BKCRMWRE.RVW 20080511 "Crimeware: Understanding New Attacks and Defenses", Markus Jakobsson/Zulfikar Ramzan, 2008, 978-0-321-50195-0, 54.99/C$59.99 %E Markus Jakobsson %E Zulfikar Ramzan %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2008 %G 978-0-321-50195-0 0-321-50195-0 %I Addison-Wesley Publishing Co. %O 54.99/C$59.99 416-447-5101 fax: 800-822-6339 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0321501950/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321501950/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321501950/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 582 p. %T "Crimeware: Understanding New Attacks and Defenses" The preface notes the change in incentive, for the production of malware, from intellectual curiosity to the profit motive. It also states that the book is intended for anyone with an interest in crimeware or computer security, including those with a background in education or public policy rather than technology. Although chapter one promises, at various points, a structured and taxonomic overview of crimeware, it is little more than a grab bag of points possibly related to malware and information security, and, as such, is more confusing than educational. Gary McGraw's seven-point taxonomy of coding errors is given in chapter two. It's an excellent list, but has limited relevance to crimeware. Chapter three consists of two very distinct items: an interesting report on the spread of malware through peer-to-peer (P2P) file-sharing networks, and an account of one specific chain-mail hoax. Malware implementations in small devices, such as USB (Universal Serial Bus) and RFID (Radio Frequency IDentification), are explored in chapter four, which material does, at least, discuss how these technologies could be used for criminal activity. Although entitled "Crimeware in Firmware," most of chapter five is concerned with wireless LAN security, and is highly speculative. A few pieces of crimeware that run in Web browsers are described in chapter six. Chapter seven contains a reasonable, though superficial, overview of botnets. A number of calls used by specific rootkit packages are described in chapter eight. Fraud in online gaming is examined in chapter nine, although, oddly, the issue of theft of game goods for "real world" sale is not mentioned. Chapter ten covers politics and malicious online activity, but is primarily concerned with Web defacements and online defamation. Fraud, generally related to Web advertising, is in chapter eleven. "Crimeware Business Models," in chapter twelve, are confined to only a few types, although the section on adware is particularly good. Advice on how not to do education is provided in chapter thirteen. Chapter fourteen outlines a few US laws possibly relevant to crimeware. The activities of the Trusted Computing Group (TCG), particularly with regard to Digital Rights Management, are promoted in chapter fifteen. A simplistic look at a few defensive technologies is provided in chapter sixteen. Chapter seventeen provides a vague closing to the book. The level of the writing and the technology varies from chapter to chapter, since the book has a wide variety of authors. Unfortunately, very little of the content is directly relevant to crimeware as such: most of the material is merely general information about malware. Some of the text is interesting, but much of it is vague, and little is new. The work is a fairly reasonable introduction to malware threats and protection, but does not add much to the existing literature. copyright Robert M. Slade, 2008 BKCRMWRE.RVW 20080511