Type
Quiz
Book Title
Computer Security Fundamentals 3rd Edition
ISBN 13
978-0789757463

Networking Chapter 5 Instructors Manual Materials Accompany Computer Security Fundamentals Malware Objectives When

May 3, 2021
Instructors Manual Materials to Accompany
COMPUTER SECURITY FUNDAMENTALS
CHAPTER 5
MALWARE
CHAPTER 5 OBJECTIVES
When students have finished reading this chapter, they will be able to:
Understand viruses (worms) and how they propagate, including the Sobig and Sasser types.
Have a working knowledge of several specific virus outbreaks.
Understand how virus scanners operate.
Understand what a Trojan horse is and how it operates.
Have a working knowledge of several specific Trojan horse attacks.
Grasp the concept behind the buffer overflow attack.
Have a better understanding of spyware and how it enters a system.
Defend against each of these attacks through sound practices, antivirus software, and anti-spyware
software.
CHAPTER OVERVIEW
In this chapter, you will learn about the how and why of virus outbreaks and Trojan horses. Other malware will be
explored, such as buffer overflow attacks and spyware. Your ability to defend against such attacks will be
enhanced by expanding your knowledge of how they work. In the exercises at the end of the chapter, you will
have the opportunity to research preventative methods for viruses and try out antivirus methods from McAfee and
Norton.
The major sections in this chapter are:
2. Trojan Horses. Explores Trojan horses and how to prevent them.
4. Spyware. Covers spyware and discusses the use of spyware and key loggers.
6. Detecting and Eliminating Viruses and Spyware. Describes some tools that can be used to detect and
eliminate malware; discusses several useful Web sites and utilities.
CHAPTER OUTLINE
I. Chapter 5 Objectives
II. Introduction
III. Viruses
How a Virus Spreads
Types of Viruses
Macro
Multi-Partite
Armored
Memory Resident
Sparse Infector
Polymorphic
Recent Virus Examples
W32/Netsky-P
1.Troj/Invo-Zip
3. The Sobig Virus
4. The Mimail Virus
The Bagle Virus
A Nonvirus Virus
Rules for Avoiding Viruses
IV. Trojan Horses
V. The Buffer Overflow Attack
VI. The Sasser Virus/Buffer Overflow
VII. Spyware
Legal Uses of Spyware
How Is Spyware Delivered to a Target System?
Obtaining Spyware Software
VIII. Other Forms of Malware
Rootkit
Malicious Web-Based Code
Logic Bombs
Spam
APT
IX. Detecting and Eliminating Viruses and Spyware
Antivirus Software
Antispyware Software
X. Summary
XI. Test Your Skills
XII. Exercises
XIII. Projects
KEY TERMS
adware Software loaded onto your machine, often without your knowledge, which causes ads to pop up on your
screen. This technology often works in a different manner than web page pop-ups; thus, pop-up blockers will not
stop it.
APT Advanced Persistent Threat
back door A hole in the security system deliberately left by the creator of the system.
buffer overflow An attack that involves loading a buffer with more data than it is designed to hold.
code The source code for a program or the act of programming, as in “to code an algorithm.
cookie A small file containing information from a Web site.
key logger Software that logs key strokes on a computer.
malware Any software that has a malicious purpose, such as a virus or Trojan horse.
on-demand virus scanners Virus scanning that runs when requested by the user.
port A numerical designation for a connection point on a computer. There are well-defined ports for specific
protocols such as FTP port 21, HTTP port 80, and so forth.
Trojan horse Software that appears to have a valid and benign purpose but actually has a malicious purpose.
virus Software that is self-replicating and spreads like a biological virus.
TEACHING NOTES
I. Viruses
Teaching Tips: Ask students whether any of them have had their PC infected with a virus.
What was the result? How did they recover?
II. Trojan Horses
Teaching Tips: Many Trojan horses are used to pick up IDs and passwords. Demonstrate that,
in Windows, you can press [Alt] [Ctrl] and [Del] to be sure you are logging into the Microsoft authentication
program.
III. Buffer Overflow
Teaching Tips: Keep typing into a web page past the end of the field to see what the web
page does.
IV. Spyware
PROJECTS/EXERCISES
I. Discussion Questions
A. Discussion Question 1
Should parents install spyware on their PC to monitor their children’s activities?
B. Discussion Question 2
Do pop-up blockers block an advertiser’s freedom of speech?
II. Web Projects
A. Web Project 1
Cell phones are actually mobile computers. It didn’t take long before someone wrote
malware for one. Go to Google.com and enter “cell phone virus. Are there many cell phone
viruses “out in the wild” yet? What do they do? How to they propagate? What cell phones are
vulnerable?
B. Web Project 2
Go to http://www.kazaa.com/us/index.htm for the Kazaa Peer to Peer file sharing system.
Click the Privacy button. Click Our Privacy Statement. Find out what information is collected by
the different software programs installed with Kazaa. What do these programs do to your
computer? Can you “opt out”? Is Kazaa spyware or adware?
C. Web Project 3
Go to Google.com and enter “hardware keylogger.” You can record keystrokes without
installing software by using a device that attaches between the keyboard cable and behind your
PC. How much do these devices cost? How many keystrokes can they record? How can you
detect if one is attached without looking at the back of your computer? Check out
http://keystroke-loggers.staticusers.net/hardware.shtml.
D. Web Project 4
When is it legal to use spyware? In Florida, a wife used spyware to gather evidence. The
wife who installed spyware on her husband’s computer to secretly record evidence of an
extramarital affair violated Florida law. The Florida Appeals Court said that she “illegally
obtained” records of her husband’s online conversations with another woman. If you can’t spy on
your family, who can you spy on? Go to Google.com and type in your state and “spyware court.”
See if you can find out what the laws in your state say about legal use of spyware.
WEB RESOURCES
http://www.f-secure.com/virus-info/virus-news/ Virus news and information from the F-Secure Corporation
http://www.cert.org/nav/index_red.html Virus information from the CERT® Coordination Center of
Carnegie-Mellon University, a reporting center for Internet security problems
http://www.spywareguide.com Information on spyware and adware, product reviews, and privacy tips from
the SpywareGuide site
http://www.spectorsoft.com Spector Pro Internet monitoring and reporting software from the SpectorSoft
Corporation
CHAPTER REVIEW/ANSWERS TO TEST YOUR SKILLS
Multiple Choice Questions
1. Which of the following is the best definition of virus?
2. What is the most common damage caused by virus attacks?
3. What is the most common way for a virus to spread?
4. Which of the following is the primary reason that Microsoft Outlook is so often a target for virus attacks?
5. Which of the following virus attacks used a multimodal approach?
6. What factor about the Sobig virus made it most intriguing to security experts?
7. What was most interesting to security experts about the Mimail virus?
8. Which of the following reasons most likely made the Bagle virus spread so rapidly?
9. What made the Bagle virus so dangerous?
10. Which of the following is a way that any person can use to protect against virus attacks?
11. Which of the following is the safest way to send and receive attachments?
12. Which of the following is true regarding e-mailed security alerts?
13. Which of the following is something a Trojan horse might do?
14. What is a buffer overflow attack?
15. What virus exploited buffer overflows?
16. What can you do with a firewall to help protect against virus attacks?
17. A key logger is what type of malware?
18. Which of the following is a step that all computer users should take to protect against virus attacks?
19. What is the primary way a virus scanner works?
20. What other way can a virus scanner work?
Exercises
EXERCISE 5.1: USING NORTON ANTIVIRUS AND EXERCISE 5.2: USING MCAFFEE ANTIVIRUS
EXERCISE 5.3: PREVENTING SASSER, EXERCISE 5.4: PREVENTING SOBIG, AND EXERCISE 5.5:
LEARNING ABOUT CURRENT VIRUS ATTACKS
These exercises ask students to use well-known Web resources to identify information about potential virus
Projects
PROJECT 5.1: ANTI-VIRUS POLICIES
This activity can be completed by a student working alone, or as a group project. Students are asked to write an
original antivirus policy for a small business or school. Check that the policies are written to cover both technical
and procedural guidelines. The successful completion of this project should include a policy list that covers the
following five areas.
PROJECT 5.2: THE WORST VIRUS ATTACKS
Students are asked to discuss the virus that they consider to have been the worst in history. Successful students
PROJECT 5.3: WHY WRITE A VIRUS?
This project asks students to speculate about virus writers’ motives. There is no clear right or wrong answer. The
Case Study
This case study requires students to consider how to secure a network from virus attacks. To do the case study,
students need to apply all the knowledge presented in this chapter and gathered from the previous exercises and
projects. Look to see if students can determine where the school’s system is still unsecured. Students should