2 Days Left to Save $350 on SANS Virginia Beach 2008! >> More Info

SANS Institute

the most trusted source for computer security training, certification and research

SANS InfoSec Reading Room - Malicious Code

<<Reading Room Home

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Featuring 67 papers as of Jul 9, 2008

Malware Analysis: An Introduction: Dennis Distler; February 12, 2008; - download paper

Analysis of a Browser Exploitation Attempt: Phil Wallisch; January 4, 2008; - download paper

Exploitation Kits Revealed - Mpack: Andrew Martin; January 4, 2008; - download paper

A Thesis Of The Nature Of Adware In Practice: Arthur Stephens; April 3, 2006; - download paper

Virus Writers 360: Julie Newberry; January 18, 2005; - download paper

Worm Propagation and Countermeasures: Glenn Gebhart; June 9, 2004; - download paper

Bots &; Botnet: An Overview: Ramneek Puri; December 31, 2003; - download paper

Malicious Code - What Should We Do?: Stacy Ballou; December 14, 2003; - download paper

Virus Hoaxes - Are They Just a Nuisance?: Darren Grocott; October 31, 2003; - download paper

Cheese Worm: Pros and Cons of a Friendly Worm: Bryan Barber; October 31, 2003; - download paper

Overview of Code Red or What is this "NNNNNNNNNNNNNNNNNNNNNNN" thing?: Stephen T Kelly; October 31, 2003; - download paper

I Thought We Had Virus Protection: The Mistakes that Made Us Vulnerable to the W32 SirCam Virus: Bob Green; October 31, 2003; - download paper

Issues with Keeping AntiVirus Software Up to Date: John Graham; October 31, 2003; - download paper

Computer Virus Policy, Training, Software Protection and Incident Response for the Medium Sized Orga: Chris Gullett; October 31, 2003; - download paper

A System Administrator's Guide to Implementing Various Anti-Virus Mechanisms: What to do When a Virus is Suspected On a Computer Network: Robert B. Fried; October 31, 2003; - download paper

What is Code Red Worm?: Adrian Tham; October 31, 2003; - download paper

QAZ: Charles R. Fagg; October 31, 2003; - download paper

Living with MalWare: Gary Wiggins; October 31, 2003; - download paper

Code Red Worm - Importance of Swiftly Eliminating Vulnerability: Scotty Strunk; October 31, 2003; - download paper

A Virus and a Worm: Lessons Learned from SirCam and Code Red in a University Environment: Marc Mazuhelli; October 31, 2003; - download paper

July 2001: Indicative of the "Year of the Worm": David A. Shaffer; October 31, 2003; - download paper

Code Red: The One to Not "Dew": David Doyle; October 31, 2003; - download paper

A Practical Guide to Enterprise Antivirus and Malware Prevention: Jay Martin; October 31, 2003; - download paper

Code Red and the Internet Today: Andres Chiriboga; October 31, 2003; - download paper

Code Red: A New Threat: Tim Hughes; October 31, 2003; - download paper

The Code Red Worm: John C. Dolak; October 31, 2003; - download paper

Windows Remote Buffer Overflow Vulnerability and the Code Red Worm: Jeremy Baca; October 31, 2003; - download paper

The Mechanisms and Effects of the Code Red Worm: ReneeC. Schauer; October 31, 2003; - download paper

Code Red and Code Red II: Double Dragons: Kittipong Teeraruangchaisri; October 31, 2003; - download paper

Network and System Planning - How to Reduce Risk on a Comprimised System: Brent Maley; October 31, 2003; - download paper

The Legend of Nimda: Kevin G. Frey; October 31, 2003; - download paper

Nimda Explained, and What You Can Do to Protect Your Sytem(s): Greg Dzurinda; October 31, 2003; - download paper

Overview of Nimda: John Phillips; October 31, 2003; - download paper

Code Red Worm Invasion: Sharon Bristow; October 31, 2003; - download paper

The Code Red Message in a Bottle: Jeffrey A. Tricoli; October 31, 2003; - download paper

The Nimda Worm: An Overview: Eugene J. Aronne; October 31, 2003; - download paper

Preventing Propagation of the NIMDA Worm with a Holistic Approach: David C. Petty; October 31, 2003; - download paper

Stopping Malicious Code at the Desktop: Anthony Tulio; October 31, 2003; - download paper

Nimda Worm - Why is it Different?: Keith Poore; October 31, 2003; - download paper

NetBus 2.1, Is It Still a Trojan Horse or an Actual Valid Remote Control Administration Tool?: Seth Kulakow; October 31, 2003; - download paper

Poly (morphic) Want a Server... or Runaway Worm: Michael Desrosiers; October 31, 2003; - download paper

Encrypted E-mail: Close One Door, Open Another: Veronica Cuello; October 31, 2003; - download paper

Nimda - A Step Into Complexity: Matthew Rothschild; October 31, 2003; - download paper

Psst... Hey Buddy, Wanna Create a Virus?: David Pearson; October 31, 2003; - download paper

Protecting Against the Unexpected: Keith Seymour; October 31, 2003; - download paper

Raising the Stakes: How NIMDA Represents an Increased Threat to the Integrity of Enterprise Networks: Joseph Kidd; October 31, 2003; - download paper

It's Time to Rethink your Corporate Malware Strategy: Nick Del Grosso; October 31, 2003; - download paper

Plain English: Risks of Java Applets and Microsoft ActiveX Controls: Jennifer M. Marek; October 31, 2003; - download paper

Understanding the Virus Threat and Developing Effective Anti-Virus Policy: Frank Zipfel; October 31, 2003; - download paper

Implementing A Norton AntiVirus Managed Infrastructure: Rodney Lynxwiler; October 31, 2003; - download paper

About Heuristics: Stephen M. Sladaritz; October 31, 2003; - download paper

Virii Generators: Understanding the Threat: James Tarala; October 31, 2003; - download paper

Securing the Symantec LiveUpdate Administrative Utility on Windows 2000: Cedric d' Albis; October 31, 2003; - download paper

Beating the Superbug: Recent Developments in Worms and Viruses: Michael Clarkson; October 31, 2003; - download paper

Into the Darkness: Dissection and Explanation of Proven Attack Source Code: Shane W. Clancy; October 31, 2003; - download paper

Detecting and Recovering from a Virus Incident: John Stone; October 31, 2003; - download paper

Worms don't care if you're "not a bank": Matt Yackley; October 31, 2003; - download paper

How Spyware fits into Defense in Depth: Michael McCardle; October 31, 2003; - download paper

Security Management View of Implementing Enterprise Antivirus Protection: Mike Stowe; October 31, 2003; - download paper

Slapper: Paul Elwell; October 31, 2003; - download paper

Deconstructing SubSeven, the Trojan Horse of Choice: Jamie Crapanzano; October 31, 2003; - download paper

SubSeven 2.2: New Flavor of an Old Favorite: Aaron Greenlee; October 31, 2003; - download paper

Bridging the gap between Red-alert virus situation and quality file-signature release: Ken Millard; October 31, 2003; - download paper

KLEZ.H: From Propagation to Prevention: Michael Bakes; October 31, 2003; - download paper

Cross-Site Tracing - Protecting Businesses from a Simple Attack: Cheryl Stephens; October 31, 2003; - download paper

Mass-Mailing Worms: Prevention, Detection and Response (A Case Study): Richard Gadsden; October 31, 2003; - download paper

Internet Worms: Walking on Unstable Ground: Jon Maurer; October 31, 2003; - download paper

SANS Reading Room

Check Them Out!

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC

Network Security 2008 :: Las Vegas, NV :: Sep 28 - Oct 6, 2008

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT