電腦病毒包含了病毒、病蟲、特洛伊木馬和惡意執行檔，共4大類。論文的一開始說明病毒感染模式與病蟲的攻擊方式，前者是被動的而後者是主動的。病毒感染方式有磁片、郵件散播、下載並執行不明檔案等；病蟲則是攻擊電腦作業系統漏洞，或透過分享檔案、網路聊天室的途徑進行攻擊。兩者傳播方式不同，防治的方法也會有所差異。
論文主要進行真實病蟲模擬，利用一隻已知的病蟲（Spybot）（Ref【5】）做實驗，了解該隻病蟲的攻擊模式。希望透過單隻病蟲實驗，以小見大，對大多數病蟲共同的攻擊方式有進一步的瞭解。實驗過程中得到了一些資訊，再進一步分析和統整後發現，該病蟲在不同的環境下會採取不同的攻擊方式，對於不同類型的電腦也會有不同的感染步驟。病蟲攻擊成功時，病毒碼被分成數百個小封包依序傳送，在極短時間內即可傳送完畢。由於封包傳送會經過路由器傳送，而相關論文中提及，在網路中利用路由器產生的錯誤訊息（ICMP），來偵測新病毒的可能。因此，論文提出一個全新防範病毒的構想：在路由器中做病毒偵測，採用類似生物資訊中基因比對的方式來找新病毒，不但可以提早知道網路中傳送的封包是否有病毒，還能發現可能感染新病毒的電腦，提供日後防毒技術進一步發展的依據。本實驗所架構出的病毒環境，將詳細記錄於論文之中，日後病毒研究者可依據此紀錄來研究其他病蟲或病毒，讓防範電腦病毒的工作可以更好；然而，環境架設也有些缺失，論文另提出一些建議改進方式，以供參考。

Computer viruses can be classified into four types： viruses, worms, Trojan Horses, and malicious codes. In the thesis we discuss viruses and worms. To begin with, we will explain the way that media are infected by viruses, including disks, mails, downloads, and execution of unknown files. We will also explain the way that viruses or worms attack, including leakage of computer OS, file-sharing, or internet chat. After understanding the propagations of viruses, we propose ways of defense. Essentially, we could employ the error messages（ICMP） generated by the router to detect the new invading viruses.
The most important part of the thesis is an experiment of a worm targeting the behavior of Spybot.Worm, a well-known worm. We try to understand what kinds of attack the worm does under what environment, and the procedure in which the worm infect computers. Spybot.Worm takes different attacks on different types of computers. The key point of our observation is that the worm code is divided into hundreds of packets, which are transmitted in order. Based on the observation, we propose a whole new approach to detect new viruses. The new detecting approach is done in the router by way of matching correlations of the packets, like gene correlation. Thus we can determine if the new virus is in the internet, and where the infected computer is. The experiment of Spybot.Worm provides us with some new discoveries on worm’s attack. The details of the experiment are reported in the thesis as a reference for future investigation about viruses. We also suggest some improvements on the environments of the experiment and record some disadvantages of the experiment procedure.
Predicting virus is a recent focus in the development of Computer Science. The conclusion of this thesis is that we can fight against viruses not only in clients but also in the routers for much better defense.

Ref【1】：趨勢科技PE_ZAFI.B
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ZAFI.B/
Ref【2】：賽門鐵克名詞解釋
http://www.norton.com.tw/
Ref【3】：賽門鐵克W32.Beagle.Z
http://www.norton.com.tw/
Ref【4】：賽門鐵克W32.Netsky.C, .D, .Q, .P
http://www.norton.com.tw/
Ref【5】：賽門鐵克W32.Spybot.Worm
http://www.norton.com.tw/
Ref【6】：賽門鐵克W32.Sasser.Worm
http://www.norton.com.tw/
Ref【7】：Vincent Berk, George Bakos and Robert Morris, “Designing a Framework for Active Worm Detection on Global Networks”, First IEEE International Workshop on Information Assurance (IWIA'03), March 24 - 24, 2003
http://people.ists.dartmouth.edu/~vberk/papers/iwia03.pdf
Ref【8】：David Caraballo（DC-itsme）and Joseph Lo（Jolo）, “The IRC Prelude”, version1.1.5, updated 6/1/2000
http://www.irchelp.org/irchelp/new2irc.html/
Ref【9】：Robert Eckstein, David Collier-Brown, Peter Kelly, “Using Samba”, An introduction to SMB/CIFS, 1st Edition November 1999, 1-56592-449-5, O’reilly Online Catalog
http://cad.csie.ncku.edu.tw/~wnlee/using_samba/ch03_03.html
Ref【10】：KaZaA Media Desktop
http://www.kazaa.com/us/index.htm/
Ref【11】：Microsoft 安全性公告 MS04-011
http://www.microsoft.com/taiwan/security/bulletins/ms04-011.asp
Ref【12】：Larry L. Peterson and Bruce S. Davie, “Computer Networks”, 2nd edition, 2000, Morgan Kaufmann Publishers
Ref【13】：Just what is SMB？ V1.2 Richard Sharpe 8-Oct-2002
http://samba.anu.edu.au/cifs/docs/what-is-smb.html
Ref【14】：Robert J. Shimonski, Wally Eaton, Umer Khan, Yuri Gordienko, “Sniffer Pro Network Optimization and Troubleshooting Handbook”, Chapter 4：Configuring Sniffer Pro to Monitor Network Application
http://www.harcourt-international.com/e-books/pdf/379.pdf
Ref【15】：Supernodes
http://www.kazaa.com/us/help/faq/supernodes.htm
Ref【16】：Welcome to the mIRC Homepage
http://www.mirc.com/
Ref【17】：What is IRC?
http://www.mirc.com/irc.html/