SANS InfoSec Reading Room - Malicious Code
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact
webmaster@sans.org.
Featuring 67 papers as of Jul 9, 2008
- Malware Analysis: An Introduction
- Dennis Distler
- February 12, 2008
- - download paper

- Analysis of a Browser Exploitation Attempt
- Phil Wallisch
- January 4, 2008
- - download paper

- Exploitation Kits Revealed - Mpack
- Andrew Martin
- January 4, 2008
- - download paper

- A Thesis Of The Nature Of Adware In Practice
- Arthur Stephens
- April 3, 2006
- - download paper

- Virus Writers 360
- Julie Newberry
- January 18, 2005
- - download paper

- Worm Propagation and Countermeasures
- Glenn Gebhart
- June 9, 2004
- - download paper

- Bots &; Botnet: An Overview
- Ramneek Puri
- December 31, 2003
- - download paper

- Malicious Code - What Should We Do?
- Stacy Ballou
- December 14, 2003
- - download paper

- Virus Hoaxes - Are They Just a Nuisance?
- Darren Grocott
- October 31, 2003
- - download paper

- Cheese Worm: Pros and Cons of a Friendly Worm
- Bryan Barber
- October 31, 2003
- - download paper

- Overview of Code Red or What is this "NNNNNNNNNNNNNNNNNNNNNNN" thing?
- Stephen T Kelly
- October 31, 2003
- - download paper

- I Thought We Had Virus Protection: The Mistakes that Made Us Vulnerable to the W32 SirCam Virus
- Bob Green
- October 31, 2003
- - download paper

- Issues with Keeping AntiVirus Software Up to Date
- John Graham
- October 31, 2003
- - download paper

- Computer Virus Policy, Training, Software Protection and Incident Response for the Medium Sized Orga
- Chris Gullett
- October 31, 2003
- - download paper

- A System Administrator's Guide to Implementing Various Anti-Virus Mechanisms: What to do When a Virus is Suspected On a Computer Network
- Robert B. Fried
- October 31, 2003
- - download paper

- What is Code Red Worm?
- Adrian Tham
- October 31, 2003
- - download paper

- QAZ
- Charles R. Fagg
- October 31, 2003
- - download paper

- Living with MalWare
- Gary Wiggins
- October 31, 2003
- - download paper

- Code Red Worm - Importance of Swiftly Eliminating Vulnerability
- Scotty Strunk
- October 31, 2003
- - download paper

- A Virus and a Worm: Lessons Learned from SirCam and Code Red in a University Environment
- Marc Mazuhelli
- October 31, 2003
- - download paper

- July 2001: Indicative of the "Year of the Worm"
- David A. Shaffer
- October 31, 2003
- - download paper

- Code Red: The One to Not "Dew"
- David Doyle
- October 31, 2003
- - download paper

- A Practical Guide to Enterprise Antivirus and Malware Prevention
- Jay Martin
- October 31, 2003
- - download paper

- Code Red and the Internet Today
- Andres Chiriboga
- October 31, 2003
- - download paper

- Code Red: A New Threat
- Tim Hughes
- October 31, 2003
- - download paper

- The Code Red Worm
- John C. Dolak
- October 31, 2003
- - download paper

- Windows Remote Buffer Overflow Vulnerability and the Code Red Worm
- Jeremy Baca
- October 31, 2003
- - download paper

- The Mechanisms and Effects of the Code Red Worm
- ReneeC. Schauer
- October 31, 2003
- - download paper

- Code Red and Code Red II: Double Dragons
- Kittipong Teeraruangchaisri
- October 31, 2003
- - download paper

- Network and System Planning - How to Reduce Risk on a Comprimised System
- Brent Maley
- October 31, 2003
- - download paper

- The Legend of Nimda
- Kevin G. Frey
- October 31, 2003
- - download paper

- Nimda Explained, and What You Can Do to Protect Your Sytem(s)
- Greg Dzurinda
- October 31, 2003
- - download paper

- Overview of Nimda
- John Phillips
- October 31, 2003
- - download paper

- Code Red Worm Invasion
- Sharon Bristow
- October 31, 2003
- - download paper

- The Code Red Message in a Bottle
- Jeffrey A. Tricoli
- October 31, 2003
- - download paper

- The Nimda Worm: An Overview
- Eugene J. Aronne
- October 31, 2003
- - download paper

- Preventing Propagation of the NIMDA Worm with a Holistic Approach
- David C. Petty
- October 31, 2003
- - download paper

- Stopping Malicious Code at the Desktop
- Anthony Tulio
- October 31, 2003
- - download paper

- Nimda Worm - Why is it Different?
- Keith Poore
- October 31, 2003
- - download paper

- NetBus 2.1, Is It Still a Trojan Horse or an Actual Valid Remote Control Administration Tool?
- Seth Kulakow
- October 31, 2003
- - download paper

- Poly (morphic) Want a Server... or Runaway Worm
- Michael Desrosiers
- October 31, 2003
- - download paper

- Encrypted E-mail: Close One Door, Open Another
- Veronica Cuello
- October 31, 2003
- - download paper

- Nimda - A Step Into Complexity
- Matthew Rothschild
- October 31, 2003
- - download paper

- Psst... Hey Buddy, Wanna Create a Virus?
- David Pearson
- October 31, 2003
- - download paper

- Protecting Against the Unexpected
- Keith Seymour
- October 31, 2003
- - download paper

- Raising the Stakes: How NIMDA Represents an Increased Threat to the Integrity of Enterprise Networks
- Joseph Kidd
- October 31, 2003
- - download paper

- It's Time to Rethink your Corporate Malware Strategy
- Nick Del Grosso
- October 31, 2003
- - download paper

- Plain English: Risks of Java Applets and Microsoft ActiveX Controls
- Jennifer M. Marek
- October 31, 2003
- - download paper

- Understanding the Virus Threat and Developing Effective Anti-Virus Policy
- Frank Zipfel
- October 31, 2003
- - download paper

- Implementing A Norton AntiVirus Managed Infrastructure
- Rodney Lynxwiler
- October 31, 2003
- - download paper

- About Heuristics
- Stephen M. Sladaritz
- October 31, 2003
- - download paper

- Virii Generators: Understanding the Threat
- James Tarala
- October 31, 2003
- - download paper

- Securing the Symantec LiveUpdate Administrative Utility on Windows 2000
- Cedric d' Albis
- October 31, 2003
- - download paper

- Beating the Superbug: Recent Developments in Worms and Viruses
- Michael Clarkson
- October 31, 2003
- - download paper

- Into the Darkness: Dissection and Explanation of Proven Attack Source Code
- Shane W. Clancy
- October 31, 2003
- - download paper

- Detecting and Recovering from a Virus Incident
- John Stone
- October 31, 2003
- - download paper

- Worms don't care if you're "not a bank"
- Matt Yackley
- October 31, 2003
- - download paper

- How Spyware fits into Defense in Depth
- Michael McCardle
- October 31, 2003
- - download paper

- Security Management View of Implementing Enterprise Antivirus Protection
- Mike Stowe
- October 31, 2003
- - download paper

- Slapper
- Paul Elwell
- October 31, 2003
- - download paper

- Deconstructing SubSeven, the Trojan Horse of Choice
- Jamie Crapanzano
- October 31, 2003
- - download paper

- SubSeven 2.2: New Flavor of an Old Favorite
- Aaron Greenlee
- October 31, 2003
- - download paper

- Bridging the gap between Red-alert virus situation and quality file-signature release
- Ken Millard
- October 31, 2003
- - download paper

- KLEZ.H: From Propagation to Prevention
- Michael Bakes
- October 31, 2003
- - download paper

- Cross-Site Tracing - Protecting Businesses from a Simple Attack
- Cheryl Stephens
- October 31, 2003
- - download paper

- Mass-Mailing Worms: Prevention, Detection and Response (A Case Study)
- Richard Gadsden
- October 31, 2003
- - download paper

- Internet Worms: Walking on Unstable Ground
- Jon Maurer
- October 31, 2003
- - download paper

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC