CIS 442: Chapter 2 Viruses. Malewares Maleware classifications and types Viruses Logical and time bombs Trojan horses and backdoors Worms Spam Spyware.

CIS 442: Chapter 2

Viruses

Malewares

• Maleware classifications and types• Viruses• Logical and time bombs• Trojan horses and backdoors• Worms• Spam• Spyware

Operating systems tasks

• Booting and resetting• Managing volumes and files• Managing executable programs and processes• Managing memory• Handling interrupts

Viruses

• Definition and history• Viruses for mainframe and PCs• Propagation or infection• Payload or damage• Trigger• Replication• Virus polymorphism

Virus writers

• Reasons for writing, using or distributing viruses

• General profile

Virus propagation

• From file to file and from computer to another.

• Looking for executable, and similar files• Memory resident viruses• Infected software, email attachement

Macro viruses

• Differences from typical viruses• Document files

Virus classification methods

• By Infection• By Damage• By trigger• By Platform

Classification

• File infector viruses• Shell viruses• Non-overwriting viruses• Overwriting viruses• Intrusive viruses• Boot sector viruses• Multipartitie viruses

• Memory resident viruses• BSI Boot sector viruses• Differences between BSI and file infectors• Bootstrap loader and virus hiding methods

File infector viruses infection methods

• Shell viruses• Overwriting• Non-overwriting• Intrusive• File attributes: Size, CRC(hash), MAC, code

inside, access permissions

Companion-multipartitie Viruses

• File association• DOS execution sequence (com, bat, exe).• Multi-File infector and BSI viruses: advantages

and challenges

Macro and Script Viruses• Macros programs, examples• Examples and characteristics of Macro Viruses• Protection against Macro viruses.

Infected images and acrobat

• Buffer overflow problems

Virus life cycle

• Signature• Infection• Damage• Trigger or Activation: Bombs

Virus Payloads

• Types and levels of payloads

Virus organization

• Infection marker• Infector• Trigger check• Manipulation

Virus naming

• Based on type• Based on creator• Macro viruses• Based on environment

Virus hiding methods

• Hiding methods• Stealth techniques

Interrupts and viruses

• Relation between interrupts and viruses – trigger and activation

• Trapdoors