This document discusses various types of program threats including logic bombs, viruses, worms, and trojan horses. It focuses on viruses, defining them as code fragments embedded in legitimate programs that can spread via email or macros. The document categorizes viruses and provides examples, noting that file viruses append to files, boot sector viruses infect boot sectors, macro viruses spread through documents, and polymorphic/encrypted viruses aim to avoid detection. In summary, it defines computer viruses, explains how they spread, and outlines several categories of viruses along with examples.

1. Program ThreatsVirus & logic bombPrepared and presented by :Medhat Dawoud5/10/20101

2. Program threatsStack and BufferoverflowTrojan horseWorms Trap doorLogic BombVirus 5/10/20102

3. Logic BombProgram that initiates a security incident under certain circumstances.Known by the Mentor Programmers (or any other one want to be professional in IT world).5/10/20103

4. VirusCode fragment embedded in legitimate program.

5. How do viruses work ?

6. Very specific to CPU architecture, operating system, applications.

7. Usually borne via email or as a macro.5/10/20104

8. Virus Con."payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security.Virus dropper inserts virus onto the system.virus signature is a pattern (a series of bytes) that can be used to identify the virus .5/10/20105

9. Virus CategoriesMany categories of viruses, literally many thousands of viruses so that you can find a virus in two or more categories:FileBootMacroSource codePolymorphicEncryptedStealthTunnelingMultipartiteArmored5/10/20106

10. FileAppend itself to a file.Change the start of the program to its code.Known as parasitic viruses.usually with extensions .BIN, .COM, .EXE, .OVL, .DRV.5/10/20107

11. BootThe boot sector carries the Mater Boot Record (MBR) which read and load the operating system.Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk.Executed every time the system is booting.Known as memory viruses.5/10/20108

12. 5/10/20109

13. Example for :Wreak havoc5/10/201010

14. MacroWritten in a high-level language.macros start automatically when a document is opened or closed (word – Excel).can be spread through e-mail attachments, discs, networks, modems, and the Internet.5/10/201011

15. Viruses for freeAntivirus withMillions $$5/10/201012

16. Source codeLooks for a source code and modifies it to include the virus and to help spread the virus.5/10/201013

17. 5/10/201014

18. PolymorphicChange virus’s signature each time.It’s designed to avoid detection by antivirus software.A polymorphic virus acts like a chameleon.5/10/201015

19. EncryptedEncrypted virus to avoid detection.It has a decryption code along with the encrypted virus.5/10/201016

20. StealthIt use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it. in fact, the first computer virus, was a stealth virus5/10/201017

21. TunnelingInstall itself in the interrupt-handler chain or in device drivers attempting to bypass detection.Try to intercept the actions before the anti-virus software can detect the malicious code.5/10/201018

22. MultipartiteInfect multiple parts of the system.Including boot sector, memory, and files.So it’s difficult to be detected by the antivirus scanner.5/10/201019

23. ArmoredThe most dangerous type. The virus may use methods to make tracing, disassembling, and reverse engineering its code more difficult.Virus droppers and other full files which are part of a virus infestation are hidden.5/10/201020

24. Any Questions ?5/10/201021