1. History and theories
    1. Self-replicating structure
      1. John von Neumann
      2. Alan Turing
    2. Cellular automaton
      1. Game of life
      2. John Horton Conway
    3. Code war
      1. Year 1966
      2. People
        1. Robert Morris Sr.
        2. Victor Vyssotsky
        3. Dennis Ritchie
      3. Objective
        1. Kill opponent's programs by overwriting them
    4. Morris worm
      1. Year 1988
      2. Robert Morris Jr.
      3. First computer worm on Internet
    5. Genesis of computer virus
      1. Creeper and Reaper (1980s) --> Quine --> Elk Cloner (1982) --> Brain (1986) --> Jerusalem (1987) --> Stoned (1988) --> Cascade (1988)
  2. Computer virus
    1. The term first used by Fred Cohen in 1984
    2. Definition: A virus is a program that is able to infect other programs by modifying them to include a possibly evolved copy of itself
      1. Virus must execute itself
      2. Virus must replicate itself
    3. Components
      1. Replicator
        1. Control the spread
      2. Concealer
        1. Keep virus undetected
      3. Bomb
        1. Activation conditions for execution
    4. Virus scanner
      1. Signature
        1. Identify viruses
      2. Knowledge base
      3. Behaviour base
    5. Naming conventions
      1. <malware_type>://<platform>/<family_name>. <group_name>.<infective_length>. <variant><devolution><modifiers>
  3. Testing
    1. EICAR testfile
      1. By European Institute for Computer Antivirus Research, which found in 1990
      2. Test the response of Anti-virus programs
      3. People can test without using real virus
      4. A text file with 68 or 70 bytes length
      5. Virus scanner will response like a real alarm
    2. Virus Simulators
      1. Types
        1. 1. Demonstrate the audio- and video-effects of some real computer viruses
        2. 2. Simulate a virtual environment--a virtual computer, with virtual disks, virtual files, and virtual viruses on them
        3. 3. Generate files containing scan strings used by some scanners to detect real viruses
      2. Uses
        1. Educational purpose
        2. Antivirus quality test
        3. Antivirus installation check
  4. Classifications
    1. Virus
      1. By coding method
        1. Polymorphic code
        2. Self-modifying code
        3. Alphanumeric code
        4. Methmorphic code
        5. Shell code
      2. By infect host
        1. File infector virus
        2. Boot sector virus
        3. MBR virus
        4. Multipartite virus
        5. Marco virus
      3. Subtopic
      4. By infection strategies
        1. Marco
          1. written in marco language
        2. Network
          1. Spread by network, seeking for vulnerable system
        3. Logical bomb
          1. Set off a malicious function upon specified conditions meet
        4. Cross-site scripting
          1. Vulnerability which allow code injection in web applications
        5. Sentinels
          1. Allow remote control of infected host
          2. Zombie for DDoS
        6. Companion
          1. Found in MS-DOS
        7. Boot sector
          1. Alter/hide in boot sector and affect disks
        8. Multiparttite
          1. Combination of file and bootsector virus
    2. Trojan horse
      1. Pure trojan
      2. Modification of applications
    3. Worm
      1. Mailers
        1. Send themselves in an e-mail
      2. Mass-mailers
        1. Send multiple e-mails including a copy of themselves
      3. Octopus
        1. Exists as a set of programs on more than one computer on a network
      4. Rabbits
        1. Exists as a single copy of itself at any point in time as it "jumps around" on networked hosts
    4. Malware
      1. Malicious software which infiltrate and damage computer
    5. Virus Hoaxes
      1. False e-mail message about virus attacks
    6. Rootkits
      1. Undetectable
      2. Allow attacker to gain root privilege
      3. Not a virus, control by human
      4. Not an exploit
      5. Dangerous when combine with virus