EVREN KUCUKKAYA

E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA

Assignment: On-line security: attacks and solutions

2012

ISG INTERNATIONAL MBA

Table of Context
1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ........................................................................................................................................ 7 2.8. Browser Hijacking ............................................................................................................................. 7 2.9. Dialers ............................................................................................................................................... 7 2.10 Rootkit ............................................................................................................................................. 7 2.11. Exploits ........................................................................................................................................... 7 3. UP-TO-DATE MALWARE ...................................................................................................................... 8 3.1. Adware ............................................................................................................................................. 8 3.2. Parasiteware ..................................................................................................................................... 8 3.3. Thiefware.......................................................................................................................................... 8 3.4. Pestware ........................................................................................................................................... 8 3.5. Browser Helper Object, BHO ............................................................................................................ 8 3.6. Remote Administration Tool, RAT .................................................................................................... 8 3.7. Commercial RAT ............................................................................................................................... 8 3.8. Botnet ............................................................................................................................................... 9 3.9. Flooder ............................................................................................................................................. 9 3.10. Hostile ActiveX................................................................................................................................ 9 3.11 Hostile Java ...................................................................................................................................... 9 3.12. Hostile Script .................................................................................................................................. 9 3.13. IRC Takeover War ........................................................................................................................... 9 3.14. Nuker .............................................................................................................................................. 9 3.15. Packer ............................................................................................................................................. 9 3.16. Binder ............................................................................................................................................. 9 3.17. Password Capture and Password Hijacker ................................................................................... 10 3.18. Password Cracker ......................................................................................................................... 10 3.19. Key Generator .............................................................................................................................. 10 1 EVREN KUCUKKAYA

3.20. E-mail Bomber .............................................................................................................................. 10 3.21. Mass Mailer .................................................................................................................................. 10 3.22. E-mail Harvester ........................................................................................................................... 10 3.23. Web Bugs ...................................................................................................................................... 10 3.24. Hoax .............................................................................................................................................. 10 3.25. Phishing ........................................................................................................................................ 10 3.26. Web Scam and Fraud.................................................................................................................... 10 4. PROVIDING ONLINE SECURITY........................................................................................................... 11 4.1. Firewall ........................................................................................................................................... 11 4.1.1 Types of Firewall ........................................................................................................................... 11 4.1.2. Positive Effects of the Firewall .................................................................................................... 11 4.1.3. Negative Effects of the Firewall................................................................................................... 11 4.2. Data Encryption .............................................................................................................................. 12 4.2.1. Symmetric-key Encryption .......................................................................................................... 12 4.2.2. Asymmetric-key Encryption ........................................................................................................ 12 4.3. Antivirus Software .......................................................................................................................... 12 4.3.1. Historical Development of Antivirus Software ............................................................................ 13 4.3.1.1. First-generation software ......................................................................................................... 13 4.3.1.2. The second-generation software ............................................................................................. 13 4.3.1.3. Third-generation software ....................................................................................................... 13 4.3.1.4. The fourth-generation software............................................................................................... 13 4.3.2. Advanced anti-virus techniques .................................................................................................. 14 4.3.2.1. General analysis........................................................................................................................ 14 4.3.2.2. Digital immune system ............................................................................................................. 14 4.4. Internet Protocol Security (IPSec) .................................................................................................. 14 5. CONCLUSIONS ................................................................................................................................... 14 REFERENCES .......................................................................................................................................... 15

2 EVREN KUCUKKAYA

1. INTRODUCTION
Information security can be defined as protection of knowledge as an asset for any damages, prevention of acquisition by unwanted users of the right technology, properly using the right purpose and in all kinds of information. The purpose of security in computer technology, individuals and organizations face in using these technologies taking measures by making threats and advance hazards analysis. Recently with the development of computer technology in information and computer security at the beginning of the most serious threats come from malicious software. Malicious software or Malware is the general name for unwanted software designed to cause damage on or disrupt the work on the other machines on an infected computer system or network [1]. Malwares are infecting to the other systems without the knowledge the user or user systems by tricking them [2]. Scum ware referred to as malware, be formed with almost any programming or scripting language, or can be transported in several files [3]. In terms of historical development, types of malware, can be examined in four generations [2, 4]: 1. Generation (1987-1995): Computer viruses, especially in this period that dominated by DOS viruses, malicious software was infecting through the files and floppy disks. In 1995, their age closed by Windows 95, the first operating system with protected-mode operating system. 2. Generation (1995-2000): In light of recent developments in the personal computer world especially on images, audio and video files with support for multi-media containing materials such as using Microsoft Word, Excel, and powerful capabilities that comes with office programs such as the macro language of a generation that uses the density of malware. The macro language of this period gave an huge opportunity to people who cannot able to use the machine language of Win32 platform. Macros are still in use, although this period ended with the spread of virus-scanning programs. 3. Generation (1999-2002): Especially with the increase in Internet usage and e-mail communication amount of mass mailers increased in this generation, especially benefiting from the vulnerabilities of e-mail and internet browser programs. During this period, malware, are benefiting from the opportunities offered by the various scripting languages, or has chosen the path of transmission systems in the files attached to e-mails. E-mail filtering programs to block this kind of malicious software reached a certain saturation. 4. Generation (2001 -): The most important difference from other generations on this generation which is still ongoing, no need for the assistance of a significant user to spread. This period begins with Code Red worm in 2001, malware, benefits from vulnerabilities in the system and programs. With this term types of malware has started to spread, especially serious consequences with the illegal and criminal damages. With this generation, types of malware that cannot replicate itself started to be seen such as keyboard listening systems.
3 EVREN KUCUKKAYA

Malware that threaten ordinary users and systems are rapidly growing up, especially with the ease of motion brought by the Internet and network systems [1]. This situation can be likened to a war with technology that the good and the bad guys faced. During this fight, data, might be productive time and money has been lost while people find and cleaning, "structures of evil". For the prevention of malware and spyware, researchers and professional security experts identify such harmful elements, to develop new ways to destroy; users trained, educating, determined to close gaps in security and protection, the use of scanner and software and updating them, despite of all these efforts, attacks by malicious people and attack methods are increasing day by day [5].

2. MAIN TYPES OF MALWARE

In general, all Malware can exhibit different characteristics in terms of; life cycle, selfreplication, autonomy, transmission mechanism, showing discrete or features of a virus, and protection mechanism. Types of malware, as exhibit different behaviours for any stage of the life cycle such as; working towards a single purpose, without self-replication; can have some completely autonomous approach such need of user intervention; can be installed manually by malicious people themselves to the target computer system, may show resistance to protection structures that can detect or destroy it, entice these types of programs with various tactics [2]. The most basic types of malware, malicious software, except that they first encountered in terms of development processes; are software with significant characteristic features, including major threats to the security of information and computer, that users are exposed to a quite common way.

2.1. Computer Viruses

Viruses are widely regarded as the most dangerous and the most ancient type of malware. Computer viruses inspired from the organisms are defined as small particles in infected cells, so-called biological viruses. Computer virus can run their own copies, place it to spread to other code or documentation, and multiply itself. Most virus programs have devastating effects, such as deleting important files or making host system completely broken. These viruses can spread through the network as part of a computer worm to spread even though they do not use network resources. Instead, infect target systems by such as floppy disk, CD or DVD media or by e-mail attachments. Most distinctive feature of viruses is that separating from other form of malware is the need of human interaction. The virus must be within the malicious code to be executed by a user. The user unwittingly spreads the virus by opening a file, reading an e-mail, a system boot or run an infected program [7, 8]. There is four kind of viruses. These are; File viruses, Boot viruses, Macro viruses, and Script viruses.
4 EVREN KUCUKKAYA

File viruses are types of virus that uses the file system to spread by copying themselves to executable files various directories, or contaminate the viral code on operating system. Boot viruses, by changing hard disk or floppy disk "Master Boot Record" make it work the code each time the computer viral sequences. Macro viruses use the macros which are starting to run with the programs that have strong macro support and using the desktop programs to start their files such as Microsoft Word and Excel. Script viruses can be written by using scripting languages like, VB (Visual Basic), JavaScript, BAT (batch file), PHP.

2.1. Computer Worms

With a structure similar to computer viruses, worms, such as viruses, do not add itself to other executable programs or do not become part of this program. Worms, to spread to another program or do not require human interaction like viruses, are offering a self-replicating structures [10]. Among the most common methods used by the worm to spread, e-mail, FTP, HTTP and other Internet services. To spread worms, methods like taking advantages from the vulnerabilities of target system or using social engineering to make the users to run the worms using. Worms will not modify any other files, but they stand and replicate efficiently in memory. Worms use the operating system structures automatically performed and are usually invisible to users. Uncontrolled proliferation of worms can be recognizable when the system uses its resources excessively high or other processing tasks slowing or when it causes these tasks endings. The name of the worm comes from a science fiction novel written by John Brunner's in 1975, named "Shockwave Rider", from a program that spread itself over a computer network [11]. Computer Worms can be examined under the four groups; e-mail, IM (Internet Messaging), internet and network worms. E-mail worms spread of the most preferred method of malware that uses e-mails. "Internet Messaging" (IM) and Microsoft's MSN Messenger, AOL's AIM, IRC, ICQ, KaZaA, such as IM worms spread widely used for messaging services and network shares. Internet worms, worms only infect the machines connected to the Internet. This type worms, scans the internet to try to find the vulnerable computers, which has not installed the latest security updates, with the backdoor open, without a firewall. Another interesting species of worms are network worms, they replicate themselves to a shared folder or transforming to an interesting application or file name, the names that may seem useful. Users who are running these files on their computers are infected by the worm. Most of the worm being developed to run on one type of operating system. But the very near future super worms which include a "warhead" will emerge to work with Windows, Linux, Solaris, BSD and other operating systems.

5 EVREN KUCUKKAYA

2.3. Trojan Horses

Trojan Horse name is coming from the ancient novel Odysseus that was written by Homer. The novels tell the story of a wooden horse full with the soldiers given as a gift used to take the city of troy after the ten years of unsuccessful siege by opening the gates from inside at the late hours of night [12]. Seen many examples in history that uses this trick to hide malicious software are known by the name of this legend. Trojan horses are malicious software disguised as legitimate software. Although the opposite examples are recent, such as viruses, Trojan horses cannot multiply themselves. A Trojan horse can bundle itself to a useful program or convince the users that it has a useful function for execute itself by the user. Except Trojan horses that damage to the system overall with a variety of ways other types of Trojan horses can be seen such as; PSW Trojans, Trojan backdoors, clickers, downloaders, droppers, proxies, spies, Annunciators and archive bombs.

2.4. Spyware
In Information and computer security, spyware is generally used in an ambiguous sense. Spyware is defined as software that provides a collection of the important information and the actions of the user and send this information to malicious people, without the user's information. Spyware, infect to the systems, especially by Internet users unwittingly, differently from the other malwares. Spyware, after infected the target system once do not need to spread or creating your own copy unlike viruses and worms. The purpose of spyware is to collect the requested information remain confidential on the selected system. Sometimes this information may even be important information such as a credit card number or identification [14]. In addition, commercial companies in order to determine user habits on the Internet can radiate spyware on the Internet [15]. Transmitted without the knowledge of users' systems, spyware, one of the most important attacks carried out against privacy [10].

2.5. Backdoor
Backdoors are the methods that enable a person to skip the normal authentication process or enable remotely access to that computer who are aware to this structure established by cannot found by the standard examinations. Hackers who show a very laborious effort to infiltrate a system, they want to add an easier way to access the system again. The most common backdoor method is to keep open a door (port) that attached a listening agent on the target system. Backdoors, often confused with Trojans.

6 EVREN KUCUKKAYA

2.6. Spams
Spams, perhaps is one of the malware the most frequently encountered by users and have troubles in daily life. Spams are making peoples e-mail accounts busy with messages they do not want including advertising, product promotion and selling, or other bad purposes. To avoid the damage caused by spam type of e-mails, e-mail filtering software programs work as integrated.

2.7. Keyloggers
These are the spywares which is capturing, holding, and sending the entries of users which is using keyboard to the attacker. Keyboard listening systems, except for the use of extremely dangerous consequences of malicious purposes, very useful application areas are also available [1]. As one of the most effective methods of obtaining information the keyboard listening systems are actually used since 1980s [17]. Most of the anti-spyware and antimalware programs do not consider about the Keyloggers.

2.8. Browser Hijacking

Stripping browsers, also called the URL injection, are software leads to act web browser settings for all the time or only in certain regions, outside the user defined style [18]. Most simply, the browser opens the initial page shown in (homepage), could be make the desired site address. There is also showing the types of, the windows that contain inappropriate content or advertising (pop-up window), in addition [8].

2.9. Dialers
Dialers are often changes the target users internet providers number with an international phone number to make the user to pay large amount of call fee. After the dial-up connections this type of software are not using anymore.

2.10 Rootkit
Admin on UNIX operating systems, which means "root" name teams from the root user, the attacker after seizing control of a system, attached to the computer system software. Among the tools the team, deleting record (log) entries or hiding the attacker processes, tools to remove the traces of the attack and the attacker's system regulating the vehicles backdoors to facilitate the subsequent entries can be counted.

2.11. Exploits
Malicious software that can produce types of security attacks that target the specific vulnerability. This type of software is written in order to show the world just like the existence of this vulnerability, can also be used as a method of transmission of malicious programs, such as network worms [19].

7 EVREN KUCUKKAYA

3. UP-TO-DATE MALWARE
There are many types of malware type of malware, except as described above. There is not sufficient number of collectively source and study on this software. Only a small number of resources mention this software on the Internet can be found. The new generation of malware, changes shape by following the emerging technology or innovations.

3.1. Adware
Adware is not necessarily malware, but this kind of software would be using the methods, beyond the expected concept of freeware or shareware advertising. These types of programs make advertising by using pop-up windows or banners.

3.2. Parasiteware
Parasiteware is a type of advertising software that deletes links of the other companies that generate revenue by mediating trail sites by using membership (affiliate) method to sell products.

3.3. Thiefware
Steal the membership of the commission by typing on the trail making cookies, redirecting directing to different sites applications, the current traffic on Internet browsers by opening new browser windows.

3.4. Pestware
Is a adware type of malicious software.

3.5. Browser Helper Object, BHO

A BHO written in malevolent purposes, by establishing the Internet browser, may collect any information that the user accessed the Internet, and secretly monitor the use of data [8].

3.6. Remote Administration Tool, RAT

Is one of the most dangerous forms of malware when the target machine online giving unlimited access to this machine to the aggressor.

3.7. Commercial RAT

It is the use of any malicious purpose, without the user's permission or knowledge, normally produced as a remote administration tool for any commercial RAT program.

8 EVREN KUCUKKAYA

3.8. Botnet
Bot network (botnet) which is a type of remote management software is a network of a number of captured computers can be used for by malicious people to send spam, or sending worms or Trojan horses.

3.9. Flooder
DoS attacks, which causes disruption of service, by the methods of sending serial PING and SYN packages, intentionally excessive loads on the machine or a network connection software, is named by Ping of Death and SYN Flooder [15].

3.10. Hostile ActiveX

Internet Explorer software that was established the users' computers usually by illegally download (drive-by-download).

3.11 Hostile Java 3.12. Hostile Script

VBS. WSH. JS. HTA. JSE and. VBE extension of text files can be called as aggressive script in terms of intent malicious contain.

3.13. IRC Takeover War

IRC (Internet Relay Chat), one of chat programs, has lost its popularity. IRC network has been disturbed by IRC wars for a long time. In order to facilitate the attack of any kind on IRC all the tools used in is classified as IRC war.

3.14. Nuker
Windows operating system properly unpatched or without firewall, DoS attack WinNuke machines used for the "nuke" the term (nuke: nuclear weapons), for the moment a variety of TCP / IP as the common name used for DoS attacks.

3.15. Packer
Utility programs that encrypting a file compression into a process. When the program runs automatically adds a header of the process file in memory [21].

3.16. Binder
Software that brings multiple files into one file that may be different types. Hiding Trojan horse like files in this software is too easy [22].

9 EVREN KUCUKKAYA

3.17. Password Capture and Password Hijacker

Spyware programs running on the system for recording to capture passwords entered [14].

3.18. Password Cracker

Tools to decrypt A password or an encrypted file [23, 24].

3.19. Key Generator

People who use these tools, can set up or copy the programs software without buying, as the authorized user can benefit.

3.20. E-mail Bomber

Malware which is bombarded target's e-mail inbox with thousands of e-mail.

3.21. Mass Mailer

Sending malicious viruses through e-mail software.

3.22. E-mail Harvester

E-mail Address Harvesters; transmit the e-mail addresses or address lists in computers, hard disks a variety of ways in unaware of the user, to a server.

3.23. Web Bugs

Web bug is an interesting and little-known technique in order to achieve who, how many times displays a HTML-based e-mail message or a web page, and the message information such as how long the interest by the ordinary user used.

3.24. Hoax
Aiming to users convince a non-existence of things all kinds of "trick", is classified as a hoax.

3.25. Phishing
Phishing (identity theft) to obtain bank account numbers, personal information such as credit card numbers, bank official, such as a message sent from an official institution that seems really e-mails from people.

3.26. Web Scam and Fraud

It is a type of fraud in an e-mail or via the Internet.

10 EVREN KUCUKKAYA

And the some other known up-to-date malware are; Phreaking, Phone Breaking, Port Scanner, Probe Tool, Search Hijacker, Sniffer, Spoofer, Spyware Cookie, Tracking Cookie, PIE, Trickler, War Dialer and Wabbit.

4. PROVIDING ONLINE SECURITY 4.1. Firewall

Task of firewalls is to create an active security system against potential attacks and threatening elements on the Internet. This task done by controlling only permitted services or network systems reachability to the presented or used sources of systems. If necessary by forming the private IP addressing systems used for the internal network environments to the generally IP addresses existing systems on the internet and hides the IP addressing used in internal networks and provide security.

4.1.1 Types of Firewall

Firewalls can filter network protocol in various layers. There is three main type of firewall; packet filtering firewalls, the circuit level firewalls and application-level firewalls.

4.1.2. Positive Effects of the Firewall

If a firewall will use properly it can control the incoming and outgoing traffic of the network. It can interfere of the unauthorized or external network users service access to the internal network. At the same time can be interfere the internal users access to the external networks or services they do not have any privileges. Firewalls can be configured to provide access control services on many departments or other private networks. Firewalls can be configured to demand the credentials of the users. This provides network administrators to control access to resources and certain services of specific users. Identity verification also allows network administrators to monitor users activity and intrusion attempts. Firewalls can provide resources for auditing and record keeping. Configuring firewalls in this way can be observed and analysed the necessary information in the coming days. Additional layers services security can prevent from unwanted screening.

4.1.3. Negative Effects of the Firewall

In addition to many benefits of firewall solutions, there are also the negative effects. Firewalls can cause traffic bottleneck on some networks. Where all network traffic is compelled to pass through the firewall, there is a very high probability of experiencing network traffic congestion.

11 EVREN KUCUKKAYA

In cases where the transition between networks only through a firewall, if the firewall is not configured correctly problems in traffic flow between networks can be experienced. All firewalls' need of continuous administrative support, general maintenance, software upgrades, security patches adds an additional burden on managers.

4.2. Data Encryption

Encryption / decryption are used to secure the file communication on personal computers or a computer network. Therefore, nowadays, the importance of encryption computers or computer networks is increasing. Encryption is the way converting the information to a shape it cannot understandable instead of the receiver. Decryption is give back to the encrypted state of the previous significant meaningless information with the help of a private key. Encryption and decryption performed by Mathematical Functions called cryptography algorithm. Power the encryption method used is related to the key length not related to the uncertainties in the algorithm. While encrypted data easily opened with the use of key, if the key is unknown, it is impossible the acquisition of data in terms of the intensity of mathematical operations. There are two types of algorithm; symmetric-key encryption and asymmetric-key encryption.

4.2.1. Symmetric-key Encryption

Referred to as single-key encryption or secret-key encryption. A conventional method a single key was used in for both encryption and decoding the password.

4.2.2. Asymmetric-key Encryption

Asymmetric-key encryption uses a key pair also one of the public key and the other is called the private key. This key pair is used for signing the data, encryption and authentication. The encryption method distributed the public-key to all although a private key known only by the owner. Data encrypted with the public key can be opened only with private key.

4.3. Antivirus Software

The ideal solution to the threat of viruses is prevention. First, the virus should not be allowed to enter the system. Generally not possible to achieve this goal, only reduce the number of viral attacks. The next best approach to do the following; Finding: The disease comes along; location of the virus is detected and determined. Description: Finding achieved, the diseased virus identified in the program. Destruction: Specific virus is identified, all forms of the virus is eliminated from the diseased program or the program is loaded again to the original state. All forms of the virus will be discarded from the system to prevent further spreading.

12 EVREN KUCUKKAYA

Advances in the virus and antivirus technology pass from hand to hand. As well as international competition grows about viruses and antivirus software, virus and antivirus programs have become complicated.

4.3.1. Historical Development of Antivirus Software

Antivirus software development is divided into four generations; First generation: Simple scanners. Second generation: The intuitive / heuristic scanners. Third generation: Active traps, tricks. The fourth generation: A full-featured protection.

4.3.1.1. First-generation software

The first generation of virus scanners need virus signature to identify. Carrying certain signature scanners has limited functionality in finding known viruses. Another type of firstgeneration software programs that crawl the length of the changes related to the lengths of recording this record keeping.

4.3.1.2. The second-generation software

The second-generation software, do not trust a particular signature. This type of scanners uses intuitive / heuristic rules. Scan the codes which can be viruses. Look at the tendency of viruses to encryption, and accordingly find the encryption key. When the key is found, the scanner identifies the virus and avoids deforming. Control of the integrity is another approach. Beyond a simple check by using a complex function block the virus to produce the same mixed the code again.

4.3.1.3. Third-generation software

Third-generation software, memory resident programs that run automatically. They are concerned with movements of viruses instead of the programs that are diseased. The advantages of these programs do not bother with virus signatures or intuitive rules. These kinds of programs they take care small incremental movements and infection attempts to interfere with.

4.3.1.4. The fourth-generation software

Anti-virus software that belongs to this generation is packages containing different anti-virus techniques. This software include screening and active trap components. Moreover, such a package, restricting the ability of viruses to enter into a system update for a virus and the ability to pass files to disrupt the ability to control include restricting the transition.

13 EVREN KUCUKKAYA

The fourth-generation software safety measures and the defence area extends more generalpurpose computer, used an extensive defence strategy.

4.3.2. Advanced anti-virus techniques

More complex approaches and antivirus products continue to evolve. In this section, the two most important technical examined.

4.3.2.1. General analysis

General analysis technology, using a fast scan, to be easily locates even the most complex polymorphic viruses. To find such a structure, the current files are passed through the overall analysis scan. This scanner includes the following elements. CPU emulator, Virus signature scanner, The emulator control module.

Interpretation of the destination code in the computer and cannot harm the environment. Because they are interpreted completely controlled environment.

4.3.2.2. Digital immune system

The reason for this system is the increase of Internet-based threats from spreading the virus. Achievement of digital immune system depends on the ability to detect of virus analysis machine of new virus damages. To avoid the threats of viruses are constantly wandering, analysis and control software is constantly updated with the possible digital immune systems.

4.4. Internet Protocol Security (IPSec)

IPSec (IP Security) provides a secure way of private networks the communication of the Internet environment. IPSec is developed by the IETF (Internet Engineering Task Force) the IPSec Working Group. Allow to make strict Authentication and encryption at the network layer. Operates communication by using a bi-directional tunnel. Supports asymmetric-key data encryption. Supports only IP traffic, and runs as an embedded IP stack.

5. CONCLUSIONS
The importance of information security, development and deployment of information and communication technologies are rapidly increasing in parallel. Especially the Internet is used every aspect of life, although make a powerful communication environment has resulted in information security are at stake in. This result, forced persons or institutions to devote more resources to ensure the security of information.

14 EVREN KUCUKKAYA

REFERENCES
1. 2. 3. 4. Canbek, G., Klavye Dinleme ve nleme Sistemleri Analiz, Tasarm ve Gelitirme, Yksek Lisans Tezi, Gazi niversitesi, Fen Bilimleri Enstits, 13, 31-32, 43, 50, 58, 154, Eyll 2005. Heiser, J. G., Understanding Todays Malware, Information Security Technical Report. Vol. 9, No. 2, 47-64, http://www.amazon.com/Understanding-todays-malware-Information-Technical/dp/B000RR1HS0 Calder, A., Watkins, S., It Governance: A Manager's Guide to Data Security & BS 7799/ISO 17799, Kogan Page, 14, 163, http://books.google.fr/books?id=0nIFflHd8xsC&printsec=frontcover&hl=tr#v=onepage&q&f=false Thompson, R., The Four Ages of Malware, Infosecurity Today, 47-48, http://books.google.fr/books?id=vRG7QgAACAAJ&dq=Thompson,+R.,+The+Four+Ages+of+Malware,+Infosecurity+T oday,&hl=tr&sa=X&ei=MVd7T4uaJoqi8QOg9oWoCA&ved=0CDUQ6AEwAQ Grimes, R. A., Malicious Mobile Code, O'Reilly, 3,201-203, 226-228, 238-244, 467-468, http://books.google.fr/books?id=mczgkqHSIXUC&pg=PA81&dq=Grimes,+R.+A.,+Malicious+Mobile+Code,+O'Reilly,& hl=tr&sa=X&ei=b1d7TjwB9L_8QO2hOmjCA&ved=0CC4Q6AEwAA#v=onepage&q=Grimes%2C%20R.%20A.%2C%20Malicious%20Mobile%2 0Code%2C%20O'Reilly%2C&f=false nternet: Symantec, Symantec Internet Security Threat Report, 2010, http://eval.symantec.com/mktginfo/enterprise/white_papers/bwhitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf Peikari, C., Fogie, S., Maximum Wireless Security, Sams Publishing, 153, 164, Skoudis, E., Malware: Fighting Malicious Code, Prentice Hall PTR, 13, 96, 123-125, 149-151, 179, http://books.google.fr/books?id=JHgX8_pVPpEC&printsec=frontcover&dq=Skoudis,+E.,+Malware:+Fighting+Malicio us+Code,+Prentice+Hall+PTR,&hl=tr&sa=X&ei=9Fh7T9_TLsSt8QOBieHXCA&ved=0CC4Q6AEwAA#v=onepage&q=Sko udis%2C%20E.%2C%20Malware%3A%20Fighting%20Malicious%20Code%2C%20Prentice%20Hall%20PTR%2C&f=fals e nternet: Symantec Security Response - W95.CIH, http://www.symantec.com/avcenter/venc/data/cih. Html Gustin, J., Cyber Terrorism, Marcel Dekker, 26-27, http://books.google.fr/books?id=joIgMFbbJMC&pg=PP1&lpg=PP1&dq=Gustin,+J.,+Cyber+Terrorism,+Marcel+Dekker&source=bl&ots=gJ4cnaqMp6&sig =xLCZ-4LmYuaQ2ugnQbpEttLa6oY&hl=tr&sa=X&ei=x-J6T5P8HYP_8QOJxcThCA&redir_esc=y#v=onepage&q&f=false Russell, D., Gangemi, Sr. G.T., Computer Security Basics, O'Reilly, 82, http://books.google.fr/books?id=DyrLV0kZEd8C&printsec=frontcover&dq=Russell,+D.,+Gangemi,+Sr.+G.T.,+Comput er+Security+Basics,&hl=tr&sa=X&ei=a-Z6T7ryH8mA8wOkqaidCA&ved=0CDUQ6AEwAA#v=onepage&q&f=false Thompson, D. P., The Trojan War: Literature and Legends from the Bronze Age to the Present, McFarland & Company, 33, http://books.google.fr/books?id=OuuEAAAAIAAJ&q=Thompson,+D.+P.,+The+Trojan+War:+Literature+and+Legends +from+the+Bronze+Age+to+the+Present,+McFarland+%26+Company&dq=Thompson,+D.+P.,+The+Trojan+War:+Lit erature+and+Legends+from+the+Bronze+Age+to+the+Present,+McFarland+%26+Company&hl=tr&sa=X&ei=ix6T5vsCdSC8gO-roHRCA&ved=0CC4Q6AEwAA nternet: Trojan Programs, VirusList, http://www.viruslist.com/en/virusesdescribed?chapter=152540521 Hansen, J. B., Young, S., The Hacker's Handbook, CRC Press, 72-74, 126, 530, 714, http://books.google.fr/books?id=U9pY5GfzqsIC&pg=PA59&dq=Hansen,+J.+B.,+Young,+S.,+The+Hacker's+Handbook ,+CRC+Press,&hl=tr&sa=X&ei=NVp7T6WJBcej8gOByrixCA&ved=0CDcQ6AEwAA#v=onepage&q=Hansen%2C%20J.%2 0B.%2C%20Young%2C%20S.%2C%20The%20Hacker's%20Handbook%2C%20CRC%20Press%2C&f=false Conway, R., Cordingley, J., Code Hacking: A Developer's Guide to Network Security, Charles River Media, 55-56, 92, http://books.google.fr/books?id=nLjvT1OgSZ8C&dq=Conway,+R.,+Cordingley,+J.,+Code+Hacking:+A+Developer's+G uide+to+Network+Security,+Charles+River+Media,&hl=tr&sa=X&ei=gFp7T8bQNser8QPI1ZG9CA&ved=0CC4Q6AEwA A Cole, E., Hackers Beware: The Ultimate Guide to Network Security, Sams Publishing, 104-108, 191-193, 544, 550, http://books.google.fr/books?id=fNRuUrhyd4QC&printsec=frontcover&dq=Cole,+E.,+Hackers+Beware:+The+Ultima te+Guide+to+Network+Security,+Sams+Publishing,&hl=tr&sa=X&ei=zlp7T76ZLsen8QPApmYCw&ved=0CDUQ6AEwAQ#v=onepage&q&f=false Mohay, G., Collie, B., Vel, O., McKemmish, R., Anderson, A., Computer and Intrusion Forensics, Artech House, 226,

5.

6.

7. 8.

9. 10.

11.

12.

13. 14.

15.

16.

17.

15 EVREN KUCUKKAYA

18. 19. 20. 21. 22. 23. 24.

25.

http://books.google.fr/books?id=KRwXEHTK3OwC&pg=PA122&dq=Mohay,+G.,+Collie,+B.,+Vel,+O.,+McKemmish,+R .,+Anderson,+A.,+Computer+and+Intrusion+Forensics,+Artech+House,&hl=tr&sa=X&ei=FFt7T8_DLs_f8QPxuKmfCA& ved=0CC4Q6AEwAA#v=onepage&q=Mohay%2C%20G.%2C%20Collie%2C%20B.%2C%20Vel%2C%20O.%2C%20McKe mmish%2C%20R.%2C%20Anderson%2C%20A.%2C%20Computer%20and%20Intrusion%20Forensics%2C%20Artech %20House%2C&f=false Caloyannides, M. A., Privacy Protection and Computer Forensics, Artech House, 118-120, Russell, R., Hack Proofing Your Network, Syngress Publishing, 78, http://books.google.fr/books?id=flaI_VVftE0C&printsec=frontcover&hl=tr#v=onepage&q&f=false Hausman, K. K., Barrett, D., Weiss, M., Exam Cram 2 Security +: Exam Cram SYO-101, Que Publishing, 59, Mandia, K., Prosise, C., Incident Response Second Edition: Computer Forensics, McGraw- Hill Professional, 389390, nternet: Binder, SearchWin2000, TechTarget. http://searchwin2000.techtarget.com/sDefinition/0,sid1_gci948478,00.html Poole, O., Network Security: A Practical Guide, Elsevier, 69-71, Pipkin, D. L., Halting the Hacker - A Practical Guide to Computer Security, Prentice Hall PTR, 52, http://books.google.fr/books?id=M6sfthR8huQC&printsec=frontcover&dq=Pipkin,+D.+L.,+Halting+the+Hacker++A+Practical+Guide+to+Computer+Security,+Prentice+Hall+PTR&hl=tr&sa=X&ei=tFx7T7LjIs38QObxbHQCA&ved=0CCwQ6AEwAA#v=onepage&q&f=false Bennett, J., Digital Umbrella: Technology's Attack on Personal Privacy in America, Brown Walker Press (FL), 47-50

16 EVREN KUCUKKAYA