Abstract
Absolute security is almost impossible. On a daily basis the security of many systems is compromised. Attackers utilize different techniques to threaten systems’ security. Among different threats to systems’ security, malware poses the highest risk as well as the highest negative impact. Malware can cause financial losses as well as other hidden cost. For example, if a company system has been compromised, the company could suffer negatively on the reputation and trust level from a publicized malware incident. This chapter provides a detailed description about different malware categories and how to protect against each type.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdelazim, H. Y., & Wahba, K. (2002). System dynamic model for computer virus prevalance. Paper presented at the 20th international conference of the system dynamics society, Palermo, Italy, July, available at: www.systemdynamics.org/conferences/2002/proceed/papers/Abdelaz1.pdf. Accessed 19 June 2013.
Alenezi, M., & Javed, Y. (2016). Open source web application security: A static analysis approach. Paper presented at the engineering & MIS (ICEMIS), International Conference on.
Berberick, D. A. (2016). Analysis of the North Atlantic Treaty Organization’s (NATO) reaction to cyber threat. Utica College\ProQuest Dissertations Publishing.
Brewer, R. (2016). Ransomware attacks: Detection, prevention and cure. Network Security, 2016(9), 5–9.
Buehrer, G., Weide, B. W., & Sivilotti, P. A. (2005). Using parse tree validation to prevent SQL injection attacks. Paper presented at the proceedings of the 5th international workshop on software engineering and middleware.
Chien, E. (2005). Techniques of adware and spyware. Paper presented at the the proceedings of the fifteenth virus bulletin conference, Dublin Ireland.
Dufel, M., Subramanium, V., & Chowdhury, M. (2014). Delivery of authentication information to a RESTful service using token validation scheme: Google Patents.
Dunham, K., & Melnick, J. (2008). Malicious bots: An inside look into the cyber-criminal underground of the internet. Boca Raton: CrC Press.
Emigh, A. (2006). The crimeware landscape: Malware, phishing, identity theft and beyond. Journal of Digital Forensic Practice, 1(3), 245–260.
Farchi, E., Raz-Pelleg, O., & Ronen, A. (2012). Software bug predicting: Google Patents.
FOSsi, M., Turner, D., Johnson, E., Mack, T., Adams, T., Blackbird, J., Low, M., McKinney, D., Dacier, M., Keromytis, A., Leita, C. (2009). Symantec report on rogue security software. Whitepaper, Symantec, October.
Gandhi, V. K., & Thanjavur, T. N. S. I. (2012). An overview study on cyber crimes in internet. Journal of Information Engineering and Applications, 2(1), 1–5.
Goertzel, K. M. (2009). Tools Report on Anti-Malware. Retrieved from https://www.csiac.org/wp-content/uploads/2016/02/malware.pdf
Gordon, S. (2005). Fighting spyware and adware in the enterprise. Information Systems Security, 14(3), 14–17.
Gralla, P. (2005). PC Pest Control: Protect your computers from malicious internet invaders. Sebastopol, CA: “ O’Reilly Media, Inc.”.
Grégio, A. R. A., Jino, M., & de Geus, P. L. (2012). Malware Behavior. PhD thesis, University of Campinas (UNICAMP), Campinas
Hasan, M. I., & Prajapati, N. B. (2009). An attack vector for deception through persuasion used by hackers and crakers. Paper presented at the Networks and Communications, 2009. NETCOM'09. First International Conference on.
Hong, J. (2012). The state of phishing attacks. Communications of the ACM, 55(1), 74–81.
https://www.smartz.com/blog/2011/02/01/hardware-based-keyloggers-making-identity-theft-easier/
https://blogs.otago.ac.nz/infosec/examples-of-phishing-emails/
Kapoor, A., & Sallam, A. (2007). Rootkits part 2: A technical primer. Retrieved from https://www.infopoint-security.de/open_downloads/alt/McAfee_wp_rootkits_part2_engl.pdf
Karlof, C., Shankar, U., Tygar, J. D., & Wagner, D. (2007). Dynamic pharming attacks and locked same-origin policies for web browsers. Paper presented at the proceedings of the 14th ACM conference on computer and communications security.
Kelly, A. (2010). Cracking passwords using keyboard acoustics and language modeling. Edinburgh: University of Edinburgh.
Laranjeiro, N., Vieira, M., & Madeira, H. (2009). Protecting database centric web services against SQL/XPath injection attacks. Paper presented at the database and expert systems applications.
Lemonnier, J. (2015). What Is Adware & How Do I Get Rid of It? Retrieved from http://www.avg.com/en/signal/what-is-adware
Levow, Z., & Drako, D. (2005). Divided encryption connections to provide network traffic security: Google Patents.
Li, P., Salour, M., & Su, X. (2008). A survey of internet worm detection and containment. IEEE Communication Surveys and Tutorials, 10(1). https://www.google.com/patents/US9158922
Liu, J. (2015). Method, system, and computer-readable medium for automatically mitigating vulnerabilities in source code: Google Patents.
Mali, Y., & Chapte, V. (2014). Grid based authentication system. International Journal, 2(10). http://www.ijarcsms.com/docs/paper/volume2/issue10/V2I10-0048.pdf
Medley, D. P. (2007). Virtualization technology applied to rootkit defense. Retrieved from http://dtic.mil/dtic/tr/fulltext/u2/a469494.pdf
Morales, J. A., Clarke, P. J., Deng, Y., & Golam Kibria, B. (2006). Testing and evaluating virus detectors for handheld devices. Journal in Computer Virology, 2(2), 135–147.
Moya, M. A. C. (2008). Analysis and evaluation of the snort and bro network intrusion detection systems. Intrusion Detection System\Universidad Pontificia Comillas. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.462.969&rep=rep1&type=pdf
Muscat, I. ( 2017). What are injection attacks? Retrieved from https://www.acunetix.com/blog/articles/injection-attacks/
Muttik, I. (2014). Preventing attacks on devices with multiple CPUs: Google patents.
Myers, M., & Youndt, S. (2007). An introduction to hardware-assisted virtual machine (hvm) rootkits. Mega Security.
Nirmal, K., Ewards, S. V., & Geetha, K. (2010). Maximizing online security by providing a 3 factor authentication system to counter-attack'Phishing'. Paper presented at the Emerging Trends in Robotics and Communication Technologies (INTERACT), 2010 International Conference on.
Osorio, F. C. C., & Klopman, Z. (2006). And you though you were safe after SLAMMER, not so, swarms not zombies present the greatest risk to our national internet infrastructure. Paper presented at the Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International.
Patel, N., Mohammed, F., & Soni, S. (2011). SQL injection attacks: Techniques and protection mechanisms. International Journal on Computer Science and Engineering, 3(1), 199–203.
Pathak, N., Pawar, A., & Patil, B. (2015). A survey on keylogger: A malicious attack. International Jourcal of Advanced Research in Computer Engineering and Technology. http://ijarcet.org/wp-content/uploads/IJARCET-VOL-4-ISSUE-4-1465-1469.pdf
Pérez, P. M., Filipiak, J., & Sierra, J. M. (2011). LAPSE+ static analysis security software: Vulnerabilities detection in java EE applications. Future Information Technology, 184, 148–156.
Rotich, E. K., Metto, S., Siele, L., & Muketha, G. M. (2014). A survey on cybercrime perpetration and prevention: A review and model for cybercrime prevention. European Journal of Science and Engineering, 2(1), 13–28.
Savage, K., Coogan, P., & Lau, H. (2015). The evolution of Ransomware. Mountain View: Symantec.
Schmidt, M. B., Johnston, A. C., Arnett, K. P., Chen, J. Q., & Li, S. (2008). A cross-cultural comparison of US and Chinese computer security awareness. Journal of Global Information Management, 16(2), 91.
Shi, P. P. (2010). Methods and techniques to protect against shoulder surfing and phishing attacks. Concordia University\Master thesis, Ottawa. http://dmas.lab.mcgill.ca/fung/supervision.htm
Somani, G., Agarwal, A., & Ladha, S. (2012). Overhead analysis of security primitives in cloud. Paper presented at the cloud and services computing (ISCOS), 2012 international symposium on.
Sood, A. K., & Enbody, R. (2011). Chain exploitation—Social networks malware. ISACA Journal, 1, 31.
Stone-GrOSs, B., Abman, R., Kemmerer, R. A., Kruegel, C., Steigerwald, D. G., & Vigna, G. (2013). The underground economy of fake antivirus software. In Economics of information security and privacy III (pp. 55–78). NewYork: Springer.
Subramanya, S. R., & Lakshminarasimhan, N. (2001). Computer viruses. IEEE Potentials, 20(4), 16–19.
Van Acker, S., Nikiforakis, N., Desmet, L., Joosen, W., & Piessens, F. (2012). FlashOver: Automated discovery of cross-site scripting vulnerabilities in rich internet applications. Paper presented at the proceedings of the 7th ACM symposium on information, computer and communications security.
Vuagnoux, M., & Pasini, S. (2009). Compromising electromagnetic emanations of wired and wireless keyboards. Paper presented at the USENIX security symposium.
Wang, S., & Ghosh, A. (2010). Hypercheck: A hardware-assisted integrity monitor. Paper presented at the Recent Advances in Intrusion Detection.
Wang, Y. M., Roussev, R., Verbowski, C., Johnson, A., Wu, M. W., Huang, Y., & Kuo, S. Y. (2004). Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for spyware management. Paper presented at the LISA.
Wang, J., Xue, Y., Liu, Y., & Tan, T. H. (2015). JSDC: A hybrid approach for JavaScript malware detection and classification. Paper presented at the proceedings of the 10th ACM symposium on information, computer and communications security.
Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003). A taxonomy of computer worms. Paper presented at the proceedings of the 2003 ACM workshop on rapid malcode.
Wilkins, R., & Richardson, B. (2013). UEFI secure boot in modern computer security solutions. Paper presented at the UEFI Forum.
William, S. (2008). Computer security: Principles and practice. New Jersey: Pearson Education India.
Yee, C. G., Shin, W. H., & Rao, G. (2007). An adaptive intrusion detection and prevention (ID/IP) framework for web services. Paper presented at the convergence information technology, 2007. International conference on.
Zadig, S. M., & Tejay, G. (2011). Emerging cybercrime trends: Legal, ethical, and practical issues. In Investigating Cyber Law and Cyber Ethics: Issues, Impacts and Practices (p. 37). IGI global.
Zhang, F., Wang, H., Leach, K., & Stavrou, A. (2014). A framework to secure peripherals at runtime. Paper presented at the ESORICS (1).
Zuo, Z., & Zhou, M. (2004). Some further theoretical results about computer viruses. The Computer Journal, 47(6), 627–633.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Alsmadi, I., Burdwell, R., Aleroud, A., Wahbeh, A., Al-Qudah, M., Al-Omari, A. (2018). The Ontology of Malwares. In: Practical Information Security. Springer, Cham. https://doi.org/10.1007/978-3-319-72119-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-72119-4_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72118-7
Online ISBN: 978-3-319-72119-4
eBook Packages: EngineeringEngineering (R0)