Suggestions requested on what to cover in seminar on `Recent Trends in Virus & Anti-virus Stratagies`

Question

I'm going to give a seminar on "Recent Trends in Virus & Anti-virus Strategies" as a part of my course work in my Post Graduation. I got two months of time. So, I want to fully utilize this period.

I myself chosen this topic because I want to master this area. I previously asked http://stackoverflow.com/questions/1796007/please-help-me-with-a-program-for-virus-detection-using-detection-of-malicious-be and have been in touch with this field.

My target audience are computer literates but know nothing about computer viruses. So, I'm going to walk all the way from "What is a Computer Virus" to the current techniques used for detection & to avoid detection. I found two journals to know about the research in this field.

Journal in Computer Virology

Information Security Technical Report

Other than these two journals. Are there any sources (that I should be knowing. I'm still searching though.) to know about recent trends.

I'm starting my reading from Wiki Article & its references & its external links.

Since I'm no expert in this area. I want suggestions from you guys. I want to know if there are are any MUST reads (books, articles, research papers any thing that you may find will be useful to me) which I may not be aware of.

My plan about what to cover in this is:

1. Definitions & Clarifications of Virus lingo (malware , worm etc..)
2. How Virus Works (basics)
3. about Hosts of viruses
4. Virus Infection strategies
5. Methods to avoid detection
6. Countermeasures by Antivirus for each of the above methods.
7. Case Study of some sample viruses by disassembling the infected files.
8. Demonstration by running an infected file in sandbox.

& What else??

I really want to put lot of effort into this and teach them what everything I learn't.

EDIT:

Is there any repository (or any source for that matter) where I can find virus infected files? If I could find desired ones that would be great.

Answer 1

Check out the blog of Graham Clueley, the Senior Technology Consultant at Sophos* (the makers of one of leading anti-spam and anti-virus products). Most of the other big AV companies have blogs of their own also.

*_{Full disclosure: I am a former employee of Sophos in the anti-spam division.}

Answer 2

Another blog to read is F-Secure. This company has been in the anti-virus business since before 1993.

Full disclosure: I am a former employee of F-Secure in the anti-virus division. Though I haven't worked for them since 1993.

---

You ask for repositories for virus-infected files. This is an extremely bad idea: you are asking for a repository with literal bombs waiting to go off.

If you're interested in gathering viruses for your research, then visit the scummiest parts of the internet with a honeypot, not connected to anything else in your network. (Unless you have an extremely deep knowledge of your operating system, considered this machine to be a sacrificial lamb.)

Answer 3

A trend in viral activity that interests me is the shift to better command and control systems for Botnets. About a decade ago IRC was the protocol to use for your botnet. Nearly all botnets where derived from the agobot source code base. Agobot had a number of exploit modules and it took advantage of the plentiful RPC-DCOM vulnerabilities in Windows. Today things have shifted, windows is firewalled off by default so hackers have turned to "drive by exploiting" web browsers. Malware like mpack is being used for this. Then a modern botnet like ZBot can be used to control the growing swarm of zombies. ZBot and Mpack can be obtained on secretive forms or dark corners of IRC. Finlay if you have the skills you can compromise a machine that already has these applications installed.

I have spoken at defcon in Vegas, its a lot of fun.