Kötücül ve casus yazılımlar: Kapsamlı bir araştırma

Bilgisayar teknolojileri gelişip yaygınlaştıkça, günlük iş ve işlemler elektronik ortamlara taşınmakta ve kolaylaşmaktadır. Bunun sonucu olarak bilgi ve bilgisayar güvenliğinin önemi ve karşılaşılan tehditler, gerek sayı gerekse çeşitlilik açısından artmıştır. Kötücül (malware) ve casus (spyware) yazılımlar ise bunların en başında gelmektedir. Bu yazılımlar ile ilgili olarak literatürdeki mevcut kaynaklar araştırılıp incelendiğinde, kapsamlı ve güncel bir çalışma olmadığı, sunulan çalışmaların ise anti-virüs web sitelerinde ve bilgisayar magazin dergilerinde yer aldığı ve nasıl korunması gerektiğiyle ilgili kısa bilgilere yer verildiği tespit edilmiştir. Bu tespitlerden yola çıkarak bu kapsamlı araştırma çalışmasında, en önemli tehditlerden olan kötücül ve casus yazılımlar üzerine kapsamlı bir inceleme gerçekleştirilmiştir. Elde edilen bulgular doğrultusunda, bu yazılımlar sınıflandırılmış; sahip oldukları temel özellikler ve taşıdıkları riskler özetlenmiştir. Bu çalışmanın, literatürde gerçekleştirilen kapsamlı bir çalışma olması sebebiyle, kötü niyetli olarak geliştirilen yazılım türlerinin daha iyi bilinmesi, tanınması ve gerekli önlemlerin alınmasına büyük katkılar sağlayacağı, karşılaşılabilecek zararların azaltılabileceği değerlendirilmektedir.

Malware and spyware: A comprehensive review

As information technologies being developed and becoming widespread, daily routines and works have switched to electronic media and made life easier. As a result, the importance of information and computer security and threats encountered has increased in diversity as well as in quantity. New form of threats and attacks to security arise almost every day. Malware and spyware are very dangerous threats among them. Reviewing available literature on malicious software, it has not been found a well organized, up-to-date and comprehensive survey. When the literature reviewed, there have been a number of references covering from anti-virus web sites and computer magazines. In the light of reviewed literature, in this work, a comprehensive review on malware and spyware is classified and presented. This comprehensive work contributes to the computer users to know the threats of malicious software in details. The features of these wares and risks have been updated.

PDF

___

1. Canbek, G., Klavye Dinleme ve Önleme Sistemleri Analiz, Tasarım ve Geliştirme, Yüksek Lisans Tezi, Gazi Üniversitesi, Fen Bilimleri Enstitüsü, 13, 31-32, 43, 50, 58, 154, Eylül 2005.
2. Heiser, J. G., Understanding Today’s Malware,Information Security Technical Report. Vol. 9, No.2, 47-64, April-June 2004.
3. Calder, A., Watkins, S., It Governance: A Manager's Guide to Data Security & BS 7799/ISO 17799, Kogan Page, 14, 163, September 1, 2003.
4. Thompson, R., The Four Ages of Malware,Infosecurity Today, 47-48, March/April, 2005.
5. Grimes, R. A., Malicious Mobile Code, O'Reilly, 3,201-203, 226-228, 238-244, 467-468, August 1, 2001.
6. İnternet: How Bad Is The Malware Problem?, http://searchsmb.techtarget.com/sDefinition/0.sid4 4_gci991471.00.html, Eylül 2005.
7. İnternet: 2005 CSI/FBI Computer Crime and Security Survey, http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml , Computer Security Institute, Kasım 2005.
8. İnternet: Spyware and Increasing Security Risks-Proactive Protection for fhe Enterprise Client,http://enterprisesecurity.symantec.com/content/we bcastinfo.cfm?webcastid=146, Kasım 2005.
9. İnternet: Symantec, Symantec Internet Security Threat Report, 2005, http://ses.symantec.com/WP000ITR8, Kasım 2005.
10. Peikari, C., Fogie, S., Maximum Wireless Security,Sams Publishing, 153, 164, December 18, 2002.
11. Skoudis, E., Malware: Fighting Malicious Code,Prentice Hall PTR, 13, 96, 123-125, 149-151, 179,November 7, 2003.
12. İnternet: Symantec Security Response - W95.CIH, http://www.symantec.com/avcenter/venc/data/cih.html , Ekim 2005.
13. Mohay, G., Collie, B., Vel, O., McKemmish, R.,Anderson, A., Computer and Intrusion Forensics,Artech House, 236, April 1, 2003.
14. Gustin, J., Cyber Terrorism, Marcel Dekker, 26-27, October 15, 2003.
15. Russell, D., Gangemi, Sr. G.T., Computer Security Basics, O'Reilly, 82, July 1, 1991.
16. Thompson, D. P., The Trojan War: Literature and Legends from the Bronze Age to the Present, McFarland & Company, 33, January 6, 2004.
17. İnternet: Trojan Programs, VirusList, http://www.viruslist.com/en/virusesdescribed?cha pter=152540521 , Eylül 2005.
18. Hansen, J. B., Young, S., The Hacker's Handbook,CRC Press, 72-74, 126, 530, 714, November 24,2003.
19. Conway, R., Cordingley, J., Code Hacking: A Developer's Guide to Network Security, Charles River Media, 55-56, 92, May 1, 2004.
20. Cole, E., Hackers Beware: The Ultimate Guide to Network Security, Sams Publishing, 104-108,191-193, 544, 550, August 13, 2001.
21. Hansche, S., Berti, J., Hare, C., Official (Isc) 2 Guide to the Cissp Exam, CRC Press, 590,December 15, 2003.
22. Connally, K. I., Law of Internet Security and Privacy 2004, Aspen Publishers, Inc., 112, 2004.
23. İnternet:Email Spam Statistics and Information, McAfee, http://us.mcafee.com/fightspam/default.asp?id=stats , Eylül 2005.
24. May 2005 Symantec™ Spam Statistics, http://www.symantec.com/region/reg_ap/promo/b rightmail/docs/May2005SpamStats.pdf, Eylül 2005.
25. Mohay, G., Collie, B., Vel, O., McKemmish, R.,Anderson, A., Computer and Intrusion Forensics,Artech House, 226, April 1, 2003.
26. Caloyannides, M. A., Privacy Protection and Computer Forensics, Artech House, 118-120, October 1, 2004.
27. Gralla, P., Schaeffer, J. P., The Complete Idiot's Guide to Internet Privacy and Security, Alpha Books, 37, January 4, 2002.
28. Bishop, M. A., Computer Security: Art and Science, Addison-Wesley Professional, 724-725,December 2, 2002.
29. Tipton, H. F., Krause, M., Information Security Management Handbook, CRC Press, 132,1254-1255, December 30, 2003.
30. Russell, R., Hack Proofing Your Network, Syngress Publishing, 78, January 1, 2001.
31. İnternet: Gostev A., Malware Evolution:January - March 2005, Kaspersky Lab. http://www.viruslist.com/en/analysis?pubid=1624 54316 , Nisan 2005.
32. Reynolds, J., Complete E-Commerce Book: Design, Build and Maintain a Successful Web-Based Business, CMP Books, 365, April 1, 2004.
33. Stephenson, P., Investigating Computer-Related Crime, CRC Press, 57-58, September 28, 1999.
34. Mutton, P., IRC Hacks, O'Reilly, 39-41, July 27, 2004.
35. Hausman, K. K., Barrett, D., Weiss, M., Exam Cram 2 Security +: Exam Cram SYO-101, Que Publishing, 59, April 10, 2003.
36. Mandia, K., Prosise, C., Incident Response Second Edition: Computer Forensics, McGraw-Hill Professional, 389-390, July 17, 2003.
37. İnternet: Binder, SearchWin2000, TechTarget. http://searchwin2000.techtarget.com/sDefinition/ 0,,sid1_gci948478,00.html , Mayıs 2005.
38. Poole, O., Network Security: A Practical Guide,Elsevier, 69-71, December 9, 2002.
39. Pipkin, D. L., Halting the Hacker - A Practical Guide to Computer Security, Prentice Hall PTR,52, August 26, 2002.
40. Bace, R. G., Intrusion Detection, Sams Publishing, 151, December 22, 1999.
41. İnternet : Zone Labs Virus Information Center, Virus Glossary, http://vic.zonelabs.com/tmpl/body/CA/virusGloss ary.jsp , Ekim 2005.
42. Campbell, P., Calvert, B., Boswell, S., Security+ in Depth, Thomson Course Technology, 83,February 1, 2003.
43. Stewart, J., This business of malware,Information Security Technical Report. Vol. 9,No. 2, 35-41, April 2004.
44. Mena, J., Homeland Security Techniques and Technologies, Charles River Media, 47-48, May 10, 2004.
45. Vacca, J. R., Computer Forensics - Computer Crime Scene Investigation, Charles River Media, 489-490, May 1, 2005.
46. Burgess, R. C., Small, M. P., Computer Security in the Workplace, SEO Press, 21, 2005.
47. Shimonski, R. J., Johnson, N. L., Crump, R. J.,Security+, Syngress Publishing, 142-143,December 1, 2002.
48. Bennett, J., Digital Umbrella: Technology's Attack on Personal Privacy in America, Brown Walker Press (FL), 47-50, September 1, 2004.
49. Gralla, P., Windows XP Hacks, O'Reilly, 152-157, April 1, 2005.
50. İnternet: Sanal Dolandırıcılıkta Son Nokta Phishing, İstanbul Emniyet Müdürlüğü.http://www.iem.gov.tr/iem/?idno=147,Mayıs 2005.
51. İnternet: Consumer Online: Home >Scams> Major Scams, http://www.consumer.org.nz/topic.asp?docid=25 3&category=&subcategory=&topic=Scams&title=Major%20Scams&contenttype=summary , Eylül 2005.
52. Brown, S., The Complete Idiot's Guide to Private Investigating, Alpha Books, 144-146,October 1, 2002.
53. Jones, S., Encyclopedia of New Media: An Essential Reference to Communication and Technology, Sage Publications Inc, 212-216,December 10, 2002.
54. Orebaugh, A. D., Ethereal Packet Sniffing,Syngress Publishing, 6-10, 27-28, February 17, 2004.
55. Garfinkel, S., Web Security, Privacy &Commerce, 2nd Edition, O'Reilly, 216-221,November 1, 2001.
56. İnternet: Macromedia Flash content reaches 98.3% of Internet viewers, Flash Player Penetration Survey, March 2005, NPD Research. http://www.macromedia.com/software/player_census/flashplayer/ , Haziran 2005.
57. Petersen, J. K., Understanding Surveillance Technologies, CRC Press, 2-9, September 21,2000.
58. İnternet: Self Replicating Wabbits – Sounds Strange. Brings Chaos, SYL Articles,http://articles.syl.com/selfreplicatingwabbitssoun dsstrangebringschaos.html, Eylül 2005.
59. Chuvakin, A., Peikari, C., Security Warrior,O'Reilly, 324, January 12, 2004.
60. Furnell, S., Ward, J., Malware comes of age:The arrival of the true computer parasite,Network Security, 11-15, October 2004.
61. Williamson, D., Deconstructing malware: what it is and how to stop it, Information Security Technical Report. Vol. 9, No. 2, 27-34, 2004.
62. Levenhagen, R., Trends, codes and virus attacks - 2003 year in review, Network Security, Vol.2004, No. 1, 13-15, January 2004.
63. Hacker 2004 Raporu, Chip Dergisi, Nisan 2004,44-61, 2004.