporter since 1998, Founder of Team Anti-Virus, and member of several unofficial associations. Several of his papers and articles have been printed in Security Focus, Virus Bulletin, and several other trade magazines. His biggest literary contribution so far has been the "Handbook of Corporate Malware Protection."

Michael P. Blanchard, CISSP, GCIH (gold), CCSA-NGX and MCSE, has been an IT professional for over 16 years, and is currently a member of AVIEN. His current major duties include Malware analysis / protection and assessment, vulnerability analysis and assessment, and other daily activities. Apart from some in-house training documents, Mike is also the author of the definitive whitepaper on the FunLove virus that he wrote to achieve his SANS GCIH gold certification (#350) in 2002, at www.giac.org/certified_professionals/practicals/GCIH/0350.php. Mike takes pride in his current professional role serving in the CIO’s Office of Information Security and Risk Management as the Senior Antivirus Security Engineer overseeing the malware protection on a global scale at EMC2 Corporation in Westborough, MA, a role that he’s had since 1999.

Henk K. Diemer (CISSP, MSC in Bio Physics) lives in Utrecht, in the Netherlands, with his wife Ieneke and three school age children. He brought to this book his experience as an independent AV management specialist with over 28 years - mostly - international ICT management experience in both the private and public sectors. Using computers and programming for his research since 1972, he has dedicated himself since 1996 to limiting the losses related to malicious code. Henk currently works for a large global Fortune 500 IT services company, as a senior IT security advisory specialist. Before that, he worked for a large Dutch multinational bank for 20 years, until IT there was largely outsourced in 2005.

Henk initiated, among other things, a workgroup for Dutch AV experts under the authority of the FI -ISAC NL and Dutch Banker Association, for sharing lessons learned and to help manage high profile malware incidents in banking. Today, his focus is primarily on improving local, regional and global services in the context of outsourced IT AV services, and to assist security management functions in creating and maintaining optimal conditions for success in outsourcing AV services.

Andrew Lee CISSP is Chief Research Officer of ESET LLC. He was a founding member of the Anti-Virus Information Exchange Network (AVIEN) and its sister group AVIEWS (AVIEN Information & Early Warning System), is a member of AVAR and a reporter for the WildList organisation. He was previously at the sharp end of malware defense as a systems administrator in a large government organisation.

Andrew is author of numerous articles on malware issues, and is a frequent speaker at conferences and events including ISC2 Seminars, AVAR, Virus Bulletin and EICAR.

Igor Muttik PhD is a senior architect with McAfee AvertTM. He started researching computer malware in 1980s when anti-virus industry was in its infancy. He is based in the UK and worked as a virus researcher for Dr. Solomon’s Software where he later headed the anti-virus research team. Since 1998 he has run Avert Research in EMEA and switched to his architectural role in 2002. Igor is a key contributor to the core security technology at McAfee. He takes particular interest in new emerging malware techniques, and in the design of security software and hardware appliances. Igor holds a PhD degree in physics and mathematics from Moscow University. He is a regular speaker at major international security conferences and a member of the Computer Antivirus Research Organization.

Bojan Zdrnja GCIA, CISSP, RHCE is Security Implementation Specialist at the University of Auckland, New Zealand. He previously worked as a security consultant and security team leader at the Faculty of Electrical Engineering and Computing, University of Zagreb, as part of a commercial team working on external projects. He was also a member of several Incident Response Teams for the Croatian CERT. He is a handler for the Internet Storm Center (ISC) and is also on the SANS Advisory Board and one of the GIAC Gold Advisors. Specialized areas of interest include analyzing malware, forensic analysis, incident handling. His publications include a security column for a Croatian computer magazine, the book What Are Computer Viruses? (Syspring), and diaries for the Internet Storm Center.

Bibliographic information