Malware Infection Process PDF

1. Virus Infection Process A virus is a type of malware that attaches itself to a legitimate program or le and spreads when the infected le is executed. Here's how the infection process works step-by-step: (1) Copy Itself into the Host Program: The virus injects its code into a legitimate program or le. This may involve: ◦ Adding its code to the beginning, end, or a free space within the host le. ◦ Overwriting some sections of the original le while preserving functionality to avoid detection. (2) Change the Entry Point to the Virus Code: Entry Point: When a program is executed, the CPU begins execution at a speci c memory address called the entry point. The virus modi es this entry point to redirect execution to its own code, ensuring that the virus executes rst when the infected le is run. (3) Set Return Address to Original Entry Point: To avoid detection and maintain functionality, the virus ensures that after its code executes, control is returned to the original entry point of the host program. This ensures the host program works as intended, masking the presence of the virus. Result: Every time the infected program is executed, the virus code runs rst, enabling it to perform malicious actions (e.g., spreading, stealing data) while appearing as a normal le or program. 2. How the Virus Spreads The virus replicates itself by infecting other les or programs on the host system. Here’s how this happens: Infecting Other Files: When the infected program runs, the virus searches for other suitable les (e.g.,.exe,.bat) and injects itself into them using the same process. This process enables the virus to spread within the system or across connected systems (e.g., via network drives or shared les). Requiring a Host File: Traditionally, viruses required an executable host le to spread: ◦ Examples of executable le types: ▪.exe (Windows programs): Common target for Windows viruses. ▪.bat (batch scripts): Simple command-line scripts. ▪.vbs (Visual Basic scripts): Often used in email-based attacks. ▪.elf (Linux executables): Target for Linux-based viruses. 3. Infection of “Data” Files fi fi fi fi fi fi fi fi fi fi fi fi fi fi fi fi While viruses traditionally targeted executable les, modern viruses can also infect data les containing embedded code or scripts. Examples include: Of ce Macros: Microsoft Of ce les (e.g.,.docx,.xlsm) can contain macros, which are small programs written in VBA (Visual Basic for Applications). A virus can embed malicious macros into a document, spreading when the document is opened if macros are enabled. PDF Files: PDF les can include embedded scripts or links to external resources. Exploiting vulnerabilities in PDF readers (e.g., Adobe Acrobat) allows viruses to spread. Adobe Flash Files: Flash les (e.g.,.swf) often contained embedded scripts or media. Exploiting Flash vulnerabilities was a common method of spreading malware before Flash's deprecation. Key Characteristics of Virus Behavior 1. Stealth: ◦ Viruses aim to avoid detection by masking their presence, often ensuring the host program continues to function normally. 2. Replication: ◦ Viruses replicate themselves into as many les or systems as possible to increase their reach. 3. Execution Dependency: ◦ A virus relies on being executed (directly or indirectly) to propagate. Unlike worms, which can spread autonomously, viruses need a host program or user interaction. Examples of Virus Impact Macro Viruses: Infect Microsoft Of ce les, spreading via email attachments or shared drives. Example: Melissa Virus. Executable Viruses: Infect.exe les, spreading when users unknowingly run infected programs. PDF Viruses: Exploit vulnerabilities in PDF readers, often used in phishing campaigns. Modern Context: Malware Evolution As traditional executables became harder to infect due to improved security measures, attackers shifted to: ◦ Data le infection (e.g., macros, PDFs). ◦ Exploiting user behavior (e.g., phishing emails encouraging users to open malicious les). fi fi fi fi fi fi fi fi fi fi fi fi fi Summary This slide outlines the lifecycle of a virus, from infecting a host le to spreading across other les or systems. Viruses traditionally relied on executable les for infection, but modern ones target a broader range of le types (e.g., Of ce macros, PDFs) to exploit vulnerabilities and user behavior. This demonstrates how viruses have evolved to remain effective in the face of changing security measures. What is a Worm? A worm is a type of malware (malicious software) that can run on its own and spread from one computer to another without needing a host program (unlike a virus, which needs to attach itself to a le or program). How Worms Work 1. Stand-Alone Program: ◦ A worm is an independent program that doesn’t need to attach itself to a legitimate le. ◦ Once it runs, it replicates itself and spreads across networks, email systems, or other devices. 2. Spreading and Execution: ◦ Worms can spread in two main ways, depending on whether they require user interaction or not: 1. Worms That Spread with User Interaction How It Works: ◦ These worms rely on users to execute or open them, often disguised as harmless les or messages. ◦ Example: A worm sent via an email attachment with a message like "Click here to view this important document!" ◦ When the user opens the attachment, the worm activates, infects the system, and starts spreading. Example: ◦ The ILOVEYOU worm (2000): ▪ Spread via email attachments disguised as love letters. ▪ Users opened the attachment, and the worm replicated itself by sending emails to all their contacts. 2. Worms That Spread Without User Interaction How It Works: fi fi fi fi fi fi fi fi ◦ These worms exploit vulnerabilities in software or network systems. ◦ They spread automatically, without requiring any action from the user. ◦ For example: ▪ A worm might scan the internet for systems with outdated or vulnerable software. ▪ Once it nds a vulnerable system, it infects it and continues scanning for the next target. Example: ◦ The WannaCry worm (2017): ▪ Exploited a vulnerability in Windows to infect systems automatically. ▪ Spread rapidly across networks without any user involvement, encrypting les and demanding ransom payments. Key Characteristics of Worms Self-Contained: Worms do not rely on a host program or le to run and spread. Spreading Mechanism: ◦ They can spread via email, networks, shared drives, or the internet. Impact: ◦ Worms consume network bandwidth and system resources as they replicate. ◦ Some worms include additional malicious payloads, such as deleting les, installing backdoors, or stealing data. Comparison: Virus vs. Worm Feature Virus Worm Requires Yes, attaches to a le or program. No, it is a stand-alone program. Host? Needs user interaction to Can spread automatically or with user Spreading execute. action. Impact Affects les/programs directly. Spreads quickly across networks. Simple Example Imagine: A virus is like a hitchhiker who hides in someone else's car to travel (needs a host). A worm is like someone with their own car, moving freely from place to place (stand- alone). Conclusion With User Interaction: Worms rely on people opening attachments, clicking links, or running infected les to spread. Without User Interaction: Worms exploit software vulnerabilities to spread automatically across systems. Worms are highly dangerous due to their ability to spread rapidly and autonomously, often causing widespread damage. fi fi fi fi fi fi fi What is a Trojan? A Trojan (short for Trojan Horse) is a type of malware that pretends to be a legitimate or useful program but secretly performs malicious actions on the system. Unlike worms and viruses, Trojans do not self-replicate or spread automatically—they rely on being manually installed or executed. Key Characteristics of Trojans 1. Not Self-Replicating: ◦ A Trojan does not spread automatically across systems like a worm or a virus. ◦ It must be installed by the user (often unknowingly) or by an attacker through manual exploitation. 2. How They Are Installed: ◦ Manual Exploitation: ▪ An attacker may exploit vulnerabilities in a system to install the Trojan without the user’s knowledge. ◦ User Tricking: ▪ Trojans are often disguised as legitimate programs (e.g., software updates, games, or utilities) to trick users into installing them. ▪ Example: A user might download a “free antivirus tool” that secretly contains malicious code. 3. Hiding Malicious Behavior: ◦ Trojans often perform malicious actions while presenting useful or harmless functionality to avoid suspicion. ◦ Example: ▪ A game that secretly logs your keystrokes to steal passwords. ▪ A le-sharing app that silently creates a backdoor on your system. Types of Actions Trojans Can Perform 1. Relatively Benign Actions: ◦ Adware: ▪ Displays unwanted advertisements, often in the form of pop-ups, to generate revenue for the attacker. ◦ Spyware: ▪ Secretly monitors user activity, such as web browsing or personal information, for tracking or targeted advertising. 2. Criminal Actions: ◦ Trojans can be used for: ▪ Stealing sensitive data: Passwords, credit card information, or personal documents. ▪ Creating backdoors: Allowing attackers to remotely access and control the system. ▪ Installing ransomware: Encrypting les and demanding payment to restore access. fi fi ▪ Botnet creation: Turning infected systems into bots for use in distributed denial-of-service (DDoS) attacks. 3. Targeted Attacks: ◦ Trojans can be tailored to target speci c individuals, organizations, or systems. ◦ Example: ▪ A Trojan disguised as a le relevant to an organization (e.g., a PDF about a business deal) may target a speci c company or person to steal sensitive data. 4. Government Use: ◦ Some governments use Trojans for surveillance purposes, such as: ▪ Wiretapping Internet Telephony: Monitoring encrypted communication platforms (e.g., Skype, WhatsApp). ▪ Collecting Evidence: Using Trojans to spy on suspected individuals or groups as part of investigations. Examples of Trojan Malware 1. Zeus Trojan: ◦ Used for stealing banking information by intercepting login credentials. ◦ Often spread through phishing emails or malicious downloads. 2. RATs (Remote Access Trojans): ◦ Allow attackers to take full control of a system remotely. ◦ Examples: DarkComet, njRAT. 3. Trojan Droppers: ◦ Specialized Trojans that install other types of malware (e.g., ransomware or keyloggers) on the system. 4. Spy Trojans: ◦ Designed to monitor the user’s actions (e.g., recording keystrokes or capturing screenshots). ◦ Example: Trojans used in government espionage programs. How Trojans Spread 1. Phishing Emails: ◦ Trojans are often sent as attachments or links in fake emails designed to trick users into opening or downloading them. 2. Malicious Websites: ◦ Downloading software or les from untrusted websites can lead to unintentional Trojan installation. 3. Software Bundles: ◦ Trojans are sometimes included in free software downloads as hidden components. 4. Social Engineering: fi fi fi fi ◦ Attackers use psychological manipulation to convince users to download and install the Trojan. Impact of Trojans 1. Security Breaches: ◦ Trojans can steal sensitive information, compromise personal data, or allow attackers to in ltrate networks. 2. Financial Loss: ◦ Many Trojans, like those used for ransomware attacks, result in monetary loss for individuals and organizations. 3. System Performance: ◦ Trojans can slow down systems, consume bandwidth, or cause instability by running malicious processes. 4. Legal and Ethical Concerns: ◦ Government use of Trojans for surveillance raises questions about privacy and civil liberties. Here is a detailed explanation of the slide on Rootkits and their functionality: What is a Rootkit? A rootkit is a type of malware designed to provide an attacker with persistent, unauthorized access to a computer system while hiding its presence. It typically includes a set of tools that allow attackers to manipulate the system without detection. The term "rootkit" originates from the Unix/Linux world, where "root" refers to the system's superuser (administrator), and "kit" refers to the collection of tools that facilitate malicious activities. Goals of a Rootkit The primary goal of a rootkit is to: 1. Gain Persistent Remote Access: ◦ Rootkits are designed to stay hidden and maintain long-term access to a compromised system, even after restarts. 2. Hide Evidence of Compromise: ◦ By concealing les, processes, and activities, rootkits make it dif cult for system administrators or security software to detect the malware. Most Powerful Type: Kernel-Mode Rootkits Kernel-Mode Rootkits operate at ring 0 in the CPU's privilege hierarchy, giving them the highest level of access to the system. fi fi fi They are the most dangerous and dif cult to detect because they operate within the operating system kernel, the core component of the OS. Capabilities of Kernel-Mode Rootkits: 1. Hiding Files: ◦ They modify the le-system drivers to make speci c les invisible to the OS and users. ◦ Example: Malware-related les or logs are hidden to prevent detection. 2. Hiding Processes: ◦ They manipulate the OS's process management to hide malicious processes from system monitoring tools (e.g., Task Manager or ps commands). 3. Creating Hidden Filesystems: ◦ Rootkits can create hidden lesystems where they store their tools, stolen data, or additional payloads. 4. Altering Operating System Functionality: ◦ They can modify or replace kernel functions to gain control over how the system operates. ◦ Example: Modifying how system calls work to prevent malware detection. 5. Tampering with Malware Scanners: ◦ Rootkits interfere with antivirus or anti-malware tools by: ▪ Preventing them from scanning certain les or memory regions. ▪ Feeding false information to these tools to appear clean. 6. Communicating via Covert Channels: ◦ Rootkits can use covert channels to communicate without being detected. These channels rely on methods not typically monitored for communication. ◦ Examples: ▪ File attributes: Encoding information in hidden le metadata or permissions. ▪ Network behavior: Altering packet timing (e.g., jitter) or using unused bits in network packets. ▪ Hardware manipulation: Subtle behaviors like blinking LEDs (e.g., the Num Lock key). How Rootkits Stay Hidden 1. Operating at the Kernel Level: ◦ By embedding themselves in the kernel, rootkits gain full control over the system, allowing them to modify how the OS functions. 2. Intercepting System Calls: ◦ Rootkits intercept and modify system calls (the way applications interact with the OS) to lter out information that could reveal their presence. 3. Modifying Logs: ◦ They can alter or delete system logs to erase traces of their activity. How Rootkits are Installed fi fi fi fi fi fi fi fi fi Rootkits are typically installed by attackers using: 1. Exploiting Vulnerabilities: ◦ They exploit software vulnerabilities to gain root (administrator) access and then install the rootkit. 2. Social Engineering: ◦ Attackers trick users into running malicious programs (e.g., disguised as legitimate software or updates). 3. Trojanized Software: ◦ Rootkits are bundled with seemingly legitimate software to be installed unknowingly. Real-World Use Cases of Rootkits 1. Cybercrime: ◦ Rootkits are used to steal sensitive data (e.g., passwords, credit card information) or take control of systems for malicious purposes. 2. Targeted Attacks: ◦ In advanced persistent threats (APTs), rootkits are deployed to spy on speci c targets or maintain access to critical systems. 3. Government Surveillance: ◦ Some governments use rootkits for covert surveillance, such as monitoring encrypted communications or tracking individuals. Challenges in Detecting Rootkits 1. Deep System Integration: ◦ Kernel-mode rootkits operate within the OS kernel, making them nearly invisible to most security tools. 2. Tampering with Detection Tools: ◦ Rootkits often interfere with antivirus or anti-malware software to prevent their discovery. 3. Sophisticated Hiding Techniques: ◦ Techniques like modifying system calls or hiding les and processes make traditional monitoring ineffective. How to Mitigate Rootkits 1. Regular System Updates: ◦ Keep the OS and all software up-to-date to patch vulnerabilities that rootkits exploit. 2. Strong Security Practices: ◦ Avoid downloading software from untrusted sources and clicking on suspicious links. 3. Advanced Detection Tools: ◦ Use rootkit-speci c detection tools that analyze the system at a deeper level, such as scanning the Master Boot Record (MBR) or memory. 4. System Reinstallation: ◦ If a rootkit is detected, the safest approach is often to reformat the system and reinstall the OS. Conclusion fi fi fi Rootkits are one of the most dangerous forms of malware due to their ability to operate undetected at the kernel level, hide their presence, and provide attackers with persistent access. Their powerful capabilities, particularly in the form of kernel-mode rootkits, make them a signi cant threat to system security, requiring advanced tools and proactive measures to prevent and detect them. Explanation of Bootkits A Bootkit is a highly advanced and dangerous type of malware that compromises the boot process of a computer, giving attackers control even before the operating system loads. Here's a clear explanation of the key points from the slide: 1. Bootkits Modify the Bootloader Bootkits are a type of Rootkit: ◦ They speci cally target the bootloader, which is a small program that initializes the operating system during the startup process. ◦ By modifying the bootloader, the bootkit gains control of the system as soon as the computer starts, long before security tools or the operating system are fully functional. 2. The Name "Bootkit" Wordplay on Rootkits: ◦ Like rootkits, bootkits are designed to stay hidden and provide unauthorized access to attackers. ◦ The term "bootkit" emphasizes its focus on the boot process, as opposed to rootkits that often operate at the kernel or application level. 3. Even More Powerful Than Kernel-Mode Rootkits Bootkits are considered more dangerous because they: ◦ Execute at the lowest level: They control the system during the pre-boot stage, making them dif cult to detect or remove. ◦ Bypass OS-level protections: Since they execute before the operating system loads, they evade most antivirus tools and security mechanisms. ◦ Persist across reboots: Bootkits ensure their malicious code is reloaded every time the computer starts. 4. Typically Installed in the MBR MBR (Master Boot Record): ◦ The MBR is a small section of the hard drive used to store the bootloader and partition information. fi fi fi ◦ Bootkits overwrite the MBR to insert their malicious code, giving them control over the boot process. Once the MBR is compromised, the bootkit can: ◦ Load its code into memory during startup. ◦ Inject malware into the operating system as it loads. 5. Re-Infecting the Computer After Every Reboot Persistence: ◦ Even if you remove the malware from the operating system while it’s running, the bootkit will reinstall itself when the computer reboots because it operates at the MBR level. This makes bootkits extremely hard to remove without specialized tools or completely wiping and reinstalling the bootloader. 6. No Actual Files to Detect Stealth Techniques: ◦ Unlike traditional malware, bootkits don’t store les in the usual lesystem. ◦ They operate directly from the bootloader or MBR, meaning standard le-based antivirus tools cannot detect them. This stealthy nature makes them highly effective at evading detection. Summary of Key Points 1. Bootkits compromise the bootloader, giving attackers control before the OS loads. 2. They overwrite the MBR, ensuring they persist across reboots. 3. Bootkits are more dangerous than kernel-mode rootkits because they operate at a deeper level, evading OS-level defenses. 4. Their stealth (lack of actual les) makes them challenging to detect and remove. Mitigating Bootkits 1. Secure Boot: ◦ Modern systems use Secure Boot to verify the integrity of the bootloader and prevent unauthorized modi cations. 2. Antimalware with Boot Sector Scanning: ◦ Advanced tools can scan the MBR and bootloader for unusual modi cations. 3. Reinstallation: ◦ If compromised, a full wipe of the MBR and reinstallation of the bootloader is often required. Bootkits represent a critical challenge in system security due to their stealth, persistence, and ability to evade traditional defenses. fi fi fi fi fi fi The difference between kernel mode and user mode lies in their levels of privilege and access to system resources within an operating system. They are two distinct execution modes used to ensure system security, stability, and ef cient operation. Kernel Mode De nition: Kernel mode, also known as supervisor mode, is a highly privileged execution mode where the code has unrestricted access to all system resources, including hardware (CPU, memory, and I/O devices) and critical kernel data. Characteristics of Kernel Mode: 1. Full Access to System Resources: ◦ The code can execute any CPU instruction and access any memory address. ◦ It can interact directly with hardware and manage low-level tasks like memory allocation, process scheduling, and device drivers. 2. Privileged Instructions: ◦ Kernel mode allows the execution of special CPU instructions that are restricted in user mode (e.g., instructions to manage interrupts or access I/O devices). 3. Critical for System Functionality: ◦ The operating system kernel and device drivers operate in this mode to perform essential tasks. 4. Potential Risks: ◦ A crash or error in kernel mode can destabilize or crash the entire system, as there are no restrictions on memory or hardware access. Examples of Code Running in Kernel Mode: Operating system kernel Device drivers Interrupt service routines User Mode De nition: User mode is a restricted execution mode where code runs with limited privileges, ensuring that applications cannot directly access hardware or critical system resources. Characteristics of User Mode: 1. Restricted Access to System Resources: ◦ Applications cannot execute privileged CPU instructions or access kernel memory directly. ◦ They must interact with the operating system through system calls or APIs to request services. 2. Isolation: fi fi fi ◦User mode processes are isolated from each other and the kernel, ensuring that a crash in one application does not affect the overall system. 3. Safety and Stability: ◦ Errors in user mode typically only affect the application itself, not the entire system. Examples of Code Running in User Mode: User applications (e.g., web browsers, media players) Some runtime libraries (e.g., C runtime) Non-critical background processes Key Differences Between Kernel Mode and User Mode Aspect Kernel Mode User Mode Privilege Level High privilege (unrestricted access) Low privilege (restricted access) Access to Direct access to hardware and No direct access; must use system calls Hardware memory Code Execution Operating system kernel and drivers User applications and non-critical code Stability Errors can crash the entire system Errors only affect the application itself Instructions Can execute privileged CPU Restricted to non-privileged instructions instructions Direct hardware and resource Relies on system calls to request kernel Communication management services Examples Kernel, device drivers, interrupt Web browsers, games, media players handlers Interaction Between Kernel Mode and User Mode 1. System Calls: ◦ User mode applications make system calls to request services from the kernel. ◦ Example: Reading a le involves a system call (read()), where the kernel accesses the disk and returns the data. 2. Mode Switching: ◦When a system call is made, the CPU switches from user mode to kernel mode to execute the privileged operation. ◦ Once the operation is complete, the CPU switches back to user mode. 3. Fault Isolation: ◦ By isolating user processes in user mode, the operating system prevents untrusted or buggy code from directly affecting system stability or other processes. Why Are Kernel Mode and User Mode Important? 1. Security: ◦ User mode ensures that malicious or faulty applications cannot interfere with the kernel or other applications. 2. Stability: fi ◦ Isolation of user processes in user mode minimizes the impact of software bugs on the overall system. 3. Ef ciency: ◦ Kernel mode provides direct control over hardware for high-performance tasks, while user mode handles less critical tasks safely. 4. Multitasking: ◦ The distinction allows multiple applications to run concurrently without interfering with one another or the core system. Summary Kernel Mode: High-privilege mode for the operating system, offering unrestricted access to hardware and critical system resources. User Mode: Low-privilege mode for running applications, ensuring security and stability by restricting direct access to hardware and kernel resources. The separation of these modes is fundamental to the design of modern operating systems, enabling secure, stable, and ef cient operation. Explanation of Application Isolation via Sandboxing Application isolation via sandboxing is a security mechanism that ensures each application runs in its own protected and restricted environment, preventing it from interfering with other applications or accessing sensitive system resources without proper authorization. Here’s a detailed breakdown of the slide: 1. Application Isolation in Sandboxes What is a Sandbox? ◦ A sandbox is an isolated environment where applications run. It restricts an application’s ability to access the system or interact with other apps, ensuring security and stability. How It Works: ◦ Each application is placed in its own sandbox by the operating system. ◦ Inside the sandbox: ▪ Applications can only access their own resources, such as les or settings. ▪ Access to system resources (e.g., camera, microphone, network) is strictly controlled by the permissions granted to the app. 2. Access Control Limited Access to Resources: ◦ Applications cannot access les, data, or processes belonging to other applications. ◦ Example: ▪ An email app cannot read data from a banking app because they are isolated in separate sandboxes. fi fi fi fi Permission-Based System Access: ◦ If an app needs to access sensitive resources (e.g., location, contacts), it must explicitly request permission from the user. ◦ The operating system enforces these permissions and denies access if the app lacks proper authorization. 3. Enforced by the Operating System The operating system enforces sandboxing to ensure security and prevent unauthorized access. Examples of Operating Systems That Use Sandboxing: ◦ Android: Every app is assigned a unique Linux user ID (UID), and sandboxing is enforced using Linux kernel features (e.g., namespaces, SELinux). ◦ iOS and macOS: Apps are sandboxed to limit their access to the le system, system APIs, and user data. ◦ Windows (UWP apps): Universal Windows Platform (UWP) apps run in a sandboxed environment to prevent them from accessing unauthorized resources. 4. Universal Application of Sandboxing All Applications Are Sandboxed: ◦ Sandboxing is not limited to third-party apps—it also applies to native apps (pre- installed apps provided by the operating system). ◦ This ensures that even system apps adhere to the same isolation rules, providing a consistent security model. Bene ts of Application Sandboxing 1. Enhanced Security: ◦ Prevents malicious apps from accessing sensitive data or taking control of the system. ◦ Protects against vulnerabilities by limiting the impact of an exploit to the sandboxed environment. 2. Privacy Protection: ◦ Apps can only access data they have explicit permission for, reducing the risk of unauthorized data collection. 3. System Stability: ◦ Isolating apps prevents them from interfering with one another or the operating system, improving overall stability. Example Use Cases 1. Android App Sandboxing: ◦ Each app runs as a separate user, and SELinux policies enforce access control. ◦ Example: A photo editing app cannot access your SMS messages or browser history unless explicitly permitted. 2. iOS Sandboxing: ◦ Apps are restricted from reading or writing outside their allocated sandbox. fi fi ◦ Example: A game cannot access your contacts or calendar unless granted permission. Summary 1. Each application runs in its own isolated sandbox. ◦ Apps can access their own resources but are restricted from accessing others' data or processes. 2. Access to system resources is permission-based. ◦ Apps must request and obtain user permission to access sensitive features or data. 3. Enforced by the Operating System. ◦ Modern OSs like Android, iOS, and macOS use sandboxing as a core security mechanism. 4. Applies Universally. ◦ All apps, including native and third-party applications, are subject to sandboxing rules. Sandboxing is a critical security technique that ensures applications operate securely, without posing risks to other apps, the system, or user data.

Malware Infection Process PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue