acm网上课程学习笔记
Malicious code can describe legitimate code that causes
unintentinal destruction. It includes viruses, Worms, and
Trojan horses. And it takes adavantage of known
vulnerabilities.
Virus types:
1.stealth
Stealth viruses camouflage themselves by interfering
with the operating system to convince antivirus packages
that everything is running normally. they can hide the
modification date and time updated by their modification
date and time updated by their changes and conceal the
increase in file size. Examples of stealth viruses are
Brain, Monkey, and Frodo.
2. encrypted
Encrypted viruses use encryption to avoid detection.
Stealth viruses sometimes encrypt themselves. These
viruses use a short piece of code, called a virus
decryption routine, to hold the information nedded to load
and decrypt the main virus code stored on another part of
the disk. Examples of encrypted viruses are AntiFort.1110
and Macro.Word.Amadillon.
3.multipartite
Multipartite viruses use at least two propagation
techniques to penetrate systems that are not protected
against all the virus's forms of propagation. These
viruses can infect system sectors or they can infect. They
try to attack the boot sector and executables at the same
time. Examples of multipartite viruses are Predator,
LivingDeath, and Jerusalem.MBR.
4.Polymorphic
Polymophic viruses change their own code as they
migrate from one system to another. In other words, the
signature of the virus changes when it moves on, making
signature-based antivirus packages redundant. Common
polymorphic viruses include ONE Half and Natas.
Malicious code types:
1.worms
Worms are programs that are as destructive as viruses
but propagate without the need for human intervention,
such as sending e-mail.
A worm can infect the operating system either by
completely replacing programs or by attaching itself to
programs and changing their functionality. It can corrupt
data in memory. A worm can hide by creating several files
within source code. Once a worm is discovered, cleanup is
not a problem because ther is only one copy to destroy.
Examples of worms inlcude Code Red, Ska and Sasser.
2.logic bombs
Logic bombs are mailicious code objects that infect a
system but lie domant until acertain date or other logical
trigger. They are ofthen the work of disaffected employees
who wish to leave a legacy of destruction after they
depart the organization.
Although logic bombs cannot replicate, they may spawn
viruses. When activated, they may stop the machine, modify
the video display, cause a disk of keyboard failure,
destroy data, or release other logic bombs.
An example of a logic bomb is contained in the
Michelangelo virus, which hides until March 6 when it
activates, reformatting the hare drive and destroying the
data on it.
3.Trojan horses
Trojan horses are seemingly innocuous or attractive
programs, such as a free game, music, or application. They
are often distributed as e-mail attachments or downloaded
from the Web. These programs cause havoc when installed or
downloaded. They can take control of the computer
infrastructure, compromise data, and flood users'
mailboxes with gogus messages.
Examples of Trojan horses include NetBus and Back
Orifice.
4.hoaxes
Hoaxes are false warnings about viruses that are about
to strike. Some warnings may appear to come from reputable
sources and often recommend drastic antivirus measures.
The e-mail generated can bring down mail servers.
One hoax claimed that a deadly virus named Red Alert had
infected Microsoft's home page. Any computer accessing the
site via internet Explorer would be destroyed. Users were
advised not to visit Microsoft's home page untile further
notice.
The Good Times hoax warning has been in circulation
since 1994.
Summary
Malicious code refers to any program that destroys or
harms a system's software or data by means of weaknesses
in computer systems. Skill is not necessarily required to
develop malicious code. The virus life cycle has two
stages-replication and activation.
Macro viruses infect legimate scripting macros used to
improve application productivity. File infector viruses
infect or replace executables. Master Boot Record(MBR)
viruses cause the virus code to be loaded with the
operating system.
The for types of advanceed virus are stealth, encrypted,
multipartite, and polymorphic.
Malicious code includes programs that do not replicate
like viruses. These are worms, logic bombs, and Trojan
horses. Hoaxes are false warnings about nonexistent
viruses.
阅读(2007) | 评论(0) | 转发(0) |