Chapter 1 - 03 - Define Malware and its Types - 10_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 What is aVirus? QO Avirus is a self-replicating program that produces its own copy by attaching itself to another program, computer boot sector or document Q Viruses are generally transmitted through file downloads, infected disk/flash drives, and as email attachments Infect other programs = Characteristics of Viruses Transform themselves Encrypt themselves = Alter data = Corrupt files and programs = Self-replicate Copyright © by EC-Councll. All Rights Reserved. Reproduction is Strictly Prohibited Viruses What is a Virus? Viruses are the scourge of modern computing. Computer viruses have the potential to wreak havoc on both business and personal computers. The lifetime of a virus depends on its ability to reproduce itself. Therefore, attackers design every virus code such that the virus replicates itself n times. A computer virus is a self-replicating program that produces its code by attaching copies of itself to other executable code and operates without the knowledge or consent of the user. Like a biological virus, a computer virus is contagious and can contaminate other files; however, viruses can infect external machines only with the assistance of computer users. Virus reproduces its own code while enclosing other executables, and spreads throughout the computer. Viruses can spread the infection by damaging files in a file system. Some viruses reside in the memory and may infect programs through the boot sector. A virus can also be in an encrypted form. Some viruses affect computers as soon as their code is executed; other viruses remain dormant until a pre-determined logical circumstance is met. Viruses infect a variety of files, such as overlay files (.OVL) and executable files (.EXE,.SYS,.COM, or.BAT). They through file downloads, infected disk/flash drives, and email attachments. are transmitted A virus can only spread from one PC to another when its host program is transmitted to the uncorrupted computer. This can occur, for example, when a user transmits it over a network, or executes it on a removable media. Viruses are sometimes confused with worms, which are standalone programs that can spread to other computers without a host. A majority of PCs are now connected to the Internet and to local area networks, which aids in increasing their spread. Module 01 Page 49 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Characteristics of Viruses The performance of a computer is affected by a virus infection. This infection can lead to data loss, system crash, and file corruption. Some of the characteristics of a virus are as follows: = Infects other programs = Transforms itself = Encrypts itself = Alters data = Corrupts files and programs = Replicates itself Module 01 Page 50 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Purpose of CreatingViruses Inflict damage on competitors Realize financial benefits S Vandalize intellectual property & @ O © Q) @Q \flg\. \_/l I° Play pranks/Conduct. research Copyright © by EC-C Engage in cyber- terrorism e Damage networks or computers ® Gain remote access to a victim's computer I. All Rights Reserved. Reproduction is Strictly Prohibited Purpose of Creating Viruses Attackers create viruses with disreputable motives. Criminals create viruses to destroy a company’s data, as an act of vandalism, or to destroy a company’s products; however, in some cases, viruses aid the system. An attacker creates a virus for the following purposes: = Inflict damage on competitors = Realize financial benefits = Vandalize intellectual property = Play pranks * Conduct research = Engage in cyber-terrorism = Distribute political messages * Damage networks or computers = Gain remote access to a victim's computer Module 01 Page 51 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Indications Processes require more resources and time, resultingin of Virus Attack () ] (5 degraded performance Computer beeps with no display. Drive label changes and 'C‘:it.li::; Computer freezes frequently or encounters an error such as BSOD ()2 03 © : o— @ o Constant antivirus alerts (06 Files and folders are missing (07 Suspicious hard drive activity Browser window “freezes” L All Rights Reserved. Reproduction is Strictly Prohibited Indications of Virus Attack Indications of virus attacks arise from abnormal activities. Such activities reflect the nature of a virus by interrupting the regular flow of a process or a program. However, not all bugs created contribute toward attacking the system; they may be merely false positives. For example, if the system runs slower than usual, one may assume that a virus has infected the system; however, the actual reason might be program overload. An effective virus tends to multiply rapidly and may infect some machines in a short period. Viruses can infect files on the system, and when such files are transferred, they can infect machines of other users who receive them. A virus can also use file servers to infect files. When a virus infects a computer, the victim or user will be able to identify some indications of the presence of virus infection. Some indications of computer virus infection are as follows: = Processes require more resources and time, resulting in degraded performance = Computer beeps with no display = Drive label changes and OS does not load = Constant antivirus alerts = Computer freezes frequently or encounters an error such as BSOD = Files and folders are missing = Suspicious hard drive activity = Browser window “freezes” Module 01 Page 52 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities = Lack of storage space * Unwanted advertisements and pop-up windows = Unable to open files in the system = Strange emails received Module 01 Page 53 Exam 212-82 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Stages of Virus Lifecycle Virus replicates itself Users install antivirus for a period within the A virus is identified as target system and then spreadsitself a threatinfecting %% Rephcatlon Design Developing virus code using programming languages or construction kits the virus threats Execution of the Detection damage routine Incorporation Antivirus software It gets activated when the T updates and eliminate target system Launch 9 e user performs certain actions such as running infected programs developers assimilate defenses againstthe virus Copyright © by EC-(. All Rights Reserved. Reproduction is Strictly Prohibited Stages of Virus Lifecycle The virus lifecycle includes the following six stages from origin to elimination. 1. Design: Development of virus code using programming languages or construction kits. 2. Replication: The virus replicates for a period within the target system and then spreads itself. 3. Launch: The virus is activated when the user performs specific actions such as running an infected program. 4. Detection: The virus is identified as a threat infecting target system. 5. Incorporation: Antivirus software developers assimilate defenses against the virus. 6. Execution of the damage routine: Users install antivirus updates and eliminate the virus threats. Module 01 Page 54 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.