1. History and theories
   1. Self-replicating structure
      1. John von Neumann
         1. Game theory
         2. Hydrogen bomb
         3. Self-replicating automata (1966)
            1. Universal machine
            2. Universal constructor
            3. Information tape
      2. Alan Turing
         1. Turing machine
   2. Cellular automaton
      1. John Horton Conway
         1. Game of life (1970)
   3. Core (1966) war
      1. A.k.a. Darwin
      2. People
         1. Robert Morris Sr.
         2. Victor Vyssotsky
         3. Dennis Ritchie
      3. Objective
         1. Kill opponent's programs by overwriting them
   4. Morris worm (1988)
      1. Robert Morris Jr.
      2. First computer worm on Internet
   5. Genesis of computer virus
      1. Creeper and Reaper (1971)
      2. Quine (1972)
      3. John Walker's Animal game (1975)
      4. Elk Cloner (1982)
      5. Brain (1986)
      6. Jerusalem (1987)
      7. Stoned (1987)
      8. Cascade (1988)
2. Classifications
   1. Virus
      1. By coding method
         1. Polymorphic code
            1. Mutate code
            2. Encryption
            3. Avoid signature detection
            4. Keep original
            5. Hidden measure
         2. Self-modifying code
            1. Alter instructions while execute
         3. Alphanumeric code
         4. Methmorphic code
            1. Reprogram
         5. Shell code
            1. Local
            2. Remote
      2. By infect host
         1. File infector virus
         2. Boot sector virus
         3. MBR virus
         4. Multipartite virus
         5. Marco virus
      3. By infection strategies
         1. Marco
            1. written in marco language
         2. Network
            1. Spread by network, seeking for vulnerable system
         3. Logical bomb
            1. Set off a malicious function upon specified conditions meet
         4. Cross-site scripting
            1. Vulnerability which allow code injection in web applications
         5. Sentinels
            1. Allow remote control of infected host
            2. Zombie for DDoS
         6. Companion
            1. Found in MS-DOS
         7. Boot sector
            1. Alter/hide in boot sector and affect disks
         8. Multiparttite
            1. Combination of file and bootsector virus
   2. Trojan horse
      1. Pure trojan
      2. Modification of applications
      3. Backdoor
         1. Upon execute
         2. Program design flaw
   3. Worm
      1. Network virus
         1. Mailers
            1. Send themselves in an e-mail
         2. Mass-mailers
            1. Send multiple e-mails including a copy of themselves
         3. Octopus
            1. Exists as a set of programs on more than one computer on a network
         4. Rabbits
            1. Exists as a single copy of itself at any point in time as it "jumps around" on networked hosts
   4. Malware
      1. Software designed to infiltrate and damage computer
   5. Virus Hoaxes
      1. False message about nonexist virus attacks
   6. Rootkits
      1. Undetectable
      2. Allow attacker to gain root privilege
      3. Not a virus, control by human
      4. Not an exploit
         1. Dangerous when combine with virus
3. Computer virus
   1. The term first used by Fred Cohen in 1984
   2. Definition: A virus is a program that is able to infect other programs by modifying them to include a possibly evolved copy of itself
      1. Virus must execute itself
      2. Virus must replicate itself
   3. Components
      1. Replicator
         1. Control the spread
      2. Concealer
         1. Keep virus undetected
      3. Bomb
         1. Activation conditions for execution
   4. Virus scanner
      1. Signature
         1. Identify viruses
      2. Knowledge base
      3. Behaviour base
   5. Naming conventions
      1. <malware_type>://<platform>/<family_name>. <group_name>.<infective_length>. <variant><devolution><modifiers>
      2. Network associate
         1. Prefix
            1. Type of file/platform infected
         2. Infix
         3. Suffix
            1. Distinguish variants
4. Testing
   1. EICAR testfile
      1. By European Institute for Computer Antivirus Research (1990)
      2. Test the response of Anti-virus programs
         1. Without use of real virus
      3. A text file with 68 or 70 bytes length
      4. Virus scanner will response like a real alarm
   2. Virus Simulators
      1. Types
         1. 1. Demonstrate the effects of some real computer viruses
         2. 2. Simulate a virtual environment
         3. 3. Generate files containing scan strings used by some scanners to detect real viruses
      2. Uses
         1. Educational purpose
         2. Antivirus quality test
         3. Antivirus installation check