{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,6,18]],"date-time":"2024-06-18T13:19:38Z","timestamp":1718716778381},"reference-count":31,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2010,2,24]],"date-time":"2010-02-24T00:00:00Z","timestamp":1266969600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["DuD"],"published-print":{"date-parts":[[2010,3]]},"DOI":"10.1007\/s11623-010-0024-4","type":"journal-article","created":{"date-parts":[[2010,2,23]],"date-time":"2010-02-23T07:19:05Z","timestamp":1266909545000},"page":"149-155","source":"Crossref","is-referenced-by-count":9,"title":["Static detection of application backdoors"],"prefix":"10.1007","volume":"34","author":[{"given":"Chris","family":"Wysopal","sequence":"first","affiliation":[]},{"given":"Chris","family":"Eng","sequence":"additional","affiliation":[]},{"given":"Tyler","family":"Shields","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2010,2,24]]},"reference":[{"issue":"8","key":"24_CR1","doi-asserted-by":"publisher","first-page":"761","DOI":"10.1145\/358198.358210","volume":"27","author":"Ken Thompson","year":"1984","unstructured":"Thompson, Ken, \u201cReflections on Trusting Trust\u201d, Communication of the ACM Vol. 27, No. 8, \n http:\/\/www.acm.org\/classics\/sep95\n \n , Sep. 1995.","journal-title":"Communications of the ACM"},{"key":"24_CR2","unstructured":"Andrews, Jeremy, \u201cLinux: Kernel \u201aBack Door \u2018Attempt\u201d, KernelTrap, \n http:\/\/kerneltrap.org\/node\/1584\n \n , Nov. 2003."},{"key":"24_CR3","unstructured":"Poulsen, Kevin, \u201cBorland Interbase backdoor exposed\u201d, The Register, \n http:\/\/www.theregister.co.uk\/2001\/01\/12\/borland_interbase_backdoor_exposed\n \n , Jan. 2001."},{"key":"24_CR4","unstructured":"Reifer Consultants presentation at Oct 2007 DHS SwA Forum"},{"key":"24_CR5","unstructured":"Oblivion, Brian, \u201cNetStructure 7110 console backdoor\u201d, Bugtraq mailing list, \n http:\/\/seclists.org\/bugtraq\/2000\/May\/0114.html\n \n , May 2000."},{"key":"24_CR6","unstructured":"Cerberus Security Team, \u201cCart32 secret password backdoor\u201d, Neohapsis Archives, \n http:\/\/archives.neohapsis.com\/archives\/win2ksecadvice\/2000-q2\/0048.html\n \n , Apr. 2000."},{"key":"24_CR7","unstructured":"Tarbatt, Dave, \u201cAPC 9606 SmartSlot Web\/SNMP Management Card Backdoor\u201d, SecuriTeam Security News, \n http:\/\/www.securiteam.com\/securitynews\/5MP0E2AC0M.html\n \n , Feb. 2004."},{"key":"24_CR8","unstructured":"Lyda, Robert et al, \u201cUsing Entropy Analysis to Find Encrypted and Packed Malware\u201d, IEEE Security and Privacy, \n http:\/\/csdl2.computer.org\/persagen\/DLAbsToc.jsp?resourcePath=\/dl\/mags\/sp\/&toc=comp\/mags\/sp\/2007\/02\/j2toc.xml&DOI=10.1109\/MSP.2007.48\n \n , Apr. 2007."},{"key":"24_CR9","unstructured":"Carrera, Ero, \u201cScanning data for entropy anomalies\u201d, nzight blog, \n http:\/\/blog.dkbza.org\/2007\/05\/scanning-data-for-entropyanomalies.html\n \n , May 2007."},{"key":"24_CR10","unstructured":"Boren, Ryan, \u201cWordPress source code compromised to enable remote code execution\u201d, LWN.net, \n http:\/\/lwn.net\/Articles\/224999\n \n , Mar. 2007."},{"key":"24_CR11","unstructured":"US-CERT, \u201cCERT Horse in IRC Client for UNIX\u201d, US-CERT Vulnerability Database, \n http:\/\/www.cert.org\/advisories\/CA-1994-14.html\n \n , Oct. 1994."},{"key":"24_CR12","unstructured":"Heise Security News, \u201cBackdoor in Artmedic CMS\u201d, \n http:\/\/www.heise-security.co.uk\/news\/89835\n \n , May 2007."},{"key":"24_CR13","unstructured":"Zielinski, Mark, \u201cID games Backdoor in quake\u201d, insecure.org, \n http:\/\/insecure.org\/sploits\/quake.backdoor.html\n \n , May 1998."},{"key":"24_CR14","unstructured":"Various, \u201cTCP Wrapper Backdoor Vulnerability\u201d, Security Focus, \n http:\/\/www.securityfocus.com\/bid\/118\/discuss\n \n , Jan. 1999."},{"key":"24_CR15","unstructured":"Various, \u201cLatest libpcap & tcpdump sources from tcpdump.org contain a Trojan\u201d, Houston Linux Users Group, \n http:\/\/www.hlug.org\/trojan\n \n , Nov. 2002."},{"key":"24_CR16","unstructured":"Ercoli, Luca, \u201cEtomite Content Management System security advisory\u201d, \n http:\/\/www.lucaercoli.it\/advs\/etomite.txt\n \n , Jan. 2006."},{"key":"24_CR17","unstructured":"US-CERT, \u201cCERT Horse OpenSSH Distribution\u201d, US-CERT Vulnerability Database, \n http:\/\/www.cert.org\/advisories\/CA-2002-24.html\n \n , Aug. 2002."},{"key":"24_CR18","unstructured":"Song, Dug, \u201cTrojan\/backdoor in fragroute 1.2 source distribution\u201d, Virus.Org Mailing List Archive, \n http:\/\/lists.virus.org\/bugtraq-0205\/msg00276.html\n \n , May 2002."},{"key":"24_CR19","unstructured":"Various, \u201cX.Org X Window Server Local Privilege Escalation Vulnerability\u201d, Security Focus, \n http:\/\/www.securityfocus.com\/archive\/1\/archive\/1\/428183\/100\/0\/threaded\n \n , Mar. 2006."},{"key":"24_CR20","unstructured":"Marsh, Kyle, \u201cWin32 Hooks\u201d, Microsoft Developer Network, \n http:\/\/msdn2.microsoft.com\/en-us\/library\/ms997537.aspx\n \n , Feb. 1994."},{"key":"24_CR21","unstructured":"Ivanov, Ivo, \u201cAPI Hooking Revealed\u201d, The Code Project, \n http:\/\/www.codeproject.com\/system\/hooksys.asp\n \n , Dec. 2002."},{"key":"24_CR22","unstructured":"SysSpider, \u201cThe Win32 API For Hackers\u201d, \n http:\/\/sysspider.vectorstar.net\/papers\/api4hackers.txt\n \n , unknown date."},{"key":"24_CR23","unstructured":"Butler, James, \u201cVICE \u2014 Catch the Hookers\u201d, BlackHat USA 2004, \n http:\/\/www.blackhat.com\/presentations\/bh-usa-04\/bh-us-04-butler\/bh-us-04-butler.pdf\n \n , Aug. 2004."},{"key":"24_CR24","unstructured":"Kruegel, Christopher et al, \u201cDetecting Kernel-Level RootkitsThrough Binary Analysis\u201d, 20th Annual Computer Security Applications Conference, \n http:\/\/www.cs.ucsb.edu\/~wkr\/publications\/acsac04lkrm.pdf\n \n , May 2004."},{"key":"24_CR25","unstructured":"Bioforge, \u201cHacking the Linux Kernel Network Stack\u201d, Phrack Magazine Issue 61, \n http:\/\/www.phrack.org\/issues.html?issue=61&id=13\n \n , Aug. 2003."},{"key":"24_CR26","unstructured":"Rutkowska, Joanna, \u201cLinux Kernel Backdoors And Their Detection\u201d, IT Underground 2004, \n http:\/\/invisiblethings.org\/papers\/ITUnderground2004_Linux_kernel_backdoors.ppt\n \n , Oct. 2004."},{"key":"24_CR27","unstructured":"Danny Quist and Val Smith, \n http:\/\/www.offensivecomputing.net\/files\/active\/0\/vm.pdf"},{"key":"24_CR28","unstructured":"Josh Jackson, \n http:\/\/www.codeproject.com\/KB\/security\/AntiReverseEngineering.aspx\n \n , Nov. 2008"},{"key":"24_CR29","unstructured":"Nicolas Falliere, \n http:\/\/www.securityfocus.com\/infocus\/1893\n \n , Sept. 2007"},{"key":"24_CR30","unstructured":"Michael N. Gagnon et al, \n http:\/\/ieeexplore.ieee.org\/Xplore\/login.jsp?url=\/iel5\/8013\/4218538\/04218560.pdf?temp=x\n \n , June 2007"},{"key":"24_CR31","unstructured":"Nicolas Brulez, \n http:\/\/www.codebreakers-journal.com\/downloads\/cbj\/2005\/CBJ_2_1_2005_Brulez_Anti_Reverse_Engineering_Uncovered.pdf\n \n , March 2005"}],"container-title":["Datenschutz und Datensicherheit - DuD"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-010-0024-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11623-010-0024-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-010-0024-4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-010-0024-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T18:20:57Z","timestamp":1559413257000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11623-010-0024-4"}},"subtitle":["Detecting both malicious software behavior and malicious indicators from the static analysis of executable code"],"short-title":[],"issued":{"date-parts":[[2010,2,24]]},"references-count":31,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2010,3]]}},"alternative-id":["24"],"URL":"https:\/\/doi.org\/10.1007\/s11623-010-0024-4","relation":{},"ISSN":["1614-0702","1862-2607"],"issn-type":[{"value":"1614-0702","type":"print"},{"value":"1862-2607","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,2,24]]}}}