The Bottom Line
Pros
- Comprehensive coverage of malware's evolution to crimeware
- Explanation of crimeware business model is worth the price of the book
- Thorough and insightful
Cons
- None
Description
- Thorough book illustrating the threats and attacks facing computer users and how to guard against them
- Excellent coverage of the business model of crimeware and the evolution of malware into crimeware
- Well written and comprehensive. A must read book that should be on any security administrator's desk or bookshelf
- Markus Jakobsson, Ph.D., principal scientist at Palo Alto Research Center and adjunct assoc. professor at Indiana University
- Zulfikar Ramzan, Ph.D., is currently a senior principal researcher with Symantec Security Response
- Includes contributions by Gary McGraw, Andrew Tanenbaum, Dave Cole, Oliver Friedrichs, Peter Ferrie, and others
- Published April 2008
- 608 pages
Guide Review - Book Review: Crimeware
There was a time when viruses and worms were written primarily for the purposes of creating chaos and getting 15 minutes of fame in the malware underworld. Script-kiddies could crank out exploits that spread like wildfire and interrupted computer and network productivity, but with little impact or implication beyond the annoyance factor in most cases.That time is gone. It has been gone for a while now. Professional criminals and crime syndicates eventually figured out that these same attacks and exploits, if properly crafted, could represent a windfall of ill-gotten cash. Rather than trying to have the greatest impact and notoriety, today's attacks seek to find a balance between compromising as many machines as possible while also staying under the radar and remaining undetected by users or security software.
The authors of Crimeware: Understanding New Attacks and Defenses have put together a comprehensive and thorough guide to current malware- which they call crimeware- and how to defend against it. Rather than go on about the scope of the book, I will just list the chapters and let you judge for yourself.
- Overview of Crimeware
- A taxonomy of Coding Errors
- Crimeware and Peer-to-Peer Networks
- Crimeware in Small Devices
- Crimeware in Firmware
- Crimeware in the Browser
- Bot Networks
- Rootkits
- Virtual Worlds and Fraud
- Cyberware and Politics
- Online Advertising Fraud
- Crimeware Business Models
- The Educational Aspect of Security
- Surreptitious Code and the Law
- Crimeware and Trusted Computing
- Technical Defense Techniques
- The Future of Crimeware
This book is not just another compendium of malware and defensive countermeasures. This book provides that, but goes beyond that to educate the reader and provide tremendous insight about how and why crimeware works.