Personal tools
You are here: Home Current Classes Topics in Operating Systems What We'll be Doing
Navigation
 
Document Actions

What We'll be Doing

by admin last modified 2008-03-31 12:03

Don't be contagious.

We'll be examining a windows virus in detail.  


To do this, we've obtained three computers - generally two of them will be running windows and one will be running Linux.    These will be isolated on their own network.  You will configure the Linux machine to handle dhcp and you should set it up to look like the rest of the known universe - so it will respond to any queries from the windows boxes as though the whole internet were out there - that doesn't mean that the responses need necessarily be meaningful.

These machines will be isolated (I know, I said that already) so that the virus should not spread.   You will need to take care to ensure that you do not inadvertently spread the virus to your own systems. 

There will be a number of tasks for you to do.   For each such task, we will assemble a team (usually three people) to manage the task.   The general form of the task will be discussed in class, then the team will be responsible to actually do it and report back with an appropriate written report and a short presentation by the team leader.

You should each expect to be a team leader at least once (perhaps twice) and to work in a team (not the leader) at least twice.    Team tasks should take a week and a half to two weeks each.

Some of the tasks (and others may come up in class discussions) include :
  1. Preparing a background report on the virus
  2. setting up the machines on an isolated network - ideally you'll do this in such a way as to be able to restore the machine to a clean state.
  3. installing the virus, including tracking what files it changes and what registry entries change
  4. decompiling the virus and describing what you find
  5. running the virus in a debugger to see if you can track what it does
  6. seeing how the virus interacts with (eludes?) an anti-virus application
  7. seeing how the virus interacts with any command-and-control application - ideally seeing if you can get the virus to follow orders from the command and control application
  8. checking to see if the virus runs in a virtual machine
  9. seeing if the virus runs in linux under wine
  10. describing how to clean an infected machine without using an anti-virus application
  11. find out how to purchase a chunk of a botnet
  12. describe any encryption used by the virus in talking to the rest of the world
« August 2008 »
Su Mo Tu We Th Fr Sa
12
3456789
10111213141516
17181920212223
24252627282930
31
 
Eastern Washington University   Copyright © 2007 Jeffrey B Putnam   Computer Science Department