cis 442: chapter 2
DESCRIPTION
CIS 442: Chapter 2. Viruses. Malewares. Maleware classifications and types Viruses Logical and time bombs Trojan horses and backdoors Worms Spam Spyware. Operating systems tasks. Booting and resetting Managing volumes and files Managing executable programs and processes - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/1.jpg)
CIS 442: Chapter 2
Viruses
![Page 2: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/2.jpg)
Malewares
• Maleware classifications and types• Viruses• Logical and time bombs• Trojan horses and backdoors• Worms• Spam• Spyware
![Page 3: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/3.jpg)
Operating systems tasks
• Booting and resetting• Managing volumes and files• Managing executable programs and processes• Managing memory• Handling interrupts
![Page 4: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/4.jpg)
Viruses
• Definition and history• Viruses for mainframe and PCs• Propagation or infection• Payload or damage• Trigger• Replication• Virus polymorphism
![Page 5: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/5.jpg)
Virus writers
• Reasons for writing, using or distributing viruses
• General profile
![Page 6: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/6.jpg)
Virus propagation
• From file to file and from computer to another.
• Looking for executable, and similar files• Memory resident viruses• Infected software, email attachement
![Page 7: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/7.jpg)
Macro viruses
• Differences from typical viruses• Document files
![Page 8: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/8.jpg)
Virus classification methods
• By Infection• By Damage• By trigger• By Platform
![Page 9: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/9.jpg)
Classification
• File infector viruses• Shell viruses• Non-overwriting viruses• Overwriting viruses• Intrusive viruses• Boot sector viruses• Multipartitie viruses
![Page 10: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/10.jpg)
• Memory resident viruses• BSI Boot sector viruses• Differences between BSI and file infectors• Bootstrap loader and virus hiding methods
![Page 11: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/11.jpg)
File infector viruses infection methods
• Shell viruses• Overwriting• Non-overwriting• Intrusive• File attributes: Size, CRC(hash), MAC, code
inside, access permissions
![Page 12: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/12.jpg)
Companion-multipartitie Viruses
• File association• DOS execution sequence (com, bat, exe).• Multi-File infector and BSI viruses: advantages
and challenges
![Page 13: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/13.jpg)
![Page 14: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/14.jpg)
Macro and Script Viruses• Macros programs, examples• Examples and characteristics of Macro Viruses• Protection against Macro viruses.
![Page 15: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/15.jpg)
Infected images and acrobat
• Buffer overflow problems
![Page 16: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/16.jpg)
Virus life cycle
• Signature• Infection• Damage• Trigger or Activation: Bombs
![Page 17: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/17.jpg)
Virus Payloads
• Types and levels of payloads
![Page 18: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/18.jpg)
Virus organization
• Infection marker• Infector• Trigger check• Manipulation
![Page 19: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/19.jpg)
Virus naming
• Based on type• Based on creator• Macro viruses• Based on environment
![Page 20: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/20.jpg)
Virus hiding methods
• Hiding methods• Stealth techniques
![Page 21: CIS 442: Chapter 2](https://reader035.vdocuments.us/reader035/viewer/2022062323/568165d7550346895dd8e857/html5/thumbnails/21.jpg)
Interrupts and viruses
• Relation between interrupts and viruses – trigger and activation
• Trapdoors