1. Describe the three main attributes that characterize a bot? 2. Explain how a worm uses a service (a program which processes network traffic) to infect a computer? What was the name of the worm which infected computers running Microsoft’ IIS Web server? 3. What are the main worm activation methods? Provide examples of each activation method. 4. What are polymorphic viruses? How can they be detected by anti-virus programs? 5. What is the role of compression in the operation of viruses? Solution 3. What are the main worm activation methods? Provide examples of each activation method. sol: 1)the three main worm activation methods are i)human activity_based activation: in this scenario worms will be activated when human do some activity like reset,logging ii)scheduled process : in this scenario worms will be activated during scheduled process ex: automatic updates iii)self activation: in this scenario worms will be activated automatically and it will infect process completely by attacking system library files 4. What are polymorphic viruses? How can they be detected by anti-virus programs? sol: =>it is one type of virus which will infect computer by making copy of itself ,here for each copy it makes differnt variants which makes virus detectors much difficult to find them . =>to find the polymorphic infections even the best antivirus may get in to difficulties . one of the way to find the polymorphic infection is heuristic detection,brute force method gives you best possible results 5. What is the role of compression in the operation of viruses? sol: when the virus is compressed the infected program size will be equals to the size of the original program so that its difficult to find this during insertion of code in to a system.