Network Security Essentials -- Notes8. Malicious Software
Malicious Software: Virus, Worm, Tojon ....
1.Division of Malicious Software
a.Division Method #1
i. Software that needs a host program, viruses, logic bombs, backdoors e.g.
ii. Software that is independent, worms, zombie programs e.g.
b.Division Method #2
i. Software that replicates, such as viruses and worms
ii. Software that doesn't replicate, such as logic bombs, backdoors, zombine programs
2.Backdoor: A secret entry point into a prgram. For example, backdoors set by programmers to debug and test programs
3.Logic Bomb: "explode" when certain conditions are met. Explosion includes alter data, delete data and so on
4.Trojan Horse: Implant in a victim system which enable the attacker's access to the system
5.Zombie(肉鸡): Secretly taking over another computer and using it to launch attacks that are difficult to trace to the attacker. It's often used for DDOS attack.
6.Virus: "Infecting" other programs by modifying them. It will execute and replicate when the host program is run. Host problem can be executable binary program or MS Word Micro/Email.
7. Worms: Replicating and send copies across network.
The entwork vehicle includes
a. sending copy of self via EMAIL
b. EXECUTING self in a REMOTE machine
c. REMOTE LOGIN and then copy self.
8.Anti-virus
a. Model:
Detecting -> Identifying virus -> Remove virus from host program
or Detecting -> Remove infected files -> Reload a clean backup version
b.Detecting Methods
i.Detecting known virus by scanning the virus'es signature
ii.Scanning code fragments that are often associated with viruses
iii.Checking the lenght of the file
iv.Checksum
v.Residing in memory and detect unusual actions of programs, such as deleting a file or formating a disk.
