CS283 - Class 13 Recap - 20091124

CS283 - Class 13 Recap - 20091124 - Class 13(20091124 Recap...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
lass 13(20091124) Recap Class 13(20091124) Recap CS 172/283 Autumn 2009 GWU
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Class 13 (20091124) Recap ¾ Review of Key Concepts ¾ Review of Additional concepts ¾ ¾ Quiz #5 Results (20 minutes ) ¾ Test #2 – 90 Minutes 2 GWU CS 172/283 - Autumn 2009 Holmblad – Class 14- Rev 20091201
Background image of page 2
Class 13 (20091124) Recap Review of Key Concepts from prior lecture 3 GWU CS 172/283 - Autumn 2009 Holmblad – Class 14- Rev 20091201
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Class 13 (20091124) Recap Review of Key Concepts ¾ Computer Viruses ¾ Typically exploit buffer overflow, format, or string vulnerabilities ¾ Computer Viruses – Types/Taxonomy ¾ Binary=>often written in assembly language acro=>written in application macro language ¾ Macro=>written in application macro language ¾ Computer Viruses - Classification by where the malware attaches ¾ Boot sector viruses – attach to boot sector ¾ Parasitic viruses – attach to file ultipartite viruses ttach to either ¾ Multipartite viruses attach to either ¾ Polymorphic viruses, Stealth Viruses, TSRs (Terminate Stay Resident), LKMs (Loadable Kernel Modules), Encrypted viruses 4 GWU CS 172/283 - Autumn 2009 Holmblad – Class 14- Rev 20091201
Background image of page 4
eview of Key Concepts Review of Key Concepts ¾ Virus may include code to ¾ search for files to infect, replicate itself, make a copy of self, attach to file/boot sector, drop a payload, ¾ implement measures to avoid detection => intercept system calls, fool/disable antiviral tools, modify audit logs ¾ Means of attaching=>Overwriting, appending at the beginning, appending at the beginning and at the end, terspersing companions interspersing, companions ¾ 5 methods of virus detection: ¾ File integrity checking ¾ Interrupt monitoring ¾ Memory Detection ignature Scanning ¾ Signature Scanning ¾ Heurstic/Rule based 5 GWU CS 172/283 - Autumn 2009 Holmblad – Class 14- Rev 20091201
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

This document was uploaded on 12/05/2009.

Page1 / 18

CS283 - Class 13 Recap - 20091124 - Class 13(20091124 Recap...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online