Transmission and Propagation

• How is malware propagated?
• The book lists a number of mechanisms
  • Part of the installation of a program.
  • An attachment to an email
    • Download and run a program.
    • Which is the installation program for the malware.
    • Auto run programs can escape the application which opens by default.
      • Many editors, for example, have a shell escape.
      • A bug in vim
  • Macros in a document
    • Here is a recent one.
  • Autorun when a new device is inserted
    • Stuxnet.
  • Insertion into executable code.
    • Remember, executable code is just a series of instructions.
    • So the virus can copy itself into the beginning of the executable code section of a good program.
    • Then the virus code will be executed when the program starts to run.
    • And the program will run after that.
      • This could mess with jump addresses
      • And the code might not run.
    • How often have you downloaded something and it just crashes?
    • They show other possibilities too.