acm网上课程学习笔记
Malicious code can describe legitimate code that causes

unintentinal destruction. It includes viruses, Worms, and

Trojan horses. And it takes adavantage of known

vulnerabilities.
Virus types:
1.stealth
  Stealth viruses camouflage themselves by interfering

with the operating system to convince antivirus packages

that everything is running normally. they can hide the

modification date and time updated by their modification

date and time updated by their changes and conceal the

increase in file size. Examples of stealth viruses are

Brain, Monkey, and Frodo.
2. encrypted
  Encrypted viruses use encryption to avoid detection.

Stealth viruses sometimes encrypt themselves. These

viruses use a short piece of code, called a virus

decryption routine, to hold the information nedded to load

and decrypt the main virus code stored on another part of

the disk. Examples of encrypted viruses are AntiFort.1110

and Macro.Word.Amadillon.
3.multipartite
  Multipartite viruses use at least two propagation

techniques to penetrate systems that are not protected

against all the virus's forms of propagation. These

viruses can infect system sectors or they can infect. They

try to attack the boot sector and executables at the same

time. Examples of multipartite viruses are Predator,

LivingDeath, and Jerusalem.MBR.
4.Polymorphic
   Polymophic viruses change their own code as they

migrate from one system to another. In other words, the

signature of the virus changes when it moves on, making

signature-based antivirus packages redundant. Common

polymorphic viruses include ONE Half and Natas.



Malicious code types:
1.worms
  Worms are programs that are as destructive as viruses

but propagate without the need for human intervention,

such as sending e-mail.
  A worm can infect the operating system either by

completely replacing programs or by attaching itself to

programs and changing their functionality. It can corrupt

data in memory. A worm can hide by creating several files

within source code. Once a worm is discovered, cleanup is

not a problem because ther is only one copy to destroy.
  Examples of worms inlcude Code Red, Ska and Sasser.
2.logic bombs
  Logic bombs are mailicious code objects that infect a

system but lie domant until acertain date or other logical

trigger. They are ofthen the work of disaffected employees

who wish to leave a legacy of destruction after they

depart the organization.
  Although logic bombs cannot replicate, they may spawn

viruses. When activated, they may stop the machine, modify

the video display, cause a disk of keyboard failure,

destroy data, or release other logic bombs.
  An example of a logic bomb is contained in the

Michelangelo virus, which hides until March 6 when it

activates, reformatting the hare drive and destroying the

data on it.

3.Trojan horses
  Trojan horses are seemingly innocuous or attractive

programs, such as a free game, music, or application. They

are often distributed as e-mail attachments or downloaded

from the Web. These programs cause havoc when installed or

downloaded. They can take control of the computer

infrastructure, compromise data, and flood users'

mailboxes with gogus messages.
  Examples of Trojan horses include NetBus and Back

Orifice.
4.hoaxes
  Hoaxes are false warnings about viruses that are about

to strike. Some warnings may appear to come from reputable

sources and often recommend drastic antivirus measures.

The e-mail generated can bring down mail servers.
  One hoax claimed that a deadly virus named Red Alert had

infected Microsoft's home page. Any computer accessing the

site via internet Explorer would be destroyed. Users were

advised not to visit Microsoft's home page untile further

notice.
  The Good Times hoax warning has been in circulation

since 1994.
Summary
  Malicious code refers to any program that destroys or

harms a system's software or data by means of weaknesses

in computer systems. Skill is not necessarily required to

develop malicious code. The virus life cycle has two

stages-replication and activation.
  Macro viruses infect legimate scripting macros used to

improve application productivity. File infector viruses

infect or replace executables. Master Boot Record(MBR)

viruses cause the virus code to be loaded with the

operating system.
  The for types of advanceed virus are stealth, encrypted,

multipartite, and polymorphic.
  Malicious code includes programs that do not replicate

like viruses. These are worms, logic bombs, and Trojan

horses. Hoaxes are false warnings about nonexistent

viruses.