Download via torrent!

 or use » (Magnet - DHT - UseNext - VerTor)

*FREE* Direct Download - the giant black book of viruses .torrent

Category: Books » Ebooks
Total size: 5.73 MB
Pieces: Number: 92 - Size: 64 KB
Added: 1 year ago -- [myriadmagus]
Updated: 15 days  (Update Now)

Bookmark:
Hash: 7558cb34ca7d1cbc3c699a4fae118e5f643cdd54
Health:  12 seeds, 12 peers
Tracker: http://tracker.openbittorrent.com (Public)
Rapidshare:     This file may be available on rapidshare.

Table of Contents

* Introduction
o Defense Against Viruses
o Military Applications
o Computational Exploration
* Computer Virus Basics
o The Structure of a Virus
o Virus Classification
o What You'll Need to Use this Book
o Organization of this Book
* PART I
o The Simplest COM Infector
+ COM Program Operation
+ Overwriting Viruses
+ The Search Mechanism
+ The Replication Mechanism
+ Discussion
+ Exercises
o Companion Viruses
+ Executing the Host
+ File Searching
+ File Infection
+ Variations on a Theme
+ The SPAWNR Virus Listing
+ Exercises
o Parasitic COM Infectors: Part I
+ The Justin Virus
+ Checking Memory
+ Going into the High Segment
+ The File Search Mechanism
+ Examining the Host
+ Infecting the Host
+ Executing the Host
+ The Justin Virus Source
+ Exercises
o Parasitic COM Infectors: Part II
+ The Timid-II Virus
+ Data and Memory Management
+ The File Search Routine
+ Checking the File
+ The Copy Mechanism
+ Executing the Host
+ The Timid-II Virus Listing
+ Exercises
o A Memory Resident Virus
+ Techniques for Going Resident
+ The Sequin Virus
+ Hooking Interrupts
+ The Pitfalls of Sequin
+ The Sequin Source
+ Exercises
o Infecting EXE Files
+ The Structure of an EXE File
+ Infecting an EXE File
+ The File Search Mechanism
+ Passing Control to the Host
+ The INTRUDER-B Source
+ Exercises
o Advanced Memory Residence Techniques
+ Low Level Memory Residence
+ Returning Control to the Host
+ FCB-Based File Operations
+ Finding Infectable Files
+ Infecting Programs
+ Self-Detection in Memory
+ Windows Compatibility
+ Testing the Virus
+ The Yellow Worm Source Listing
+ Exercises
o An Introduction to Boot Sector Viruses
+ Boot Sectors
+ The Necessary Components of a Boot Sector
+ Interrupt 13H
+ The BASIC.ASM Boot Sector
+ The BOOT.ASM Source
+ A Trivial Boot Sector Virus
+ A Better Boot Sector Virus
+ The Infection Process
+ PC-DOS and DR-DOS Compatibility
+ Testing Kilroy-B
+ Kilroy-B Source Listing
+ Exercises
o The Most Successful Boot Sector Virus
+ The Disk Infection Process
+ Memory Residence
+ Infecting Hard Disks
+ Infecting Floppy Disks
+ The Logic Bomb
+ The Stoned Listing
+ Exercises
o Advanced Boot Sector Techniques
+ Basic Functional Characteristics
+ The BBS on the Hard Disk
+ The BBS on Floppy Disk
+ Self-Detection
+ Compatibility
+ The Loader
+ The BBS Source
+ The FATMAN Listing
+ The BOOT.ASM Source
+ Exercises
o Multi-Partite Viruses
+ Military Police
+ The MP as a Boot Sector Virus
+ The MP Turns TSR
+ Infecting Files
+ Loading from a File
+ The Military Police Source
+ Exercises
o Infecting Device Drivers
+ Step One: The File Structure
+ Step Two: System Facilities
+ Step Three: The Infection Strategy
+ Step Four: Implementation
+ Assembling a Device Driver
+ The DEVIRUS Source
+ Exercises
o Windows Viruses
+ Windows EXE Structure
+ The Windows EXE New Header
# Segment Table (Defines segments in the program)
# Resident Name Table (A list of resident names and references)
# Non-Resident Name Table
# Entry Table (Table of entry points for the program)
# Module Reference Table
# Imported Name Table (Names of modules imported by the program)
# The Resource Table (Vital information about the EXEs resources)
# Resource Type Record Definition
# Name Info Record Definition
+ Infecting a File
+ Using the Windows API
+ Protected Mode Considerations
+ Memory Management and DPMI
+ Getting Up and Running
+ Implementation as a Windows EXE
+ Infecting DLLs
+ General Comments
+ The Caro Magnum Source
+ Exercises
o An OS/2 Virus
+ OS/2 Memory Models
+ OS/2 Programming Tools
+ The Structure of an Executable File
+ Function Calls
+ Memory Management
+ A New Hoop to Jump Through
+ And One We Get to Jump Through
+ The Source Code
+ Exercises
o Unix Viruses
+ A Basic Virus
+ The X21 Step by Step
+ Hiding the Infection
+ Unix Anti-Virus Measures
+ The X21 Source
+ The X23 Source
+ Exercises
o Source Code Viruses
+ The Concept
+ The Origin of Source Code Viruses
+ A Source Code Virus in C
+ Source Listing for SCV1.C
+ Source Listing for VIRUS.H
+ Source Listing for CONSTANT.C
+ Test Drive
+ The Compressed Virus
+ Source Listing for SCV2.C
+ Source Listing for VIRUS2.HS
+ A Source Code Virus in Turbo Pascal
+ Source Listing of SCVIRUS.PAS
+ Source Listing of ENCODE.PAS
+ Exercises
o Many New Techniques
+ Exercises
* Part II: Anti-Anti Virus Techniques
o How A Virus Detector Works
+ Virus Scanning
+ Behavior Checkers
+ Integrity Checkers
+ Overview
+ The GBSCAN Program
+ The GBCHECK Program
+ The GBINTEG Program
+ Exercises
o Stealth for Boot Sector Viruses
+ The Anti-Virus Fights Back
+ Viruses Fight Back
+ Anti-Viruses Fight Back More
+ Further Options for Viruses
+ Memory "Stealth"
+ Level One Stealth Source
+ Level Two Stealth Source
+ Exercises
o Stealth Techniques for File Infectors
+ Self-Identification
+ The Interrupt 21H Hook
+ File Search Functions
+ File Date and Time Function
+ File Size Function
+ Handle-Based Read Function 3FH
+ FCB-Based Read Functions
+ Move File Pointer Function 42H
+ EXEC Function 4BH
+ An Interrupt 13H Hook
+ The Infection Process
+ Anti-Virus Measures
+ Viruses Fight Back
+ The Slips Source
+ Exercises
o Protected Mode Stealth
+ Protected Mode Capabilities
+ I/O Port-Level Stealth
+ Interrupt Hooking
+ Memory stealthing
+ Interrupt Tunnelling
+ Protected Mode Programming
+ The Isnt Virus
+ Hooking Interrupt 21H
+ Stealthing the Body of the Virus
+ The Interrupt 0FFH Hook
+ Protected Mode and Advanced Operating Systems
+ The Isnt Source
+ Exercises
o Polymorphic Viruses
+ The Idea
+ Encryption Technology
+ Self-Detection
+ Decryptor Coding
+ The Random Code Generator
+ Modifying the Decryptor
+ The Random Number Generator
+ Results with Real Anti-Virus Software
+ Memory-Based Polymorphism
+ The Many Hoops Source
+ The Visible Mutation Engine Source
+ Testing the Many Hoops
+ Exercises
o Retaliating Viruses
+ Retaliating Against Behavior Checkers
+ Silence
+ Logic Bombs
+ Dis-Installation
+ An Example
+ Integrity Checkers
+ Security Holes
+ Logic Bombs
+ Viral Infection Integrity Checking
+ Defense Against Retaliating Viruses
+ The Retaliator II Source
+ The SECREAD.PAS Program
+ Exercises
o Advanced Anti-Virus Techniques
+ Spectral Analysis
+ Heuristic Analysis
+ The FINDVME Source
+ The FREQ Source
+ Exercises
o Genetic Viruses
+ Genetic Decision Making
+ Genetic Mutation
+ Darwinian Evolution
+ Real-World Evolution
+ Fighting the Evolutionary Virus
+ The Next Generation
+ The GENE.ASM Source
+ Exercises
o Who Will Win?
+ A Corollary to the Halting Problem
+ The Problem
+ The Future of Computing
+ So Who Will Win?
* Part III. Payloads for Viruses
o Destructive Code
+ Trigger Mechanisms
+ The Counter Trigger
+ Keystroke Counter
+ Time Trigger
+ Replication Trigger
+ The System-Parameter Trigger
+ Date
+ Time
+ Disk Free Space
+ Country
+ Video Mode
+ BIOS ROM Version
+ Keyboard Status
+ Anti-Virus Search
+ Processor Check
+ Null Trigger
+ Logic Bombs
+ Brute Force Attack
+ Start Making Noise
+ Fool With The Video Display
+ Disk Attacks
+ Damaging Hardware
+ Disk Failure
+ CMOS Battery failure
+ Monitor Failure
+ Keyboard failure
+ Stealth Attack
+ Indirect Attack
+ Example
+ The Pascal Unit
+ Virus Bomb
+ Encrypting the Virus
+ Summary
o A Viral Unix Security Breach
+ The Password File in BSD Unix
+ Enter the Virus
+ A Typical Scenario
+ Modifying master.passwd
+ Access Rights
+ The Snoopy Source
+ Exercises
o Operating System Holes and Covert Channels
+ Operating System Basics
+ Compromising the System
+ Microsoft Idiosyncrasies
+ Why a Virus is Needed
+ The KBWIN95 Virus
+ More Covert Channels
+ The Capture Software Source
+ The KBWIN95 Virus Source
+ Demonstrating the KBWIN95
+ Exercises
o A Good Virus
+ Why a Virus?
+ 1. Virus Technology
+ 2. Self-Reproduction
+ Dishonest Employees
+ The File Buffer System
+ The Physical Disk
+ Operation of the KOH Virus
+ Infecting Disks
+ Encryption
+ The Interrupt Hooks
+ Ctrl-Alt-K: Change Pass Phrase
+ Ctrl-Alt-O: Floppy Disk Migration Toggle
+ Ctrl-Alt-H: Uninstall
+ Compatibility Questions
+ Legal Warning
+ The KOH Source
+ Exercises
* Appendix A: ISR Reference
o Interrupt 10H: BIOS Video Services
o Interrupt 13H: BIOS Disk Services
o Interrupt 1AH: BIOS Time of Day Services
o Interrupt 20H: DOS Terminate
o Interrupt 21H: DOS Services
o Interrupt 24H: Critical Error Handler
o Interrupt 27H: DOS Terminate and Stay Resident
o Interrupt 2FH: Multiplex Interrupt
o Interrupt 31H: DPMI Utilities
o Interrupt 40H: Floppy Disk Interrupt
* Appendix B: Resources
o Inside the PC
o Assembly Language Programming
o Viruses, etc.