2. Program threats Stack and Buffer overflow Trojan horse Worms Trap door Logic Bomb Virus 5/10/2010 2
3. Logic Bomb Program that initiates a security incident under certain circumstances. Known by the Mentor Programmers (or any other one want to be professional in IT world). 5/10/2010 3
8. Virus Con. "payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security. Virus dropper inserts virus onto the system. virus signature is a pattern (a series of bytes) that can be used to identify the virus . 5/10/2010 5
9. Virus Categories Many categories of viruses, literally many thousands of viruses so that you can find a virus in two or more categories: File Boot Macro Source code Polymorphic Encrypted Stealth Tunneling Multipartite Armored 5/10/2010 6
10. File Append itself to a file. Change the start of the program to its code. Known as parasitic viruses. usually with extensions .BIN, .COM, .EXE, .OVL, .DRV. 5/10/2010 7
11. Boot The boot sector carries the Mater Boot Record (MBR) which read and load the operating system. Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk. Executed every time the system is booting. Known as memory viruses. 5/10/2010 8
14. Macro Written in a high-level language. macros start automatically when a document is opened or closed (word – Excel). can be spread through e-mail attachments, discs, networks, modems, and the Internet. 5/10/2010 11
18. Polymorphic Change virus’s signature each time. It’s designed to avoid detection by antivirus software. A polymorphic virus acts like a chameleon. 5/10/2010 15
19. Encrypted Encrypted virus to avoid detection. It has a decryption code along with the encrypted virus. 5/10/2010 16
20. Stealth It use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it. in fact, the first computer virus, was a stealth virus 5/10/2010 17
21. Tunneling Install itself in the interrupt-handler chain or in device drivers attempting to bypass detection. Try to intercept the actions before the anti-virus software can detect the malicious code. 5/10/2010 18
22. Multipartite Infect multiple parts of the system. Including boot sector, memory, and files. So it’s difficult to be detected by the antivirus scanner. 5/10/2010 19
23. Armored The most dangerous type. The virus may use methods to make tracing, disassembling, and reverse engineering its code more difficult. Virus droppers and other full files which are part of a virus infestation are hidden. 5/10/2010 20