Computer Virus.......

. 1. Computer Virus 2. (3) memorylife life Email(4) file .exe (2)

. NOTE1NOTE2quasi-virus(1) 1987CHRISMAS(2) (a) Torojon HorseBBS(b) NOTE3Carrier computer virus LANInternet E-mail VBS_LOVELETTER

Back Orifice

. 3. : : symptom boot sector 41track 41gappartition recordexecomovlsyshidden filedata file exe com, boot sector, partition record, device driver, overlay file load timememory hard disk file file file

. 4. 1960HackerMIT 1984CohenComputer Virus 1988*Morrisworm19901000040036000shut down1097 (1.) SEND MAIL(hole; bug)(2.) finger demon (3.) (trusted host feature) (password)(4.) (program of password guessing

. 4. Techweb2010:

CIH(1998)Windows 95/98EXE

(Melissa,1999)Word97

I love you(2000)VBScriptE-Mail

(Code Red2001)

SQL Slammer(2003)SQL SERVER 20001434

(Blaster2003)IPWin2K@@PDCOM RPC

. 4.

.F(Sobig.F2003)Sobig.f Sobig.fSMTP

(Bagle2004)

MyDoom(2004)MyDoom P2PKazaa

Sasser(2004)Lsass( MS04-011)

. 5. internet () Internet , .EXE.COM VBA , .DOC.XLS , Taiwan NO.1 VBScript JAVAScript , .VBS.JSDOSDOS (Interrupt) boot sectorpartition tableC-BrianDisk-Killer *.COM*.EXE (Boot Sector) :(Hammer)Flipplastique

. 1. (1)

BIOS BIOS

POST POST

(1)

BOOT Partition

(2)

DOS BOOT

CONFIG.SYSAUTOEXEC.BAT DOS

A:\> CONFIG.SYSAUTOEXEC.BAT

C:\>

. 1. (2) -

INT 21H

INT 21H INT 21H

21H21H

INT 21HINT 21H

21H

. 1. (2) - (2) -

MIX.EXEINT 21Hfile

. COMEXE.COM OR .EXE(1) (2).EXE.COMCODEDATASTACKsegment64K memory.EXECOMEXEMEMORY

. 2. (1)COM

. 2. (1)COM

. 2. (1)COM

. 2. (1)COM

. 2. (1)COM

. 2. (2)EXE

. 1. (Binary Code) scanscan .EXE .COMBOOTpartition

. 1. (Check-sum) (Rule-based)

. 1. VICEDOSCPUVICE(Software Emulation) (Polymorphic /Mutation Virus)CPUDOS(Virtual Machine)VICE(Virus Instruction Code Emulation)

. 1. I/O(Realtime I/O Scan) MacroTrapTM (Rule base) OLE2 Realtime I/O Scan/Realtime I/O scan(MacroTrapTM)

. 2. (1) PATH COMSPECCOMMAND.COM(2)

. 2. (2) COM(a) 1.2.:stack

. 2. (2) COM(a)

. 2. (2) COM(a)

. 2. (2) COM

. 2. (2) EXESSSPCSIP(a): SPSSIPCS

SPSSIPCSwolf-man (b)SSSPIPCS

()

. 2. (2) EXE

. 2. (3)

BOOTpartition tablestonedDisk-KillerC-BrianclusterBOOTDOSBOOTPartition TablePT0 Head0 Track2-17 sector

. 3. COM

SCAN

. 3. COM

. 3. EXE

. 3.

.

1. (1)

.

1. MEMORYDISK MEMORYDISK (1)

.

1. (1)

.

1. (2) ?

.

1. (2) WHY?

.

1. (2) vac_size (16 bytes)((filesize+15)/16 * 16) + vac_size; (16bytes)CS()((filesize+15)/16) headersizeIPSSCSSPvac_size filesize headersizeCSIPSSSP

.USB

USBAutorun.infUSB()Autorun.inf

.

1. C:\WINDOWS\system32(sysudisk.exe)(Windows )(c:\d:\e:\) autorun.inf (udisk.exeshell.exe)recyclerecyled() USBUSBUSBWindows USBautorun.inf USBWindows USB USBUSBAutorun.infUSB()Autorun.inf

.

2. autorun.infUSBUSB autorun.inf autorun.inf USB

.

(Denial of service;DoS)(SQL Injection)

.

(Denial of service;DoS)2000/2/7YahooBuy.comCNNAmazonZDNETDatekE-Trade12900

.

(Denial of service;DoS)

.

(Distributed Denial of service;DDoS)

.

ClientC Host (;H) Broadcaster (;B) Target (T)

.

DDoSRouterDNSServer

.

2002/4/22[]SQLy (SQL Injection)

.

IDPasswordSQLStr=Select * From Where id = & 1 & && password=& 2 & 12If not recordset.eof then &&123456SQLStr=Select * From Where id = 123 && password=456

.

IDPassword12or=456SQLStr=Select * From Where id = or= && password=456

.

(Phreak)(Fishing)(IM) (2008)(Phishing)

.

(Phishing)

.

(Phishing)

.

(Phishing)1. (1) Fromservice@paypal.comonlineservice@hsbc.co.ukcustomerservice@citibank.com

.

(Phishing)

.

(Phishing)(2) E-mail (Spear Phishing)

.

(Phishing)2. DNS DNS 0 o 1 ln hvv wm rn (1)

.

(Phishing)2. (2)(i) JavaScript JavaScript

.

(Phishing)(i) JavaScript

.

(Phishing)(ii) IP (iii) URL

.

(Phishing)2. (3)(Pharming)DNS (DNS Cache Poisoning)(Domain Name System, DNS) DNS DNS DNS (Recursion)

.

(Phishing)2. (4)(Cross-Site Scripting, XSS)

XSS HTML Script HTML JAVA Script tw.yahoo.com

.

(Phishing)2. (5)

(6)

.

(Phishing)2. (7)

.

,

82 19928 http://ics.stpi.org.tw/Treatise/

Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90