Viruses and Worms unit is divided into two parts: Show
Part 1 focuses on the theory of viruses and worms.
Part 2 deals with
Recognition
Replication
Trigger
Payload
What is the major difference between a virus and a worm? What are the four main characteristics of a virus? A virus needs a carrier, whereas a worm is an independently running program.
Virus Charasteristic- Replication
Mechanisms Worms employ to spread Random Scanning
Email Attachments
Exploit Bugs
Virus charateristic- Trigger A virus is triggered when the trigger condition becomes true. can be any condition relating to:
Virus and Worm charactieristic- Payload
The table below shows different kinds of payloads and presents some examples. Messages WM97/Jerk displays the message “I think (user’s name) is a big stupid ****!” Pranks The Yankee virus plays “Yankee Doodle Dandy” at 5pm. Denying access WM97/NightShade password-protects the current document on Friday the 13th. Data theft Troj/LoveLet-A emails information about the user and machine to an address in the Philippines. Corrupting data XM/Compatable makes changes to the data in Excel spreadsheets. Deleting data Michelangelo overwrites parts of the hard disk on March the 6th. Disabling hardware CIH or Chernobyl (W95/CIH-10xx) attempts to overwrite the BIOS on April the 26th, making the machine unusable
Boot sector virus
Program virus
Macro virus
Virus characteristics- relates to a specific implementation method of the virus (1) Memory-resident viruses
Virus characteristics- relates to a specific implementation method of the virus (2) Polymorphic viruses
Virus characteristics- relates to a specific implementation method of the virus (3) Stealth viruses
Armoured viruses
Companion viruses
Why have worms dominated over viruses in the past few years?
A zoo is a collection of viruses and worms that exist only in laboratories (for example, of anti-virus vendors). A zoo is used to proactively study how malware programs are written and distributed. On the other hand, some viruses and worms are released into the public Internet. These are then termed in
the wild (ITW).
Conventional prevention methods Conventional method of virus prevention and detection include: 1. Anti-virus scanners: These have to be updated regularly with the newest virus definition files in order to be able to combat the newest threats. 2. Patching operating systems: Vulnerabilities in operating systems can often be exploited for an attack and need to be patched regularly, requiring careful patch management processes to be in place. 3. Firewalls: These help to monitor suspicious traffic in and out of a computer system and network and make unneeded resources unavailable to the outside world. 4. Education: Best management practices, such as not opening email attachments and not downloading files and software from sources that you do not know, provide quite a high level of protection but need to be communicated to computer users. Integrity managers
Heuristics
Behaviour blockers
What do you call a collection of programs that can infiltrate a computer system?Malicious software, or "malware," is software written with the intent to damage, exploit, or disable devices, systems, and networks. It is used to compromise device functions, steal data, bypass access controls, and cause harm to computers and other devices and the networks they are connected to.
What can self replicate without a host program and will spread without human interaction or directives from malware authors?Worms are a type of malware that can self-replicate without a host program; worms typically spread without any human interaction or directives from the malware authors.
What type of system security malware allows for access to a computer program or service without authorization?A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an infected computer system that enables threat actors to remotely access it without alerting the user or the system's security programs.
Is a program that gathers information about your surfing habits without your knowledge?Spyware is a type of program that is installed with or without your permission on your personal computers to collect information about users, their computer or browsing habits tracks each and everything that you do without your knowledge and send it to remote user.
|