Macro Virus: These type of virus infects word, excel, PowerPoint, access and other data files. Once infected repairing of these files is very much difficult. Show
Master boot record files: MBR viruses are memory-resident viruses and copy itself to the first sector of a storage device which is used for partition tables or OS loading programs .A MBR virus will infect this particular area of Storage device instead of normal files. The easiest way to remove a MBR virus is to clean the MBR area, Boot sector virus: Boot sector virus infects the boot sector of a HDD or FDD. These are also memory resident in nature. As soon as the computer starts it gets infected from the boot sector. Cleaning this type of virus is very difficult. Multipartite virus: A hybrid of Boot and Program/file viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then start infecting other program files on disk Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect. Stealth viruses: These types of viruses use different kind of techniques to avoid detection. They either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For example, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory. Knowing the Differences Can Help You to Better Protect your ComputerA computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail. A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In more recent worm attacks such as the much-talked-about .Blaster Worm., the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely. A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft. Test Your Website Security NowUnderstanding_Threats The following is a discussion of these terms and their meanings as used in this document. Virus/MalwareA computer virus/malware is a program &endash; a piece of executable code &endash; that has the unique ability to replicate. Virus/malware can attach themselves to just about any type of executable file and are spread as files that are copied and sent from individual to individual. In addition to replication, some computer virus/malware share another commonality: a routine that delivers the virus payload. While some payloads can only display messages or images, some can also destroy files, reformat your hard drive, or cause other damage.
An application that claims to rid your computer of virus/malware when it actually introduces virus/malware into your computer is an example of a Trojan. It may open a port in the background and let malicious hackers take control of the computer. One common scheme is to hijack the computer to distribute spam. Because a Trojan does not infect a file, there is nothing to clean, though the scan engine may report the file as ”uncleanable” and delete or quarantine it. With Trojans, however, simply deleting or quarantining is often not enough. You must also clean up after it; that is, remove any programs that may have been copied to the machine, close ports, and remove registry entries.
The Agent programs on the client computers, referred to as the Security Agents and Messaging Security Agents, can detect virus/malware during Antivirus scanning. The Trend Micro recommended action for virus/malware is clean. Spyware/GraywareGrayware is a program that performs unexpected or unauthorized actions. It is a general term used to refer to spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs. Depending on its type, it may or may not include replicating and non-replicating malicious code.
Security Agents and Messaging Security Agents can detect grayware. The Trend Micro recommended action for spyware/grayware is clean. Network VirusesA virus spreading over a network is not, strictly speaking, a network virus. Only some of the threats mentioned in this section, such as worms, qualify as network viruses. Specifically, network viruses use network protocols, such as TCP, FTP, UDP, HTTP, and email protocols to replicate. Firewall works with a network virus pattern file to identify and block network viruses. SpamSpam consists of unsolicited email messages (junk email messages), often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups. There are two kinds of spam: Unsolicited commercial email messages (UCEs) or unsolicited bulk email messages (UBEs). IntrusionsIntrusions refer to entry into a network or a computer either by force or without permission. It could also mean bypassing the security of a network or computer. Malicious BehaviorMalicious Behavior refers to unauthorized changes by software to the operating system, registry entries, other software, or files and folders. Fake Access PointsFake Access Points, also known as Evil Twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications. Explicit/Restricted Content in IM ApplicationsText content that is either explicit or restricted to your organization being transmitted over instant messaging applications. For example, confidential company information. Online Keystroke ListenersAn online version of a keylogger. See Spyware/Grayware for more information. PackersPackers are tools to compress executable programs. Compressing an executable makes the code contained in the executable more difficult for traditional Antivirus scanning products to detect. A Packer can conceal a Trojan or worm. The Trend Micro scan engine can detect packed files and the recommended action for packed files is quarantine. Phishing Incidents (Advanced only)A Phishing incident starts with an email message that falsely claims to be from an established or legitimate enterprise. The message encourages recipients to click a link that will redirect their browsers to a fraudulent website. Here the user is asked to update personal information such as passwords, social security numbers, and credit card numbers in an attempt to trick a recipient into providing private information that may be used for identity theft. Messaging Security Agents use Anti-spam to detect phishing incidents. The Trend Micro recommended action for phishing incidents is delete entire message in which it detected the phish. Mass-Mailing Attacks (Advanced only)Email-aware virus/malware have the ability to spread by email message by automating the infected computer's email clients or by spreading the virus/malware themselves. Mass-mailing behavior describes a situation when an infection spreads rapidly in a Microsoft Exchange environment. Trend Micro designed the scan engine to detect behavior that mass-mailing attacks usually demonstrate. The behaviors are recorded in the Virus Pattern file that is updated using the Trend Micro ActiveUpdate Servers. You can enable the MSA to take a special action against mass-mailing attacks whenever it detects a mass-mailing behavior. The action set for mass-mailing behavior takes precedence over all other actions. The default action against mass-mailing attacks is delete entire message. For example: You configure the MSA to quarantine messages when it detects that the messages are infected by a worm or a Trojan. You also enable mass-mailing behavior and set the MSA to delete all messages that demonstrate mass-mailing behavior. the MSA receives a message containing a worm such as a variant of MyDoom. This worm uses its own SMTP engine to send itself to email addresses that it collects from the infected computer. When the MSA detects the MyDoom worm and recognizes its mass-mailing behavior, it will delete the email message containing the worm - as opposed to the quarantine action for worms that do not show mass-mailing behavior. Which of the following is a collection of hyperlinked pages of information distributed over the Internet via a network protocol?The part of the internet most people are probably most familiar with is the World-Wide-Web. This is a collection of hyperlinked pages of information distributed over the internet via a network protocol called HTTP (hyper-text-transfer-protocol). This was invented by Tim Berners-Lee in 1989.
Which of the following is the term for any crime involving computers?cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy.
Which of the following is the first modern digital computer?The first modern electronic digital computer was called the Atanasoff–Berry computer, or ABC. It was built by physics Professor John Vincent Atanasoff and his graduate student, Clifford Berry, in 1942 at Iowa State College, now known as Iowa State University.
Which of the following allows perpetrators to commit multinational cybercrime with little fear of judicial sanctions?The lack of physical boundaries and the removal of traditional jurisdictional demarcations allow perpetrators to commit multinational crime with little fear of judicial sanctions.
|