KÖTÜCÜL VE CASUS YAZILIMLAR: KAPSAMLI BİR ARAŞTIRMA

Gürol CANBEK, Şeref SAĞIROĞLU
579 2.356

Öz


Bilgisayar teknolojileri gelişip yaygınlaştıkça, günlük iş ve işlemler elektronik ortamlara taşınmakta vekolaylaşmaktadır. Bunun sonucu olarak bilgi ve bilgisayar güvenliğinin önemi ve karşılaşılan tehditler, gereksayı gerekse çeşitlilik açısından artmıştır. Kötücül (malware) ve casus (spyware) yazılımlar ise bunların enbaşında gelmektedir. Bu yazılımlar ile ilgili olarak literatürdeki mevcut kaynaklar araştırılıp incelendiğinde,kapsamlı ve güncel bir çalışma olmadığı, sunulan çalışmaların ise anti-virüs web sitelerinde ve bilgisayarmagazin dergilerinde yer aldığı ve nasıl korunması gerektiğiyle ilgili kısa bilgilere yer verildiği tespit edilmiştir.Bu tespitlerden yola çıkarak bu kapsamlı araştırma çalışmasında, en önemli tehditlerden olan kötücül ve casusyazılımlar üzerine kapsamlı bir inceleme gerçekleştirilmiştir. Elde edilen bulgular doğrultusunda, bu yazılımlarsınıflandırılmış; sahip oldukları temel özellikler ve taşıdıkları riskler özetlenmiştir. Bu çalışmanın, literatürdegerçekleştirilen kapsamlı bir çalışma olması sebebiyle, kötü niyetli olarak geliştirilen yazılım türlerinin daha iyibilinmesi, tanınması ve gerekli önlemlerin alınmasına büyük katkılar sağlayacağı, karşılaşılabilecek zararlarınazaltılabileceği değerlendirilmektedir.

Anahtar kelimeler


Kötücül yazılım, casus yazılım, bilgi ve bilgisayar güvenliği, virüs, solucan, arka kapı, Truva atı, kök kullanıcı takımı, klavye dinleme sistemi.

Tam metin:

PDF


Referanslar


Canbek, G., Klavye Dinleme ve Önleme Sistemleri

Analiz, Tasarım ve Geliştirme, Yüksek Lisans

Tezi, Gazi Üniversitesi, Fen Bilimleri Enstitüsü,

, 31-32, 43, 50, 58, 154, Eylül 2005.

Heiser, J. G., Understanding Today’s Malware,

Information Security Technical Report. Vol. 9, No.

, 47-64, April-June 2004.

Calder, A., Watkins, S., It Governance: A Manager's

Guide to Data Security & BS 7799/ISO

, Kogan Page, 14, 163, September 1, 2003.

Thompson, R., The Four Ages of Malware,

Infosecurity Today, 47-48, March/April, 2005.

Grimes, R. A., Malicious Mobile Code, O'Reilly, 3,

-203, 226-228, 238-244, 467-468, August 1, 2001.

İnternet: How Bad Is The Malware Problem?,

http://searchsmb.techtarget.com/sDefinition/0.sid4

_gci991471.00.html, Eylül 2005.

İnternet: 2005 CSI/FBI Computer Crime and

Security Survey,

http://www.gocsi.com/forms/fbi/csi_fbi_survey.jh

tml , Computer Security Institute, Kasım 2005.

İnternet: Spyware and Increasing Security Risks-

Proactive Protection for fhe Enterprise Client,

http://enterprisesecurity.symantec.com/content/we

bcastinfo.cfm?webcastid=146, Kasım 2005.

İnternet: Symantec, Symantec Internet Security

Threat Report, 2005,

http://ses.symantec.com/WP000ITR8, Kasım 2005.

Peikari, C., Fogie, S., Maximum Wireless Security,

Sams Publishing, 153, 164, December 18, 2002.

Skoudis, E., Malware: Fighting Malicious Code,

Prentice Hall PTR, 13, 96, 123-125, 149-151, 179,

November 7, 2003.

İnternet: Symantec Security Response - W95.CIH,

http://www.symantec.com/avcenter/venc/data/cih.

html , Ekim 2005.

Mohay, G., Collie, B., Vel, O., McKemmish, R.,

Anderson, A., Computer and Intrusion Forensics,

Artech House, 236, April 1, 2003.

Gustin, J., Cyber Terrorism, Marcel Dekker, 26-

, October 15, 2003.

Russell, D., Gangemi, Sr. G.T., Computer

Security Basics, O'Reilly, 82, July 1, 1991.

Thompson, D. P., The Trojan War: Literature

and Legends from the Bronze Age to the

Present, McFarland & Company, 33, January 6, 2004.

İnternet: Trojan Programs, VirusList,

http://www.viruslist.com/en/virusesdescribed?cha

pter=152540521 , Eylül 2005.

Hansen, J. B., Young, S., The Hacker's Handbook,

CRC Press, 72-74, 126, 530, 714, November 24,

Conway, R., Cordingley, J., Code Hacking: A

Developer's Guide to Network Security, Charles

River Media, 55-56, 92, May 1, 2004.

Cole, E., Hackers Beware: The Ultimate Guide

to Network Security, Sams Publishing, 104-108,

-193, 544, 550, August 13, 2001.

Hansche, S., Berti, J., Hare, C., Official (Isc) 2

Guide to the Cissp Exam, CRC Press, 590,

December 15, 2003.

Connally, K. I., Law of Internet Security and

Privacy 2004, Aspen Publishers, Inc., 112, 2004.

İnternet: Email Spam Statistics and

Information, McAfee,

http://us.mcafee.com/fightspam/default.asp?id=sta

ts , Eylül 2005.

May 2005 Symantec™ Spam Statistics,

http://www.symantec.com/region/reg_ap/promo/b

rightmail/docs/May2005SpamStats.pdf, Eylül 2005.

Mohay, G., Collie, B., Vel, O., McKemmish, R.,

Anderson, A., Computer and Intrusion Forensics,

Artech House, 226, April 1, 2003.

Caloyannides, M. A., Privacy Protection and

Computer Forensics, Artech House, 118-120,

October 1, 2004.

Gralla, P., Schaeffer, J. P., The Complete Idiot's

Guide to Internet Privacy and Security, Alpha

Books, 37, January 4, 2002.

Bishop, M. A., Computer Security: Art and

Science, Addison-Wesley Professional, 724-725,

December 2, 2002.

Tipton, H. F., Krause, M., Information Security

Management Handbook, CRC Press, 132,

-1255, December 30, 2003.

Russell, R., Hack Proofing Your Network,

Syngress Publishing, 78, January 1, 2001.

İnternet: Gostev A., Malware Evolution:

January - March 2005, Kaspersky Lab.

http://www.viruslist.com/en/analysis?pubid=1624

, Nisan 2005.

Reynolds, J., Complete E-Commerce Book:

Design, Build and Maintain a Successful Web-

Based Business, CMP Books, 365, April 1, 2004.

Stephenson, P., Investigating Computer-Related

Crime, CRC Press, 57-58, September 28, 1999.

Mutton, P., IRC Hacks, O'Reilly, 39-41, July 27, 2004.

Hausman, K. K., Barrett, D., Weiss, M., Exam

Cram 2 Security +: Exam Cram SYO-101, Que

Publishing, 59, April 10, 2003.

Mandia, K., Prosise, C., Incident Response

Second Edition: Computer Forensics, McGraw-

Hill Professional, 389-390, July 17, 2003.

İnternet: Binder, SearchWin2000, TechTarget.

http://searchwin2000.techtarget.com/sDefinition/

,,sid1_gci948478,00.html , Mayıs 2005.

Poole, O., Network Security: A Practical Guide,

Elsevier, 69-71, December 9, 2002.

Pipkin, D. L., Halting the Hacker - A Practical

Guide to Computer Security, Prentice Hall PTR,

, August 26, 2002.

Bace, R. G., Intrusion Detection, Sams

Publishing, 151, December 22, 1999.

İnternet : Zone Labs Virus Information Center,

Virus Glossary,

http://vic.zonelabs.com/tmpl/body/CA/virusGloss

ary.jsp , Ekim 2005.

Campbell, P., Calvert, B., Boswell, S., Security+

in Depth, Thomson Course Technology, 83,

February 1, 2003.

Stewart, J., This business of malware,

Information Security Technical Report. Vol. 9,

No. 2, 35-41, April 2004.

Mena, J., Homeland Security Techniques and

Technologies, Charles River Media, 47-48, May

, 2004.

Vacca, J. R., Computer Forensics - Computer

Crime Scene Investigation, Charles River

Media, 489-490, May 1, 2005.

Burgess, R. C., Small, M. P., Computer

Security in the Workplace, SEO Press, 21, 2005.

Shimonski, R. J., Johnson, N. L., Crump, R. J.,

Security+, Syngress Publishing, 142-143,

December 1, 2002.

Bennett, J., Digital Umbrella: Technology's

Attack on Personal Privacy in America, Brown

Walker Press (FL), 47-50, September 1, 2004.

Gralla, P., Windows XP Hacks, O'Reilly, 152-

, April 1, 2005.

İnternet: Sanal Dolandırıcılıkta Son Nokta

Phishing, İstanbul Emniyet Müdürlüğü.

http://www.iem.gov.tr/iem/?idno=147, Mayıs

İnternet: Consumer Online: Home > Scams >

Major Scams,

http://www.consumer.org.nz/topic.asp?docid=25

&category=&subcategory=&topic=Scams&title

=Major%20Scams&contenttype=summary ,

Eylül 2005.

Brown, S., The Complete Idiot's Guide to

Private Investigating, Alpha Books, 144-146,

October 1, 2002.

Jones, S., Encyclopedia of New Media: An

Essential Reference to Communication and

Technology, Sage Publications Inc, 212-216,

December 10, 2002.

Orebaugh, A. D., Ethereal Packet Sniffing,

Syngress Publishing, 6-10, 27-28, February 17, 2004.

Garfinkel, S., Web Security, Privacy &

Commerce, 2nd Edition, O'Reilly, 216-221,

November 1, 2001.

İnternet: Macromedia Flash content reaches

3% of Internet viewers, Flash Player

Penetration Survey, March 2005, NPD Research.

http://www.macromedia.com/software/player_ce

nsus/flashplayer/ , Haziran 2005.

Petersen, J. K., Understanding Surveillance

Technologies, CRC Press, 2-9, September 21,

İnternet: Self Replicating Wabbits – Sounds

Strange. Brings Chaos, SYL Articles,

http://articles.syl.com/selfreplicatingwabbitssoun

dsstrangebringschaos.html, Eylül 2005.

Chuvakin, A., Peikari, C., Security Warrior,

O'Reilly, 324, January 12, 2004.

Furnell, S., Ward, J., Malware comes of age:

The arrival of the true computer parasite,

Network Security, 11-15, October 2004.

Williamson, D., Deconstructing malware: what

it is and how to stop it, Information Security

Technical Report. Vol. 9, No. 2, 27-34, 2004.

Levenhagen, R., Trends, codes and virus attacks

- 2003 year in review, Network Security, Vol.

, No. 1, 13-15, January 2004.

Hacker 2004 Raporu, Chip Dergisi, Nisan 2004,

-61, 2004.




Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.