CIS 442: Chapter 2
description
Transcript of CIS 442: Chapter 2
![Page 1: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/1.jpg)
CIS 442: Chapter 2
Viruses
![Page 2: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/2.jpg)
Malewares
• Maleware classifications and types• Viruses• Logical and time bombs• Trojan horses and backdoors• Worms• Spam• Spyware
![Page 3: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/3.jpg)
Operating systems tasks
• Booting and resetting• Managing volumes and files• Managing executable programs and processes• Managing memory• Handling interrupts
![Page 4: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/4.jpg)
Viruses
• Definition and history• Viruses for mainframe and PCs• Propagation or infection• Payload or damage• Trigger• Replication• Virus polymorphism
![Page 5: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/5.jpg)
Virus writers
• Reasons for writing, using or distributing viruses
• General profile
![Page 6: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/6.jpg)
Virus propagation
• From file to file and from computer to another.
• Looking for executable, and similar files• Memory resident viruses• Infected software, email attachement
![Page 7: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/7.jpg)
Macro viruses
• Differences from typical viruses• Document files
![Page 8: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/8.jpg)
Virus classification methods
• By Infection• By Damage• By trigger• By Platform
![Page 9: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/9.jpg)
Classification
• File infector viruses• Shell viruses• Non-overwriting viruses• Overwriting viruses• Intrusive viruses• Boot sector viruses• Multipartitie viruses
![Page 10: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/10.jpg)
• Memory resident viruses• BSI Boot sector viruses• Differences between BSI and file infectors• Bootstrap loader and virus hiding methods
![Page 11: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/11.jpg)
File infector viruses infection methods
• Shell viruses• Overwriting• Non-overwriting• Intrusive• File attributes: Size, CRC(hash), MAC, code
inside, access permissions
![Page 12: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/12.jpg)
Companion-multipartitie Viruses
• File association• DOS execution sequence (com, bat, exe).• Multi-File infector and BSI viruses: advantages
and challenges
![Page 13: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/13.jpg)
![Page 14: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/14.jpg)
Macro and Script Viruses• Macros programs, examples• Examples and characteristics of Macro Viruses• Protection against Macro viruses.
![Page 15: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/15.jpg)
Infected images and acrobat
• Buffer overflow problems
![Page 16: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/16.jpg)
Virus life cycle
• Signature• Infection• Damage• Trigger or Activation: Bombs
![Page 17: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/17.jpg)
Virus Payloads
• Types and levels of payloads
![Page 18: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/18.jpg)
Virus organization
• Infection marker• Infector• Trigger check• Manipulation
![Page 19: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/19.jpg)
Virus naming
• Based on type• Based on creator• Macro viruses• Based on environment
![Page 20: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/20.jpg)
Virus hiding methods
• Hiding methods• Stealth techniques
![Page 21: CIS 442: Chapter 2](https://reader035.fdocuments.net/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/21.jpg)
Interrupts and viruses
• Relation between interrupts and viruses – trigger and activation
• Trapdoors