Cornell University

Computer Virus Seminars at Cornell University

June 27, 2002

Lecturer: Christine M. Orshesky, CISSP, CQA

Digital Immunity — Myths and Reality

   
Date: 27 June 2002, 10:00-11:30 AM
Place: McGraw Hall Room 165
Format: Interactive/Demonstration
Audience:   Security Team (approximately 25 attendees)

Abstract:
At an ever-increasing rate, viruses and other forms of malicious code are attacking your network, your inbox, and your organization. This seminar takes you on a brief journey through the world of viruses and other things lurking and bumping around your network. We will explore the concepts of digital immunity, what’s needed and what’s possible. We will also explore the concepts and components of incident management as a way to mitigate virus related incidents. Through the demonstration of a "live" virus creation tool — you will have the opportunity to create a virus that applies some of the exploitation techniques and effects in an attempt to evade your network defenses. At the conclusion, we will review the lessons learned from the demonstration and discuss effective means of mitigating the risk of such infections.

Outline:

  1. Malware
    1. Threats and Techniques
      1. Propagation
      2. Exploitation
    2. Impact and Effects
      1. Spoofing
      2. Denial of Service
      3. "Netspionage"
  2. Incident Management
    1. Preparation
    2. Detection and Containment
      1. Tools
      2. Techniques
    3. Eradication and Recovery
      1. Infections
      2. Residual Effects
    4. Reporting
      1. Lessons Learned
      2. Trend Analysis
  3. Demonstration
    1. Virus Creation
    2. Source Code review
    3. Mitigation

Table of Contents (with links to presentation slides):

  1. Title Slide (or text-only slides)
  2. Topics for Discussion
  3. What is Malware?
  4. Virus – Defined
  5. Virus Infection Process
  6. Types of Viruses
  7. Virus - Example
  8. Worm - Defined
  9. Worm - Example
  10. Trojan horse – Defined
  11. Trojan horse - Examples
  12. Joke Program – Defined
  13. Joke Program – Example
  14. Hoax – Defined
  15. Hoax - Example
  16. Logic Bomb – Defined
  17. Logic Bomb – Example
  18. Internet Threats
  19. Exposures
  20. Propagation Requirements
  21. Propagation Requirements
  22. Propagation
  23. How Fast Do They Spread?
  24. Concealment Techniques
  25. Impact and Effects
  26. Impact and Effects (concluded)
  27. Incident Management Model
  28. Response Team Members
  29. Incident Management Model (continued)
  30. Tools
  31. Techniques
  32. Sample Message Header
  33. Incident Management Model (continued)
  34. Incident Management Model (concluded)
  35. Demonstration
  36. Summary
  37. Some Information Resources
  38. Additional Resources
  39. End of Presentation

See also Lecture #2, Survival of the Fittest: The Evolution of Computer Viruses

Sponsored by Cornell's Office of Information Technologies

Last updated June 04, 2007