10.1 What is the role of compression in the operation of a virus? Get this solution
10.2 What is the role of encryption in the operation of a virus? Get this solution
10.3 What are typical phases of operation of a virus or worm? Get this solution
10.4 What is a digital immune system? Get this solution
10.5 How does behavior-blocking software work? Get this solution
10.6 In general terms, how does a worm propagate? Get this solution
10.7 Describe some worm countermeasures. Get this solution
10.8 What is a DDoS? Get this solution
Problems
10.1 There is a flaw in the virus program of Figure 10.1.What is it? Get this solution
10.2 The question arises as to whether it is possible to develop a program that can analyze a piece of software to determine if it is a virus. Consider that we have a program D that is supposed to be able to do that. That is, for any program P, if we run D(P), the result returned is TRUE (P is a virus) or FALSE (P is not a virus). Now consider the
following program:
Program CV :=
{ ...
main-program :=
{if D(CV) then goto next:
else infect-executable;
}
next:
}
In the preceding program, infect-executable is a module that scans memory for executable programs and replicates itself in those programs. Determine if D can correctly decide whether CV is a virus. Get this solution
10.3 The point of this problem is to demonstrate the type of puzzles that must be solved in the design of malicious code and therefore, the type of mindset that one wishing to counter such attacks must adopt.
a. Consider the following C program:
begin
print (*begin print (); end.*);
end
What do you think the program was intended to do? Does it work?
b. Answer the same questions for the following program:
char [] = {'0', ' ', '}', ';', 'm', 'a', 'i', 'n',
'(', ')', '{', and so on... 't', ')', '0'};
main ()
{
int I;
printf(*char t[] = (*);
for (i=0; t[i]!=0; i=i+1)
printf("%d, ", t[i]);
printf("%s", t);
}
c. What is the specific relevance of this problem to this chapter? Get this solution
10.4 Consider the following fragment:
legitimate code
if data is Friday the 13th;
crash_computer();
legitimate code
What type of malicious software is this? Get this solution
10.5 Consider the following fragment in an authentication program:
username = read_username();
password = read_password();
if username is "133t h4ck0r"
return ALLOW_LOGIN;
if username and password are valid
return ALLOW_LOGIN
else return DENY_LOGIN
What type of malicious software is this? Get this solution
10.6 The following code fragments show a sequence of virus instructions and a metamorphic version of the virus. Describe the effect produced by the metamorphic code.
a. The assumption has been expressed by many people that this list represents words
commonly used as passwords. Does this seem likely? Justify your answer.
b. If the list does not reflect commonly used passwords, suggest some approaches
that Morris may have used to construct the list. Get this solution
10.8 Suggest some methods of attacking the PWC worm defense that could be used by worm creators and suggest countermeasures to these methods. Get this solution
