funsec mailing list archives

Previous By Date Next
Previous By Thread Next

REVIEW: "Crimeware: Understanding New Attacks and Defenses", Markus Jakobsson/Zulfikar Ramzan

From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Thu, 14 Aug 2008 15:18:49 -0800
BKCRMWRE.RVW   20080511

"Crimeware: Understanding New Attacks and Defenses", Markus
Jakobsson/Zulfikar Ramzan, 2008, 978-0-321-50195-0, 54.99/C$59.99
%E   Markus Jakobsson
%E   Zulfikar Ramzan
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2008
%G   978-0-321-50195-0 0-321-50195-0
%I   Addison-Wesley Publishing Co.
%O   54.99/C$59.99 416-447-5101 fax: 800-822-6339 bkexpress () aw com
%O  http://www.amazon.com/exec/obidos/ASIN/0321501950/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321501950/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321501950/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   582 p.
%T   "Crimeware: Understanding New Attacks and Defenses"

The preface notes the change in incentive, for the production of
malware, from intellectual curiosity to the profit motive.  It also
states that the book is intended for anyone with an interest in
crimeware or computer security, including those with a background in
education or public policy rather than technology.

Although chapter one promises, at various points, a structured and
taxonomic overview of crimeware, it is little more than a grab bag of
points possibly related to malware and information security, and, as
such, is more confusing than educational.  Gary McGraw's seven-point
taxonomy of coding errors is given in chapter two.  It's an excellent
list, but has limited relevance to crimeware.  Chapter three consists
of two very distinct items: an interesting report on the spread of
malware through peer-to-peer (P2P) file-sharing networks, and an
account of one specific chain-mail hoax.  Malware implementations in
small devices, such as USB (Universal Serial Bus) and RFID (Radio
Frequency IDentification), are explored in chapter four, which
material does, at least, discuss how these technologies could be used
for criminal activity.  Although entitled "Crimeware in Firmware,"
most of chapter five is concerned with wireless LAN security, and is
highly speculative.  A few pieces of crimeware that run in Web
browsers are described in chapter six.  Chapter seven contains a
reasonable, though superficial, overview of botnets.  A number of
calls used by specific rootkit packages are described in chapter
eight.  Fraud in online gaming is examined in chapter nine, although,
oddly, the issue of theft of game goods for "real world" sale is not
mentioned.  Chapter ten covers politics and malicious online activity,
but is primarily concerned with Web defacements and online defamation. 
Fraud, generally related to Web advertising, is in chapter eleven. 
"Crimeware Business Models," in chapter twelve, are confined to only a
few types, although the section on adware is particularly good. 
Advice on how not to do education is provided in chapter thirteen. 
Chapter fourteen outlines a few US laws possibly relevant to
crimeware.  The activities of the Trusted Computing Group (TCG),
particularly with regard to Digital Rights Management, are promoted in
chapter fifteen.  A simplistic look at a few defensive technologies is
provided in chapter sixteen.  Chapter seventeen provides a vague
closing to the book.

The level of the writing and the technology varies from chapter to
chapter, since the book has a wide variety of authors.  Unfortunately,
very little of the content is directly relevant to crimeware as such:
most of the material is merely general information about malware. 
Some of the text is interesting, but much of it is vague, and little
is new.  The work is a fairly reasonable introduction to malware
threats and protection, but does not add much to the existing
literature.

copyright Robert M. Slade, 2008   BKCRMWRE.RVW   20080511


======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
[Upon being awakened] It's bright, I'm blind, I need to sleep...
(long pause)... thank you for visiting the Blind Residence...
good bye.                                            - TAH, 20060222
victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: