Sunday, April 13, 2008

Crimeware: It's out!

Over the past few years, one of the biggest shifts impacting security online has been that the attacks are no longer primarily conducted by teenagers writing viruses and worms to make a name for themselves, but instead are executed by financially motivated cybercriminals.

A book entitled Crimeware: Understanding New Attacks and Defenses by Markus Jakobsson and Zulfikar Ramzan (to be officially released this week) is the most comprehensive compilation to-date that I am aware of cataloguing the many different ways that cybercriminals manipulate web sites, software, and people to make money online. While the book is to be officially released on April 19, I was able to pick up a copy at the on-site bookstore at the RSA conference last week!

A chapter co-authored by yours truly and a distinguished team of Googlers on "Online Advertising Fraud" appears in the book, along with chapters on topics such as "Crimeware in the Browser" (Dan Boneh, et al.), "A Taxonomy of Coding Errors" (Gary McGraw), and "Technical Defense Techniques" (Peter Ferrie, et. al)

The chapters in the book provide deep dives into topics that not only describe the vulnerabilities that cyberattacks prey on, but also provide a guide to high-level defenses. As such, the book is a great read for CIOs and CSOs in addition to security researchers-- I highly encourage checking it out!