Professional Documents
Culture Documents
Definition
Computer virus refers to a program which
damages computer systems and destroy
data files
Polymorphic
Polymorphic virus infects files with an encrypted copy of itself,
which is decoded by a decryption module. However, this
decryption module is also modified on each infection. A well-
written polymorphic virus therefore has no parts which remain
identical between infections, making it very difficult to detect.
Cont...
Companion
A type ofcomputer virusthat compromises a feature ofDOSthat
enablessoftwarewith the same name, but different extensions, to operate
with different priorities. For example you may have program.exeon your
computer, and thevirusmay create afile calledprogram.com. When the
computer executesprogram.exe, the virus
runsprogram.combeforeprogram.exeis executed. In many cases, the real
program will run so users believe that the system is operating normally and
aren't aware that a virus was run on the system .
Armored
A type ofvirusthat has been designed to thwart attempts by analysts from
examining itscodeby using various methods to make tracing, disassembling
andreverse engineeringmore difficult. An Armored Virus may also protect
itself fromantivirus programs, making it more difficult to trace. To do this, the
Armored Virus attempts to trick theantivirus programinto believing its
location is somewhere other than where it really is on thesystem.
Some Common virus attacking
windows operating system
Brain
With this URL, the browser requests the dynamic page show.asp from
the server and with it also sends the parameter "view" with the value of
"oldarchive.html".
The request would return to the user a list of all files in the C:\
directory by executing the cmd.exe command shell file and run the
command "dir c:\" in the shell.
The %5c expression that is in the URL request is a web server escape
code which is used to represent normal characters. In this case %5c
represents the character "\".
%2e%2e%2f = ../
%2e%2e%5c = ..\
Variations of Directory Traversal
1. Directory traversal on Unix
http://www.somewebsite.com/%2e%2e%2fpasswor
d.txt
Ideally a web server must not serve documents
outside the web root folder, but in the above case
the web server fails to block the escaped
representation of the../command.
This might give the attacker the ability to view restricted files,
or even more dangerous, allowing the attacker to execute
powerful commands on the web server which can lead to a full
compromise of the system.
Filter any user input. Ideally remove everything but the known good
data and filter meta characters from the user input. This will ensure
that only what should be entered in the field will be submitted to the
server.