CS283 - Class 13 Recap - 20091124

CS283 - Class 13 Recap - 20091124 - Class 13(20091124)...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Class 13(20091124) Recap CS 172/283 Autumn 2009 GWU Class 13 (20091124) Recap Review of Key Concepts Review of Additional concepts Q&A Quiz #5 Results (20 minutes ) Test #2 90 Minutes 2 GWU CS 172/283 - Autumn 2009 Holmblad Class 14- Rev 20091201 Class 13 (20091124) Recap 3 Review of Key Concepts from prior lecture GWU CS 172/283 - Autumn 2009 Holmblad Class 14- Rev 20091201 Class 13 (20091124) Recap Review of Key Concepts Computer Viruses Typically exploit buffer overflow, format, or string vulnerabilities Computer Viruses Types/Taxonomy Binary=>often written in assembly language Macro=>written in application macro language Computer Viruses - Classification by where the malware attaches Boot sector viruses attach to boot sector Parasitic viruses attach to file Multipartite viruses attach to either Polymorphic viruses, Stealth Viruses, TSRs (Terminate Stay Resident), LKMs (Loadable Kernel Modules), Encrypted viruses 4 GWU CS 172/283 - Autumn 2009 Holmblad Class 14- Rev 20091201 Class 13 (20091124) Recap Review of Key Concepts Virus may include code to search for files to infect, replicate itself, make a copy of self, attach to file/boot sector, drop a payload, implement measures to avoid detection => intercept system calls, fool/disable antiviral tools, modify audit logs Means of attaching=>Overwriting, appending at the beginning, appending at the beginning and at the end, interspersing, companions 5 methods of virus detection: File integrity checking Interrupt monitoring Memory Detection Signature Scanning Heurstic/Rule based 5 GWU CS 172/283 - Autumn 2009 Holmblad Class 14- Rev 20091201 Class 13 (20091124) Recap...
View Full Document

This document was uploaded on 12/05/2009.

Page1 / 18

CS283 - Class 13 Recap - 20091124 - Class 13(20091124)...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online