Note on this entire file:
	A lot of this stuff was covered somehow already
intro - fork bombs
intro #2 - ssh virus
virus attaches to existing program
	transient - ends with program	
	resident - remains in memory
worm - standalone program that spreads through networks
trojan horse - apparantly useful program containing malware
zero-day term
software monoculture
security by obscurity (permanent)

Purposes:
	Harmless
	Damaging
	Commercial

Examples:
	Hide the cursor
	Displaying things on the screen
	Opening browser windows related to current activity
	Sending e-mail to contacts (very common)
	Opening text documents and (rarely) changing "is" to "is not" 
	Deleting all files (Jerusalem virus:  Friday the 13th)
	Modifying system files or information
	Stealing passwords

A few hiding methods:
	A directory nobody looks in
	Attach to system files
	Replace noncritical system file
	Hide self-replacing copies
	Hide copies on multiple systems
	Modify registry
	Disable AV programs

Damage estimates:  Very tricky to do
	Systems with AV used to be slow
	
A few ways to propogate:
	Attach to setup programs
	E-mail attachments
	Exploit web server (CodeRed, Slammer, many more)
		Directory traversal
	Documents
	Autorun, look for removable devices
	
Hiding continued:
	Appending/Prepending to programs
	Surrounding a program (e.g. ls)
	Insert into program (monoculture reprise)
	Replace a program (may be more easily detected!)
	Rarely become active (minute matches day of month)
	
Boot sector viruses
	Bootstrapping overview
	
Memory residency
	Many programs stay in memory long-term
	Replace at shutdown

Use interpreters:  Python, flash, etc

Detection and avoiding it:
	General virus detection
		Requires general virus signature
		Not really feasible, but being studied
		False positives are bad
		Suspicious changes:  Jump at beginning, etc
	Specific virus detection:
		Look for part of the code
		Viruses may try multiple permutations
		Add nonsense instructions, change order, etc
		Optimizer may undo this	
		Storage patterns
		Polymorphic virus modifies signature
		Encrypting viruses
		
Virus introduction:
	Unexpected file type
	As malware detector
	Run as admin
	Least privlidge princible (annoying)
	Don't leave backups owned by user
	Can back up viruses
	
		
Virus analysis:
	No source code or comments provided!

Checksums (hashes):
	We'll talk about these later in detail
	Parity example
	Tripwire
	
botnets:
	Can be huge (i.e. Conflicker apparently 10.5 million)
	Used for DDOS, sending spam, etc.
	All botnets listed on Wikipedia only support Windows
	Can rent time on these!