Trojans, Worms, and Spyware

Trojans, Worms, and Spyware

A Computer Security Professional's Guide to Malicious Code

1st Edition - August 16, 2004

Write a review

  • Author: Michael Erbschloe
  • eBook ISBN: 9780080519685
  • Paperback ISBN: 9780750678483

Purchase options

Purchase options
DRM-free (PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Trojans, Worms, and Spyware provides practical, easy to understand, and readily usable advice to help organizations to improve their security and reduce the possible risks of malicious code attacks. Despite the global downturn, information systems security remains one of the more in-demand professions in the world today. With the widespread use of the Internet as a business tool, more emphasis is being placed on information security than ever before. To successfully deal with this increase in dependence and the ever growing threat of virus and worm attacks, Information security and information assurance (IA) professionals need a jargon-free book that addresses the practical aspects of meeting new security requirements. This book provides a comprehensive list of threats, an explanation of what they are and how they wreak havoc with systems, as well as a set of rules-to-live-by along with a system to develop procedures and implement security training. It is a daunting task to combat the new generation of computer security threats – new and advanced variants of Trojans, as well as spyware (both hardware and software) and “bombs” – and Trojans, Worms, and Spyware will be a handy must-have reference for the computer security professional to battle and prevent financial and operational harm from system attacks.

Key Features

*Provides step-by-step instructions to follow in the event of an attack
*Case studies illustrate the "do's," "don'ts," and lessons learned from infamous attacks
*Illustrates to managers and their staffs the importance of having protocols and a response plan in place


IT Computer and Information Security professionals, Security Managers, network administrators

Table of Contents

  • Preface

    Chapter One: Malicious Code Overview
    Why Malicious Code Attacks are Dangerous
    The Impact of Malicious Code Attacks on Corporate Security
    Why Malicious Code Attacks Work
    Flaws in Software
    Weaknesses in System and Network Configurations
    Social Engineering
    Human Error and Foolishness
    Hackers, Thieves, and Spies
    Action Steps to Combat Malicious Code Attacks

    Chapter Two: Types of Malicious Code
    Email Viruses
    Back Doors
    Blended Threats
    Time Bombs
    Spy Ware
    Ad Ware
    Steal Ware
    Action Steps to Combat Malicious Code Attacks

    Chapter Three: Review of Malicious Code Incidents
    Historic Tidbits
    The Morris Worm
    Love Bug
    Code Red(s)
    The Summer of 2003 Barrage of Blaster, Sobig and More
    Early 2004 with MyDoom, Netsky and More
    Action Steps to Combat Malicious Code Attacks

    Chapter Four: Basic Steps to Combat Malicious Code
    Understanding The Risks
    Using Security Policies to Set Standards
    System and Patch Updates
    Establishing a Computer Incident Response Team
    Training for IT Professionals
    Training End Users
    Applying Social Engineering Methods in an Organization
    Working with Law Enforcement Agencies
    Action Steps to Combat Malicious Code Attacks

    Chapter Five: Organizing for Security, Prevention, and Response
    Organization of the IT Security Function
    Where Malicious Code Prevention fits Into the IT Security Function
    Staffing for Malicious Code Prevention in IT
    Budgeting for Malicious Code Prevention
    Evaluating Products for Malicious Code Prevention
    Establishing and Utilizing an Alert Systems
    Establishing and Utilizing a Reporting System
    Corporate Security and Malicious Code Incident Investigations
    Action Steps to Combat Malicious Code Attacks

    Chapter Six: Controlling Computer Behavior of Employees
    Policies on Appropriate Use of Corporate Systems
    Monitoring Employee Behavior
    Site Blockers and Internet Filters
    Cookie and Spyware Blockers
    Pop Up Blockers
    Controlling Downloads
    SPAM Control
    Action Steps to Combat Malicious Code Attacks

    Chapter Seven: Responding to a Malicious Code Incident
    The First Report of a Malicious Code Attack
    The Confirmation Process
    Mobilizing the Response Team
    Notifying Management
    Using an Alert system and Informing End-Users
    Clean up and Restoration
    Controlling and Capturing Malicious Code
    Identifying the Source of Malicious Code
    The Preservation of Evidence
    When to Call Law Enforcement
    Enterprise Wide Eradication
    Returning to Normal Operations
    Analyzing Lessons Learned
    Action Steps to Combat Malicious Code Attacks

    Chapter Eight: Model Training Program for End-Users
    Explaining why The Training is Important
    Explaining The Appropriate Use Policy for Computers and Networks
    Explaining How the Help Desk and PC Support of the Organization Works
    Covering the Basic Do’s and Don’ts of Computer Usage to Prevent Attacks
    Providing Basic Information about Malicious Code
    Explaining How it Identify Potentially Malicious Code
    Explaining What Employees Should to do if They Suspect Code is Malicious
    Explaining What Employees Should Expect From the IT Department During Incident Response.
    Performing the Administrative Aspects of a Training Program
    Action Steps to Combat Malicious Code Attacks

    Chapter Nine: The Future of Malicious Code
    Military Style Information Warfare
    Open Source Information Warfare
    Militancy and Social Action
    Homeland Security Efforts
    Action Steps to Combat Malicious Code Attacks


    Appendix A: Computer Security Resources

Product details

  • No. of pages: 232
  • Language: English
  • Copyright: © Butterworth-Heinemann 2004
  • Published: August 16, 2004
  • Imprint: Butterworth-Heinemann
  • eBook ISBN: 9780080519685
  • Paperback ISBN: 9780750678483

About the Author

Michael Erbschloe

Michael Erbschloe an information technology consultant, educator, and author. Michael has also taught and developed technology related curriculum for several universities including the University of Denver, and speaks at conferences and industry events around the world. He has authored hundreds of articles on technology and several books including Information Warfare: How to Survive Cyber Attacks.

Affiliations and Expertise

Author, educator and security advisor, Washington, DC

Ratings and Reviews

Write a review

There are currently no reviews for "Trojans, Worms, and Spyware"