Importance of primer selection for the detection of hepatitis C virus
Virus Primer
description
Transcript of Virus Primer
![Page 1: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/1.jpg)
Virus PrimerVirus Primer
![Page 2: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/2.jpg)
MalwareMalware Classifications of Malware Classifications of Malware
The Classic Virus The Classic Virus WormsWorms TrojansTrojans Other forms of Malware Other forms of Malware
Annoyances Annoyances Identifying Threats Identifying Threats Virus Naming Conventions Virus Naming Conventions Combating Malware Combating Malware
![Page 3: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/3.jpg)
Concept of MalwareConcept of Malware Blanket industry term used to describe the Blanket industry term used to describe the
variety of "malicious software" that is in variety of "malicious software" that is in circulation around the world circulation around the world
Includes:Includes: VirusesViruses WormsWorms TrojansTrojans computer "bombs" computer "bombs" other forms of intentionally destructive software other forms of intentionally destructive software non destructive software pranks non destructive software pranks
![Page 4: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/4.jpg)
The Classic VirusThe Classic Virus A self replicating computer program that can A self replicating computer program that can
"infect" other computer programs "infect" other computer programs May cause no damageMay cause no damage Successful viruses try to stay undetected and Successful viruses try to stay undetected and
replicate themselves as much as possible replicate themselves as much as possible before actually delivering their final payload before actually delivering their final payload
Newer forms of malware that spread rapidly Newer forms of malware that spread rapidly via e-mail and the internet may be configured via e-mail and the internet may be configured to disable its host system immediately to to disable its host system immediately to prevent the user from warning the people on prevent the user from warning the people on their contact list not to open the e-mail that their contact list not to open the e-mail that triggered their infection triggered their infection
![Page 5: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/5.jpg)
Components of a VirusComponents of a Virus Method of Infection Method of Infection Trigger Trigger Payload/Warhead Payload/Warhead
![Page 6: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/6.jpg)
Method of InfectionMethod of Infection Infecting the boot sector Infecting the boot sector Modifying an existing program or Modifying an existing program or
lines of code lines of code Inserting itself into Microsoft Office Inserting itself into Microsoft Office
documents documents Attaching itself to network resources Attaching itself to network resources
![Page 7: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/7.jpg)
TriggerTrigger The component of a virus that launches its The component of a virus that launches its
payload (if it has one)payload (if it has one) Examples:Examples:
a specific date or timea specific date or time an action by the user (opening a file)an action by the user (opening a file) a sequence of events or keystrokesa sequence of events or keystrokes a repetition of eventsa repetition of events
Trigger delayTrigger delay Longer: more opportunity to spreadLonger: more opportunity to spread Too long: risk of detectionToo long: risk of detection
![Page 8: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/8.jpg)
Payload/WarheadPayload/Warhead The final componentThe final component A screen message that taunts the userA screen message that taunts the user Destructive packageDestructive package
scrambles datascrambles data deletes filesdeletes files creates backdoors into systemscreates backdoors into systems causes system crashes causes system crashes
![Page 9: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/9.jpg)
Types of VirusesTypes of Viruses Armored Armored Boot Sector Boot Sector Companion (Spawning) Companion (Spawning) File Infecting/Parasitic File Infecting/Parasitic Germ Germ Intended Intended Latent Latent Macro and scripting Macro and scripting Multi-partiteMulti-partite Polymorphic Polymorphic Proof of concept Proof of concept Retrovirus Retrovirus Stealth Stealth Sparse Infectors Sparse Infectors
![Page 10: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/10.jpg)
Armored VirusArmored Virus A virus which has been "hardened" to A virus which has been "hardened" to
make to make disassembly of its make to make disassembly of its source code or reverse engineering source code or reverse engineering by antivirus analysts more difficult. by antivirus analysts more difficult.
![Page 11: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/11.jpg)
Boot Sector VirusBoot Sector Virus Common when floppy disks were the Common when floppy disks were the
primary method for sharing filesprimary method for sharing files Infects the master boot record (MBR) of Infects the master boot record (MBR) of
a floppy diska floppy disk Spreads to a users hard driveSpreads to a users hard drive Will attempt to infect every floppy disk Will attempt to infect every floppy disk
that is insertedthat is inserted Continue spreading until it’s discoveredContinue spreading until it’s discovered
![Page 12: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/12.jpg)
Companion (Spawning) Companion (Spawning) VirusesViruses
Companion viruses take advantage of a Companion viruses take advantage of a quirk in MS DOS based operating quirk in MS DOS based operating systems, and use malicious files systems, and use malicious files with .COM extension, instead of actually with .COM extension, instead of actually infecting .EXE or executable filesinfecting .EXE or executable files
Operating system "fills in" the extension Operating system "fills in" the extension for you and executes any .COM file for you and executes any .COM file before using it's equivalent .EXEbefore using it's equivalent .EXE
![Page 13: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/13.jpg)
File Infecting/Parasitic File Infecting/Parasitic VirusesViruses
Infects programs files such as those Infects programs files such as those with .EXE, .SYS, .PRG, .BAT, and other extensions with .EXE, .SYS, .PRG, .BAT, and other extensions
Virus writers may insert code at either the Virus writers may insert code at either the beginning or the end of a program so that it is beginning or the end of a program so that it is launched whenever the program is executed launched whenever the program is executed
Overwrite code in an executable to avoid Overwrite code in an executable to avoid changing the size of the original file and changing the size of the original file and hopefully escape detection hopefully escape detection
Cavity viruses attempt to use the "empty space" Cavity viruses attempt to use the "empty space" in a program to modify and infect the file without in a program to modify and infect the file without breaking its functionality or changing the file size breaking its functionality or changing the file size
![Page 14: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/14.jpg)
GermGerm The first initial programmed form of a The first initial programmed form of a
virus (generation zero). virus (generation zero).
![Page 15: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/15.jpg)
IntendedIntended Written to be viruses but don't Written to be viruses but don't
actually replicate actually replicate Contrary to the popular myth, many Contrary to the popular myth, many
virus writers are rank amateurs as virus writers are rank amateurs as well as some of the worst coders in well as some of the worst coders in the world. Their attempts at virus the world. Their attempts at virus writing are often dismal failures and writing are often dismal failures and they don't receive much press. they don't receive much press.
![Page 16: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/16.jpg)
Latent VirusesLatent Viruses Viruses that simply have not been executed Viruses that simply have not been executed A virus written for the Windows platform that was A virus written for the Windows platform that was
sent via e-mail to a Mac user (or stored on a UNIX sent via e-mail to a Mac user (or stored on a UNIX server), is relatively benign to that systemserver), is relatively benign to that system
Antivirus scanners that check only for viruses Antivirus scanners that check only for viruses native to those platforms may miss the file native to those platforms may miss the file entirely entirely
If that file is shared and a Windows user attempts If that file is shared and a Windows user attempts to open or execute it, the virus can rapidly to open or execute it, the virus can rapidly become an active threat on your network become an active threat on your network
![Page 17: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/17.jpg)
Macro and scripting Macro and scripting virusesviruses
Exploit the scripting functionality that Exploit the scripting functionality that Microsoft built into its Office productivity Microsoft built into its Office productivity suite suite
Small scripts imbedded into Word or Excel Small scripts imbedded into Word or Excel that allow routine tasks to be automatedthat allow routine tasks to be automated
Once an infected file is launched, the Once an infected file is launched, the macro replicates itself to all similar macro replicates itself to all similar documents and spreads rapidly through documents and spreads rapidly through the network the network
![Page 18: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/18.jpg)
Multi-partiteMulti-partite Called dual infectorsCalled dual infectors Use more than one mechanism to Use more than one mechanism to
spread themselves and infect other spread themselves and infect other systemssystems
May infect both the data on a disk as May infect both the data on a disk as well as the Master Boot Recordwell as the Master Boot Record
![Page 19: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/19.jpg)
PolymorphicPolymorphic Definition based antivirus software identifies viruses Definition based antivirus software identifies viruses
by searching for small unique strings of code (known by searching for small unique strings of code (known as signatures) that only exist in known viruses as signatures) that only exist in known viruses
A polymorphic virus alters its code and produces a A polymorphic virus alters its code and produces a functional variation of itself in the hope of escaping functional variation of itself in the hope of escaping detectiondetection
Easily detectable by most modern antivirus programsEasily detectable by most modern antivirus programs Polymorphism concept has also been used by Polymorphism concept has also been used by
modern e-mail worms (such as LoveBug) that use modern e-mail worms (such as LoveBug) that use variable subject lines and filenames in order to foil variable subject lines and filenames in order to foil attempts to block them at mail gateways attempts to block them at mail gateways
![Page 20: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/20.jpg)
Proof of Concept VirusProof of Concept Viruseses Usually created with an academic purpose Usually created with an academic purpose
rather than malicious intent rather than malicious intent A researcher may simply wish to prove a A researcher may simply wish to prove a
theoretical point about a vulnerability or theoretical point about a vulnerability or method of attack method of attack
In most cases, proof of concept viruses are In most cases, proof of concept viruses are confined to labs and never make it into the confined to labs and never make it into the wild, although some malicious programmers wild, although some malicious programmers may create variants based on the concept. may create variants based on the concept.
![Page 21: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/21.jpg)
RetrovirusRetrovirus A virus that attacks or disables A virus that attacks or disables
antivirus programs. antivirus programs.
![Page 22: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/22.jpg)
Stealth VirusesStealth Viruses Stealth is a technology, rather than an actual Stealth is a technology, rather than an actual
virus type virus type Stealth viruses attempt to hide Stealth viruses attempt to hide
themselves from antivirus programs, often by themselves from antivirus programs, often by intercepting or trapping disk access requestsintercepting or trapping disk access requests
Whenever an antivirus program attempts to Whenever an antivirus program attempts to read and analyze infected files, the virus read and analyze infected files, the virus returns information that the original, returns information that the original, uninfected program would have returned uninfected program would have returned
![Page 23: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/23.jpg)
Sparse InfectorsSparse Infectors Attempt to avoid detection by only Attempt to avoid detection by only
infecting files intermittently infecting files intermittently There are a number of mechanisms There are a number of mechanisms
that are used to accomplish this, that are used to accomplish this, including counters and including counters and environmental variables such as date environmental variables such as date and time and time
![Page 24: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/24.jpg)
WormsWorms
Computer programs that replicate Computer programs that replicate themselves across network connections, themselves across network connections, without modifying or attaching without modifying or attaching themselves to a host program. themselves to a host program.
Some experts consider worms as a Some experts consider worms as a special type of virus instead of giving special type of virus instead of giving them their own category, however the them their own category, however the classifications that traditionally separate classifications that traditionally separate worms and viruses are beginning to blur worms and viruses are beginning to blur
![Page 25: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/25.jpg)
TrojansTrojans
Trojans are programs that claim to be one Trojans are programs that claim to be one thing (usually appearing harmless), but carry thing (usually appearing harmless), but carry an undesirable and often destructive payload an undesirable and often destructive payload
Trojans are a delivery vehicle for other forms of Trojans are a delivery vehicle for other forms of malware and often rely on a bit of social malware and often rely on a bit of social engineering to trick a user into actually engineering to trick a user into actually launching the program launching the program
Despite warning computer users not to simply Despite warning computer users not to simply click on e-mail attachments (especially click on e-mail attachments (especially executables), the Trojan is still an effective tool executables), the Trojan is still an effective tool for spreading malware for spreading malware
![Page 26: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/26.jpg)
Other forms of MalwareOther forms of Malware There are a number of non-There are a number of non-
replicating forms of malware that are replicating forms of malware that are designed to:designed to: destroy or steal datadestroy or steal data open backdoors into systemsopen backdoors into systems disable networksdisable networks hijack remote systems hijack remote systems
![Page 27: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/27.jpg)
DDoS AgentsDDoS Agents A denial of service attack attempts to overwhelm a A denial of service attack attempts to overwhelm a
network or system resource in order to deny legitimate network or system resource in order to deny legitimate users access to that resource users access to that resource
A distributed denial of service attack (DDoS) utilizes A distributed denial of service attack (DDoS) utilizes hundreds or even thousands of computershundreds or even thousands of computers
Hackers "recruit" computer systems to help them in Hackers "recruit" computer systems to help them in their attacks by sending out Trojan programs that their attacks by sending out Trojan programs that install agents on the affected PC install agents on the affected PC
These agents lay relatively dormant until they receive These agents lay relatively dormant until they receive further instructions from the hacker's computer (usually further instructions from the hacker's computer (usually a very small bit of code), and then begin flooding the a very small bit of code), and then begin flooding the network (or a specific target) with garbage traffic. network (or a specific target) with garbage traffic.
![Page 28: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/28.jpg)
Logic BombsLogic Bombs Waits for a specific trigger (such as a date or Waits for a specific trigger (such as a date or
sequence of events) to launchsequence of events) to launch For hackers and disgruntled employees, it is an For hackers and disgruntled employees, it is an
effective way of delivering a destructive payload effective way of delivering a destructive payload long after they've left and cleaned up their tracks long after they've left and cleaned up their tracks
In one famous case, an administrator buried a In one famous case, an administrator buried a program on his company's server that checked for program on his company's server that checked for the existence of his user account. If his account was the existence of his user account. If his account was deleted or disabled, the program would launch and deleted or disabled, the program would launch and begin deleting files on servers across the network. begin deleting files on servers across the network.
Unfortunately, this type of logic bomb is usually a Unfortunately, this type of logic bomb is usually a custom program or script that is difficult to detect custom program or script that is difficult to detect and would not be identified by anti-virus software and would not be identified by anti-virus software
![Page 29: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/29.jpg)
MinesMines Malicious programs can be seeded onto Malicious programs can be seeded onto
a file server or placed on innocent a file server or placed on innocent looking disks that are left lying about a looking disks that are left lying about a server server
Usually custom programs written and Usually custom programs written and spread by disgruntled employees or spread by disgruntled employees or contractors with an axe to grind, and contractors with an axe to grind, and are almost impossible to defend against are almost impossible to defend against
![Page 30: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/30.jpg)
Password Stealers and Password Stealers and Keystroke LoggersKeystroke Loggers
Programs that are written to capture Programs that are written to capture a users keystrokes, write the data to a users keystrokes, write the data to a log and then send the log to a a log and then send the log to a remote location or e-mail address. remote location or e-mail address.
Often difficult to locate, and may not Often difficult to locate, and may not be detected by anti-virus software be detected by anti-virus software
![Page 31: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/31.jpg)
Parasite SoftwareParasite Software Some shareware, freeware, and adware Some shareware, freeware, and adware
programs are being packaged with additional programs are being packaged with additional software that can monitor your browsing software that can monitor your browsing habits, and even sell your unused CPU time habits, and even sell your unused CPU time and unused disk space to other vendors which and unused disk space to other vendors which in the process also consumes your network in the process also consumes your network resources resources
The legal tools that allow these vendors to do The legal tools that allow these vendors to do this are buried in the end user license this are buried in the end user license agreement that no one actually reads agreement that no one actually reads
![Page 32: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/32.jpg)
Remote Access Tools Remote Access Tools (RATs)(RATs)
Known as "backdoor agents" Known as "backdoor agents" These tools give hackers a way into a These tools give hackers a way into a
trusted system that exists on a trusted system that exists on a network network
![Page 33: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/33.jpg)
Unlicensed softwareUnlicensed software While not technically "malware" While not technically "malware"
because it's not malicious by design, because it's not malicious by design, unlicensed or pirated software can unlicensed or pirated software can cost your company $20,000 cost your company $20,000 per per incidentincident if your company is ever if your company is ever audited audited
![Page 34: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/34.jpg)
AnnoyancesAnnoyances False positives False positives Hoaxes Hoaxes Hype Hype Jokes and Pranks Jokes and Pranks Mail Bombs Mail Bombs
![Page 35: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/35.jpg)
Virus Naming Virus Naming ConventionsConventions
The process of identifying threats is The process of identifying threats is complicated by the lack of a formal standard for complicated by the lack of a formal standard for anti-virus and malware naming conventions anti-virus and malware naming conventions
In some cases the virus writer includes the In some cases the virus writer includes the name of the virus in the code itself (Code Red, name of the virus in the code itself (Code Red, Nimda) Nimda)
In other cases, antivirus vendors name the In other cases, antivirus vendors name the virus whatever they want without consulting virus whatever they want without consulting each other, resulting in 4 or 5 different names each other, resulting in 4 or 5 different names for the same virus for the same virus
![Page 36: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/36.jpg)
CARO StandardCARO Standard In 1991 a group of researchers from the In 1991 a group of researchers from the
Computer Antivirus Researcher Organization Computer Antivirus Researcher Organization (CARO) attempted to standardize antivirus (CARO) attempted to standardize antivirus naming conventions and produce a list of naming conventions and produce a list of guidelinesguidelines that have been adopted by many that have been adopted by many of the leading antivirus vendors of the leading antivirus vendors
The basic CARO formula for virus naming is The basic CARO formula for virus naming is Family_Name.Group_Name.Major_Variant.MiFamily_Name.Group_Name.Major_Variant.Minor_Variant[:Modifier] nor_Variant[:Modifier]
![Page 37: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/37.jpg)
CARO Standard CARO Standard (cont)(cont)
Prefix Prefix - The prefix helps to quickly identify what type of virus or - The prefix helps to quickly identify what type of virus or malware it is. A sample of commonly used prefixes include: malware it is. A sample of commonly used prefixes include:
W95W95Viruses written for Windows 95Viruses written for Windows 95 W32W32Viruses written for all 32 bit Windows PlatformsViruses written for all 32 bit Windows Platforms WNTWNTViruses written for Windows NT/2000Viruses written for Windows NT/2000 LinuxLinuxViruses written for the Linux PlatformViruses written for the Linux Platform WMWMWord Macro Viruses. These may include version numbers such a Word Macro Viruses. These may include version numbers such a
W97MW97M for Word 97 for Word 97 XMXMExcel Macro Viruses. These may include version numbers such a Excel Macro Viruses. These may include version numbers such a X97MX97M
for Excel 97for Excel 97 PPTPPTPowerPoint Viruses.PowerPoint Viruses. AMAMMicrosoft Access Viruses. These may include version numbers such a Microsoft Access Viruses. These may include version numbers such a
A97MA97M for Access 97 for Access 97 VBSVBSViruses utilizing Visual Basic ScriptViruses utilizing Visual Basic Script JAVAJAVAJava VirusesJava Viruses TrojanTrojanTrojan programs, sometimes abbreviated as Trojan programs, sometimes abbreviated as TROJTROJ WormWormA Worm. The prefix I-Worm is used to denote Internet WormsA Worm. The prefix I-Worm is used to denote Internet Worms JOKEJOKEA joke or prankA joke or prank
![Page 38: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/38.jpg)
CARO Standard CARO Standard (cont)(cont)
Family Name Family Name - Represents the family to which the virus belongs based - Represents the family to which the virus belongs based on the structural similarities of the virus, but sometimes a formal on the structural similarities of the virus, but sometimes a formal definition of a family is impossible. It may also be found in the code definition of a family is impossible. It may also be found in the code itself, essentially giving the author the chance to name the virus. itself, essentially giving the author the chance to name the virus.
Group Name Group Name - A subcategory of family, but is rarely used. - A subcategory of family, but is rarely used. Major Variant - Major Variant - Almost always a number, which is the infective length Almost always a number, which is the infective length
of the virus (if known)of the virus (if known) Minor Variant - Minor Variant - Small variants of an existing virus, usually having the Small variants of an existing virus, usually having the
same infective length and structure. The minor variant is usually same infective length and structure. The minor variant is usually identified by a single letter (A, B, C, etc.) identified by a single letter (A, B, C, etc.)
:Modifier :Modifier - Modifiers are used to describe polymorphic viruses, and are - Modifiers are used to describe polymorphic viruses, and are identified by which polymorphic engine they use. If more than one identified by which polymorphic engine they use. If more than one polymorphic engine is used, the definition may include more than one polymorphic engine is used, the definition may include more than one modifier. modifier.
SuffixSuffix - Suffixes are used to describe specific how the virus spreads, - Suffixes are used to describe specific how the virus spreads, such as e-mail or mass mailers which are abbreviatedsuch as e-mail or mass mailers which are abbreviated @M @M and and @MM@MM
ExamplesExamples:: [email protected]@MM, , [email protected]@MM
![Page 39: Virus Primer](https://reader036.fdocuments.in/reader036/viewer/2022062411/56816851550346895dde5afc/html5/thumbnails/39.jpg)
Combating MalwareCombating Malware Hire a full time antivirus administratorHire a full time antivirus administrator Subscribe to antivirus vendors e-mail listsSubscribe to antivirus vendors e-mail lists Establish a single point of contactEstablish a single point of contact Install e-mail filteringInstall e-mail filtering Establish strict e-mail policiesEstablish strict e-mail policies Internet policiesInternet policies Lock down your workstationsLock down your workstations Secure your serversSecure your servers Update systems for security vulnerabilitiesUpdate systems for security vulnerabilities Use a multi-tiered approach with AV softwareUse a multi-tiered approach with AV software Don't rely on Antivirus software aloneDon't rely on Antivirus software alone Scan proactivelyScan proactively Backup aggressivelyBackup aggressively Monitor your power usersMonitor your power users Monitor your laptop usersMonitor your laptop users Secure your wireless networksSecure your wireless networks Educate your usersEducate your users Educate managementEducate management