2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet856/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   852   853   854   855   856   857   858   859   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Virus Technologies
As virus detection and eradication technology rises to meet new threats programmed by 
malicious developers, new kinds of viruses designed to defeat those systems emerge. This 
section examines four specific types of viruses that use sneaky techniques in an attempt to 
escape detection—multipartite viruses, stealth viruses, polymorphic viruses, and encrypted 
viruses.
Multipartite Viruses Multipartite viruses
use more than one propagation technique in 
an attempt to penetrate systems that defend against only one method or the other. For 
example, the Marzia virus discovered in 1993 infects critical COM and EXE files, most 
notably the 
command.com
system file, by adding 2,048 bytes of malicious code to each file. 
This characteristic qualifies it as a file infector virus. In addition, two hours after it infects 
a system, it writes malicious code to the system’s master boot record, qualifying it as a boot 
sector virus.
Stealth Viruses Stealth viruses
hide themselves by actually tampering with the operating 
system to fool antivirus packages into thinking that everything is functioning normally. For 
example, a stealth boot sector virus might overwrite the system’s master boot record with 
malicious code but then also modify the operating system’s file access functionality to cover 

Malicious Code 
923
its tracks. When the antivirus package requests a copy of the MBR, the modified operating 
system code provides it with exactly what the antivirus package expects to see—a clean 
version of the MBR free of any virus signatures. However, when the system boots, it reads 
the infected MBR and loads the virus into memory.
Polymorphic Viruses Polymorphic viruses
actually modify their own code as they travel 
from system to system. The virus’s propagation and destruction techniques remain the 
same, but the signature of the virus is somewhat different each time it infects a new system. 
It is the hope of polymorphic virus creators that this constantly changing signature will ren-
der signature-based antivirus packages useless. However, antivirus vendors have “cracked 
the code” of many polymorphism techniques, so current versions of antivirus software 
are able to detect known polymorphic viruses. However, it tends to take vendors longer to 
generate the necessary signature files to stop a polymorphic virus in its tracks, which means 
the virus can run free on the internet for a longer time.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   852   853   854   855   856   857   858   859   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish