B FOR 204 Lecture Notes - Lecture 3: Antivirus Software, Browser Helper Object, Application Programming Interface
BFOR 204 – Spring 2018
Lectures 3
Viruses
• Parasitic software fragments that attach themselves to some existing executable
content
• Can “infect” other programs or any type of executable content and modify them
• The modification includes injecting the original code with a routine to make copies of
the virus code, which can then go on to infect other content
• One reason viruses dominated the malware scene in earlier years was the lack of
user authentication and access controls on personal computer systems
Virus Structure
• A computer virus and many contemporary types of malware includes one or more
variants of each of these components:
o Infection mechanism - The means by which a virus spreads or propagates,
enabling it to replicate
o Trigger - The event or condition that determines when the payload is activated or
delivered
o Payload - What the virus does, besides spreading
Virus phases
• During its lifetime, a typical virus goes through the following four phases:
1. Dormant phase
• The virus is idle
• Will eventually be activated by some event
• Not all viruses have this stage
2. Propagation phase
• The virus places a copy of itself onto other programs or into certain
system areas on the disk
3. Triggering phase
• The virus is activated to perform the function for which it was intended
• Can be caused by a variety of system events
4. Execution phase
• The function is performed
Virus Classification by target
• Boot sector infector
o Infects a master boot record or boot record and spreads when a system is
booted from the disk containing the virus
• File infector
o Infects files that the operating system or shell consider to be executable
• Macro virus
o Infects files with macro or scripting code that is interpreted by an application
• Multipartite virus
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Lectures 3 content: parasitic software fragments that attach themselves to some existing executable. One reason viruses dominated the malware scene in earlier years was the lack of user authentication and access controls on personal computer systems. Virus structure: a computer virus and many contemporary types of malware includes one or more variants of each of these components: Virus classification by target: boot sector infector, file infector, macro virus, multipartite virus. Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus. Infects files that the operating system or shell consider to be executable. Infects files with macro or scripting code that is interpreted by an application. It attempted to log on to a remote host as a legitimate user. It exploited a bug in the unix finger protocol, which reports the whereabouts of a remote user.