Types of Malicious Code and Security Risks

Previous page
Table of content
Next page

Malicious code and security risks have traditionally been broken down into a finite number of categories. Today's threats significantly blur the lines between these categories; however, the need to make a distinction continues to serve an important purpose in order to catalog and differentiate threats.

Viruses

While the layperson may uses the terms "computer virus" and "computer worm" interchangeably, the industry-accepted definitions do distinguish between them. A computer virus is malicious code that "piggybacks" onto individual files (or a disk) in order to propagate. In many cases, infection occurs among many files on an individual computer. A virus can move between computer systems, but only does so when a previously infected file (or disk) is transferred in some manner to another computer. This transfer has to be performed via a manual process, and viruses do not have the ability to proactively transmit themselves to other computers. As such (and as opposed to worms), the traditional computer virus is somewhat limited in its ability to have an immediate widespread impact, and is rather isolated in comparison.

In recent years we have seen a fundamental drop in the number of new computer viruses. Interest from malicious code authors has moved onto newer mechanisms, more specifically computer worms and their derivatives. The ubiquity of today's computer networks has certainly driven this, as before networks, files and disks were the predominant mechanism by which a virus could spread.

Worms

Contrary to viruses, worms are a form of malicious code that do have the ability to infect an individual computer system and then spread to others in an automated fashion. Worms can spread using a number of mechanisms; the majority of them take advantage of common networking services.

When discussing worms, the very first system to become infected is known as patient zero. This is the system from which all subsequent infections originate. In some ( unlikely ) cases, this may be the worm author's own system. More likely, it is an initial victim on which the worm code has been placed and invoked, either through one of the infection vectors that will be discussed here, or through some passive seeding mechanism such as an Internet newsgroup or mailing list. The proliferation of unprotected wireless access points also serves to increase the ease with which an attacker can insert a new threat onto the Internet.

Once patient zero has become infected, one of the next steps of a worm is to attempt to infect others. In doing so, it must seek out new targets and attempt to replicate itself to those targets. A single infected system may in turn infect hundreds or thousands (or more) of additional systems as it spreads .

image from book

Past worms have used a plethora of different mechanisms in order to spread; however, they can be summarized into a much smaller number of categories.

E-mail-Based Worms

E-mail-based worms, otherwise known as mass-mailing worms due to their tendency to generate a large number of e- mails to an even larger number of targets, propagate by transmitting themselves through e-mail. E-mail-based worms rely on either (1) human interaction whereby the victim invokes the worm, believing it to be a benign attachment, or (2) a vulnerability on the victim system that causes the worm to be run automatically when it is received.

Mass-mailing worms spread more quickly and cause more widespread impact when they are able to leverage a preexisting vulnerability that may be present on a victim system. These vulnerabilities are present in either the mail client itself (Microsoft Outlook being the favorite target), or in some component used by the mail client (such as the Outlook preview pane, which uses Internet Explorer to preview an e-mail). In such a scenario, a victim needs only to read an e-mail or have it show up in the preview pane to become infected.

One such vulnerability, originally published in March of 2001, has been used by dozens of mass-mailing worms in an attempt to spread automatically. The Microsoft IE MIME Header Attachment Execution Vulnerability flaw results in the automatic execution of an attachment included in the e-mail message. More details on this specific flaw can be found at http://www.securityfocus.com/bid/2524. In order to be invoked, the e-mail containing the worm need simply be opened (either in a new window or in the Microsoft Outlook preview pane) in order to infect the victim.

As with all vulnerabilities, once they have been patched on a sufficient number of computers, their value drops substantially. In the absence of new vulnerabilities, mass-mailing worms rely on social engineering, or the ability to entice a victim to open an attachment and execute its contents. Their success is based largely on how convincing their associated message is.

image from book

Worms such as MyDoom.A purport to be mail system failure messages, appearing to originate from an organization's mail infrastructure, and claiming to contain the erroneous message as an attachment. Even more common are attachments appearing to come from trusted colleagues, appearing to contain exciting documents and other files. Regardless of their message, the human element involved in their propagation continues to lead to their success today. This is witnessed by the many variants of worms such as MyDoom, Beagle, NetSky, and Sobig.

E-mail-based worms collect e-mail addresses in a number of different ways, including:

  • Searching local files for e-mail addresses This includes searching common documents, address books, databases, web pages, and even browser caches.

  • Randomly guessing additional e-mail addresses for a domain once an e-mail address has been found on the system While not the most effective mechanism, this does help to increase the chances of reaching additional victims, in turn also increasing the volume of mail being transmitted.

  • Using search engine results to supplement the address list Some more recent worms have used popular search engines (such as Google) in order to supplement their address list. By searching for domains (once one has been found on a system), additional e-mail addresses can be harvested from the results.

Today's e-mail-based worms incorporate their own SMTP engine. This eliminates the reliance on the victim's local mail server in order to send e-mails. The SMTP engine performs the appropriate DNS (Domain Name System) MX record lookup and subsequent transmission of the e-mail directly to the target's mail server, in turn bypassing the victim's local server entirely. This also allows the worm to avoid using any mail APIs that have been provided by the operating system, such as Microsoft's Messaging Application Programming Interface (MAPI) on Windows.

In order to prevent these mass-mailing worms from contacting unsanctioned SMTP servers, an organization can restrict TCP/25 connections to external SMTP servers. In an appropriately configured network, individual clients have no need to connect to SMTP servers outside of their organization.

Mass-mailing worms generate a high volume of e-mails, congesting Internet e-mail infrastructure worldwide. During an initial outbreak they have been responsible for the outright failure of enterprise e-mail servers and the delay in the delivery of legitimate e-mail.

To protect against mass-mailing worms, organizations have taken to the blocking of specific attachment types at their network perimeter. This may be facilitated either by your perimeter firewall, or by your SMTP server. The following types of file extensions are some of those that may be used by mass-mailing worms as they attempt to spread to a system and should be blocked at your perimeter:

.ade

.adp

.app

.asx

.asp

.bas

.bat

.chm

.cmd

.com

.cpl

.crt

.csh

.exe

.ftp

.hlp

.hta

.inf

.ins

.isp

.js

.jse

.ksh

.lnk

.mda

.mdb

.mde

.mdt

.mdw

.mdz

.msc

.msi

.msp

.mst

.ops

.pcd

.pif

.prf

.prg

.reg

.scf

.scr

.sct

.shb

.shs

.url

.vb

.vbe

.vbs

.ws

.wsh

     

Some more recent worms have even taken to encoding themselves in compressed archives such as zip files in order to bypass any attempt by organizations to block malicious attachments. This requires an extra step by the victim to open the compressed archive, and then execute the enclosed malicious code. Not surprisingly, these worms have continued to be successful, finding more than enough of an audience of victims who are willing to open and do almost anything to infect themselves.

To take this point one step further, worms can also transmit themselves in password-protected zip files in order to prevent anti-virus solutions from opening the compressed archive. In this scenario the associated password is included in the e-mail message (either as text or as an image), requiring the user to not only open the zip file using the included password, but then invoke the enclosed malicious code. These worms have again been successful in spreading across the Internet. Anti-virus solutions have responded by seeking out the associated password in the contents of the e-mail message, and then decrypting the archive for inspection of its payload.

Blocking these common attachment types only solves part of the problem. Nothing precludes a worm from simply sending an HTTP link in the e-mail to a potential victim (such as http://compromised-host.com:8000), listening on a specific port (in this case 8000), and then sending a copy of itself over the connection when someone clicks on the link. The victim would still need to accept the download and execute it; however, those that do would not have been protected by attachment blocking.

Without an adequate gateway-based anti-virus solution, organizations are likely to be inundated with infected e-mails when a new mass-mailing worm surfaces. It is important to consider a gateway-based solution in order to prevent this substantial volume of infected e-mails from reaching your employees .

In the end, only a part of the solution is a technological one. The proper education of both consumer and enterprise users plays a huge role in the future prevention of these types of threats. The naivety and willingness of users to go through significant effort to become victims exemplifies this.

Vulnerability Exploitation

Another way that worms spread is through the direct exploitation of network-based security vulnerabilities. This technique has been used by some of the most prolific worms in the past decade . These include CodeRed, Nimda, Slammer, Blaster, and Sasser, worms that surfaced in 2001 through 2004. These worms are considered network-based worms, as they spread exclusively through the exploitation of software vulnerabilities over a network. The distinct number of pure network-based worms pales in comparison to the number of mass-mailing worms. This is due in part to the requirement that a widespread, high-impact vulnerability must be leveraged by such a worm to spread. To have the most impact, a worm must exploit a vulnerability that has a high vulnerability density. To have the highest vulnerability density, a vulnerability would need to be

  • Present on a high percentage of Internet-connected systems

  • Enabled by default, requiring no additional configuration by the user

  • Be accessible anonymously without any form of authentication or credentials

  • Be exploitable across several operating system versions (or service pack levels)

While the above would be a best-case scenario for a vulnerability used by a worm, nothing precludes one from exploiting vulnerabilities with a low vulnerability density. In practice, a lower vulnerability density would result in a much reduced overall impact (fewer infected computers); therefore, we see fewer threats leveraging these.

It is no surprise that some of the most successful network worms in recent history have targeted the Windows operating system and the services running on it. The CodeRed and Nimda worms exploited vulnerabilities present by default in the Microsoft IIS Web Server. Slammer exploited a vulnerability present by default in the Microsoft SQL Database Server. Blaster and Sasser exploited vulnerabilities present in a core Windows operating system component (MSRPC), one that was present on every single desktop and server system prior to a patch becoming available.

While we have seen examples of worms targeting Linux and other UNIX-based operating systems, they have received much less attention than those targeting Windows-based platforms. Linux and other UNIX-based systems are certainly not without their fair share of security vulnerabilities. One difficulty arises when targeting Linux-based systems, given a buffer overflow vulnerability that is common across many different vendors and versions. That is, the memory layout across multiple versions and multiple vendors may vary dramatically, requiring an individual exploit to be crafted for each variation. This manifests itself even further when you take into account that anyone can compile their own version of common network services, creating even more variations. As a result, worms targeting Windows-based systems, with a single vendor, and releases only varying across major operating system revisions (and possibly service packs ) are much more likely to succeed.

A recent example of this is the Blaster worm that contained two payloadsone for Windows XP and one for Windows 2000. Blaster would send a payload targeting Windows XP 80 percent of the time and a payload targeting Windows 2000 only 20 percent of the time. If the selection happened to be incorrect, the target system would reboot as a result (since memory in the target process would become corrupted as a result of an invalid payload).

Worms exploiting network vulnerabilities are not new. Prior to the recent resurgence of these threats, one of the most well-known network worms was the Morris Internet Worm in 1998. The Morris worm exploited a vulnerability in Sendmail (http://www.securityfocus.com/bid/1) and a vulnerability in finger (http://www.securityfocus.com/bid/2) in order to spread. One unique thing about this worm is that it was cross-platform, running and infecting both Sun-3 and VAX computer systems, two of the most common architectures on the Internet at that time. It also may have been one of the first known exploitations of a buffer overflow (finger) prior to the rise in popularity of buffer overflow vulnerabilities in the mid-1990s.

The key protection against network-based worms is to maintain a properly patched environment. Since network-based worms exploit security vulnerabilities, ensuring those vulnerabilities are patched eliminates the risk of infection altogether. This can certainly be a challenge, given the volume of new security vulnerabilities that organizations must deal with on a daily basis (seven to ten new flaws per day).

Network Share-Based Worms

In addition to spreading through e-mail and leveraging vulnerabilities, another mechanism that a worm may use is propagation through network shares. Windows CIFS (Common Internet File System) file sharing has long been the target of hackers to gain access to, or modify, information remotely on computers. Worms try to spread via network shares in a number of different ways. These include

  • Connecting to shares discovered on the local workgroup or domain.

  • Scanning other local and Internet addressable computers for the presence of network sharing services (either via port 139 or port 445).

  • Once found, attempting to guess common username and password combinations to gain access to those shares.

  • Once connected, placing copies of itself in startup folders on the remote share (if the share contains user directories), or modifying other startup files. If Administrator privileges are gained , the worm can use Windows API calls in order to invoke the freshly copied program remotely.

  • Overwriting, or creating new executable files that are found on the remote shares with copies of itself.

Network file share propagation is a mechanism that can also further increase a worm's success after it has penetrated the hard perimeter of an organization's network (either by e-mail or through exploitation of a vulnerability), continuing to accelerate its spread internally.

In order to protect against network share-based worms it is important to prevent network traffic associated with these services from passing into your network. While support for network sharing may be a necessity within your corporate network, it should not be used to share information outside of your organization, at least not by using the standard protocols over the unprotected Internet. If it is necessary in the course of everyday business, then a VPN connection should be established with the appropriate parties in order to provide both solid authentication and strong encryption of traffic.

In order to prevent Windows file sharing traffic from entering your network, while at the same time protecting against other potential attacks, it is advised that the following services be filtered at your perimeter:

Service

Description

msrpc (UDP/135)
msrpc (UDP/135)

These ports expose Microsoft RPC services. These services are used primarily for local area networking, and have contained vulnerabilities in the past. TCP/135 was the target of the Blaster worm.

netbios-ns (137/UDP)

The NetBIOS name service is used predominantly by Windows networking for local network file sharing and the resolution of local computer names . This service should not be permitted in from the Internet.

netbios-dgm (UDP/138)

The NetBIOS datagram service is also used to support Windows networking, and should not be permitted from the Internet.

netbios-ssn (TCP/139)

The NetBIOS session service provides the actual file sharing for Windows networking. It should be blocked at the perimeter. It should be noted that many threats target the last five Windows networking ports that we just mentioned. It is recommended that all NetBIOS ports are blocked at the perimeter.

microsoft-ds (UDP/445)
microsoft-ds (TCP/445)

Microsoft directory service provides many of the identical services as netbios-ssn (TCP/139). It should be filtered along with other NetBIOS service ports.

Blended Threats

Blended or hybrid threats are worms or other forms of malicious code that use multiple infection vectors in order to infect a computer system. Most worms traditionally used a single mechanism or infection vector in order to compromise a system. They may use a single vulnerability, spread through file sharing or e-mail. Blended threats, on the other hand, may use any combination of these in order to spread.

The Nimda worm, for example, exploited four known Microsoft Windows network vulnerabilities, and in addition also spread through e-mail, open network shares, and by infecting web browsers after placing copies of itself in the web root of a newly infected server. Nimda, which surfaced in 2001, is by far the best example of a blended threat that we have seen. Using multiple infection vectors clearly enhances a worm's potential of spreading.

Seeding of Worms

Seeding refers to the concept of leveraging a large bed of computers known to be vulnerable or known to be previously compromised in order to intensify the initial outset of a new threat. Seeding a worm on thousands of computers can give it a substantial advantage over one that is launched on just one. This head start can dramatically increase the speed at which a worm can spread and the overall initial impact seen on the Internet.

Seeding a new threat does not require a substantial amount of effort; it simply requires gathering or otherwise obtaining a list of systems on which a threat can be instantiated . This list can be compiled in a number of ways:

  • By monitoring Internet activity for computers appearing to be compromised by another threat Worm-infected systems and those exploiting network-based vulnerabilities generate tremendous amounts of traffic destined to random Internet addresses. Any such sources are clearly already compromised, and likely still vulnerable to the flaw that is associated with the worm. Also, if the specific worm variant can be identified, any backdoors or other entry points may also be leveraged by others. They are prime candidates for seeding. Simply connecting to the Internet guarantees that you will eventually be probed by one of these threats as it is trying to spread.

  • By using common search engines to seek out a list of known vulnerable servers Web-based vulnerabilities, which are the prime example in this case, can easily be harvested given that they can be identified through a unique URL. An attacker need only search common search engines for the vulnerable script or application in order to obtain Internet-wide results. Not only is this a method for the seeding of new threats, but some threats use this mechanism as one of their primary methods for seeking out new targets after they have already infected a victim. While effective, this mechanism is prone to a single point of failure and easily subverted by the search engine provider once they become aware of the query.

Although the seeding of threats has not been overly prevalent in the past, it is a mechanism that we are likely to see more of in the future.

Bots and Bot Networks

Bots are a form of malicious code that is installed on a victim computer and is under the ongoing control of the individual who deployed them, the Bot master. As opposed to worms, bots do not propagate automatically; however, they do have the ability to scan and compromise new computer systems when commanded by their authors. Their ability to do so parallels that of a worm to some extent, in that a substantial number of computers may be compromised by bots, but it is done so in a much more controlled fashion.

A network of many of these bots under the control of an individual is called a bot network or botnet. Some botnets can consist of thousands (or even hundreds of thousands) of compromised computers all under the control of the same individual. Individual bots maintain communication to their master through a control channel consisting of either a centralized server to which all bots connect, or an ad hoc peer-to-peer network through which communications are exchanged.

When centrally based, the control channel is in many cases through a central IRC (Internet Relay Chat) server. This IRC server, which the master also connects to, is then used to issue commands to an individual bot or the entire botnet, causing it to perform a variety of activities.

In addition to IRC, some bots have also based their communication mechanisms on an internal peer-to-peer network, comprised entirely of infected computers. This decentralized approach significantly increases a bot network's robustness, and makes it much less susceptible to the single point of failure of central IRC server. In addition, this decentralized nature makes it much more difficult to track down the individual who may be controlling the botnet.

image from book

Bots infect computers using many of the same mechanisms that worms do. They can be sent through e-mail, exploit a vulnerability (the preferred method), or guess file share passwords in order to copy themselves onto new computers. Once there, the newly infected system joins the botnet using the chosen communication channel.

Bots and botnets are deployed for a variety of purposes. Their origins can be traced back to the Zombie networks, used for some time for the explicit purpose of launching large-scale distributed denial-of-service (DDoS) attacks. Bots have evolved quite dramatically from that single purpose and have incorporated dozens of functions. Also, they have become quite extensible, allowing their authors to easily add new functionality or to leverage the latest exploit code when it surfaces. Some of the more common capabilities include

  • The ability to scan and attempt to exploit vulnerabilities on a range of systems in an attempt to gather new botnet participants

  • The ability to scan local and remote networks for open file shares, or attempt to guess the password for either administrative or user accounts on those systems

  • The ability to add new user accounts to the infected computer system

  • The ability to download and execute files from a specified location

  • The ability to search the local system for software license keys, in order to provide those keys back to the master

  • The ability to kill known anti-virus, personal firewall, and other botnet/worm processes as they are discovered

  • The ability to harvest e-mail addresses from files located on the infected computer

  • The ability to proxy network connections, acting as a relay for spam and phishing attacks

  • The ability to take a screenshot of the local screen, capture keystrokes from the console, or enable an attached webcam, sending information back to the master

  • Dynamic update functionality that allows the master to update the current infected system with a new variant of the bot, adding new capabilities (such as the ability to exploit new vulnerabilities)

  • The ability to reboot the infected computer

As can be seen from this list of features, bots command complete control over an infected computer, leading to the full compromise of privacy for the owner. All actions on an infected computer can be tracked. When a new, widespread security vulnerability is discovered it takes little time before new bot variants surface and begin using it.

Following the same trend as other malicious code, bots are increasingly used in financially motivated attacks. Botnets have become the choice today for the relaying of spam and phishing- related e-mail. Oftentimes unsuspecting victims are participating in these botnets without their knowledge, as attackers utilize vast armies of botnets. Access to these botnets also has an inherent value, with spammers willing to pay for the use of these networks to relay content. This move towards monetary gain has added an entirely new dimension to the botnet dilemma.

Trojan Horses

A Trojan horse is malicious code that portrays itself as something other than what it is at the point of execution. While it may advertise its activity after launching, this information is not apparent to the user beforehand. A Trojan horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort . The malicious functionality of a Trojan horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls. Pure Trojan horses have become rare, due to their limited value to an attacker.

Spyware

Spyware is a form of malicious code that has the ability to scan computer systems or monitor their activity and relay information to other computers or locations on the Internet. Among the information that may be actively or passively gathered and disseminated by spyware: passwords, bank account numbers, credit card numbers, social security numbers , personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. Spyware can be downloaded from web sites (typically in shareware or freeware), e-mail messages, and instant messenger applications. Additionally, a user may unknowingly receive and/or trigger spyware by accepting an End User License Agreement from a software program linked to the spyware or from visiting a web site that downloads the spyware with or without an End User License Agreement.

Spyware has become an increasing threat over the past decade. In many cases it is tied directly to monetary gain, much like the proliferation of botnets has been. Spyware can be installed on a computer in a number of different ways. In some cases, spyware rides as the payload of a worm, being dropped by the worm on every infected computer. In one extreme case, a well-known spyware author and spammer went so far as to install spyware that advertised his own spyware and adware removal tools. When infected, a victim would receive repeated pop-up advertisements indicating that they were infected, and could purchase the author's removal tool in order to eliminate the threat. In this case, the Federal Trade Commission stepped in, suing the individual. In many cases, however, spyware is much more surreptitious.

In other cases spyware is installed through vulnerabilities in web browsers, whereby the unsuspecting user visiting a malicious web site is infected automatically. These vulnerabilities can often be exploited silently, without the user's knowledge. In order for this to occur, the malicious code required to exploit the vulnerability must be placed on the web site, indicating that it has been compromised, or is otherwise under the control of the attacker. A continuous flow of security vulnerabilities affecting the most prevalent web browsers continue to provide attackers with a foundation for automated spyware installation.

Spyware, like most other malicious code, is proficient at embedding itself on computers to avoid eradication. This makes the removal of spyware challenging. In many situations it is bundled with other software that will outright fail if it is removed. As a result, the security industry, previously unequipped to handle this type of threat, has had to innovate and create new solutions.

Adware

Adware is a type of program that facilitates delivery of advertising content to the user through its own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyberspace .

Like spyware, adware can be downloaded from web sites (typically in shareware or freeware), e-mail messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger adware by accepting an End User License Agreement from a software program linked to the adware or from visiting a web site that downloads the adware with or without an End User License Agreement.

While adware and spyware share some commonalities, adware is different as it is entirely focused on presenting advertising to the end user, not to steal otherwise confidential information. While it may track web site usage and behavior, it normally stops there.

Phishing Attacks

Phishing attacks are directed attacks that target the customers of online financial institutions, e-commerce sites, and other prominent Internet properties in an attempt to entrap unsuspecting users into disclosing personal information. Phishing attacks are most frequently launched through e-mail, using the same distribution mechanisms as used traditionally by spammers.

Phishing e-mails appear as legitimate messages from the organization being targeted, normally in an attempt to report that some attention is required in the user's online account. They look genuine , and for many users cannot be differentiated from a legitimate e-mail.

Phishing e-mails use a number of tricks in an attempt to disguise URLs that may be included in the e-mail. In an HTML e-mail, for example, attackers may display a legitimate site as a link, while the underlying reference seeks to direct the user to the malicious web site. Although this is easily detected by those in the know, in many cases it is enough to entice a sufficient percentage of recipients to follow it.

In such a scenario, the same perpetrators in order to appear legitimate may register a new Internet domain that appears extremely similar to the targeted institution. For example, attackers may register a fake domain foolsbank.us for a legitimate bank at foolsbank.com. The domain appears similar enough to not arouse suspicion, but is instead a malicious web site set up expressly to gather and record account information.

While some examples of phishing attacks are poorly worded and hardly pass as legitimate e-mails, others are polished and difficult to differentiate from fakes . The following two samples illustrate both how poor (but still successful) and how convincing phishing e-mails can be. The second example is so convincing it is indistinguishable from one that could have been sent by this bank.

image from book
image from book

Much like the ongoing disclosure of vulnerabilities that can be used to install spyware, there have also been a spate of new vulnerabilities that serve to help those involved in perpetrating phishing attacks. Classes of vulnerabilities, called address bar spoofing vulnerabilities, have assisted by making it easy for attackers to disguise the contents of the Internet Explorer address bar. By doing so, they can make it appear as though users are visiting an organization's legitimate web site, while they are in fact browsing a malicious one.


Previous page
Table of content
Next page
Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120
Authors: Victor Oppleman, Oliver Friedrichs, Brett Watson
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Snort Cookbook
MySQL Cookbook
Competency-Based Human Resource Management
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy