






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A transcript from a computer science lecture on february 7, 2005, focusing on viruses and self-reproducing code. The lecture covers the basics of viruses, their self-reproduction, and their attachment to other programs. It also discusses the challenges of writing viruses in different programming languages and the characteristics of successful viruses. The lecture also covers the concept of worms and their spread between network hosts through buffer overflow attacks.
Typology: Study notes
1 / 12
This page cannot be seen from the preview
Don't miss anything!







Feb 7, 2005 -- Lecture 9
Douglas W. Jones Department of Computer Science
Self Reproducing Code Simple to write in reflexive languages eg: assembly language Difficult in compiled languages (eg C) main(a) { a="main(a){a=%c%s%c;printf(a,34,a,34);}"; printf(a,34,a,34); } #define q(k)main(){puts(#k"\nq("#k")");} q(#define q(k)main(){puts(#k"\nq("#k")");})
A Virus is: A self-reproducing code fragment That attaches itself to other programs instead of merely outputting itself Therefore, it must contain code to Search out targets Edit targets In addition to basic self-reproduction
Successful viruses: Attach to files likely to be exported MS-Word documents Games Evade notice No obvious side effects No heavy disk usage No huge file-size increment
Detect viral code Does P include code that does X Generally: Equivalent to Halting Problem We rely on approximations Large catalogs of known viruses Patterns of "dangerous operations" Either miss some viruses or prevent some legitimate operation
Worms John Bruner's Shockwave Rider , 1975 First Implemented, Xerox PARC, 1978 Self reproducing code Spreads between network hosts Spread via network links Requirements Read from link executes code Deliberately or not
How can worms invade? Error in network interface that allows injection of code where data intended Buffer Overflow Attack Debugging interfaces left in place Beware: Sensible development tools can be dangerous in production
Buffer Overflow Vulnerability: int f( int i ) { char a[32]; gets( a ); return lookup(a); }