Cyber Threat

What is Malware?

Cyber Threat

Introduction

They refer to any computer program written with the sole intent of:
1. Performing an unauthorized action
2. Causing harm to data and programs 
3. Causing unwanted system behavior 
4. Intruding and Invading privacy 
5. exploiting system weaknesses to gain an advantage

Cybercriminals, hacktivists, and nation-states utilize malicious software, or malware, to hinder computer operations, acquire personal or business data, get around limitations on access, and impair the computer's operating system in other ways

Types of Malware
1. Worms
2. Viruses
3. Trojans
4. Spyware

 

Virus

The software referred to as a computer virus is created to change a computer's performance without the user's permission or awareness. When the virus is copied and runs on your machine, it usually causes harm.

The majority of viruses are attached to executable files, which allows the malware to stay dormant on the host system and wait for a user to run or open the hazardous information before spreading.

The virus is active and starts to propagate to other programs on the current system after the infected program has been run or installed. 

 

Virus Infection Mechanism

The infection mechanism refers to how a virus spreads. Early on, this was done via floppy drives, etc., but now the Internet makes this far more easy.
Nowadays, viruses:
1. Attach to common downloads, music, videos, software, and screensavers 
2. Spread through emails as attachments
3. Attach to PDF files, infected image files,
 4. Spread through visiting infected web pages

 

Structure of a computer virus

Any virus has the following components. 
1. Replicator: An important part of the virus which helps in the multiplication of the virus. This part of the virus code locates suitable objects to attach the virus to and copies the virus to these objects.
2. Vector: Refers to what is to be infected.
3. Payload: Refers to what actions have to be done when the virus infects the target.
4. Concealer: Refers to the portion of the virus which prevents the anti-virus software or integrity checkers from seeing or discovering the virus

 

Types of viruses

Common types of computer viruses include:

1. Boot sector viruses
Boot sector viruses infect the boot sector portion of the system. Every media has a boot sector that provides information about the drive or disk structure.
A boot sector virus infects computers by modifying the contents of the boot sector program. It replaces the legitimate contents with its own infected version.
A boot sector virus can only infect a machine if it is used to boot up your computer, e.g. if you start your computer by using a pen drive with an infected boot sector virus, your computer is likely to be infected. A boot sector virus cannot infect a computer if it is introduced after the machine is running the operating system. If a system is infected with a boot sector virus, the system will not boot at all.

 Typical examples of boot-sector viruses are Parity boot and Denzuko virus.
2. File-infector viruses: File-infector viruses infect files of various categories. The table below gives the types of viruses and the kinds of files they infect.
3. Macro viruses: These viruses written in macro languages, are a special type of virus that infects document files, electronic spreadsheets, and databases instead of computer programs. 
4. Memory resident viruses: Memory resident viruses infects the system, occupy a portion of the memory, execute from that portion of memory, and finally propagate by infecting files and system areas. 
5. Retroviruses
A retrovirus is a special kind of computer virus that can bypass or circumvent the operation of an antivirus or a personal firewall, or any other installed security program
Some of the common actions performed by a retrovirus include disabling antivirus programs, bypassing firewalls, deleting/modifying the integrity-checking database files, and preventing infected systems from downloading updates from antivirus Web sites.

 

Worms

1. Worms are malware whose vector (target) is always the network.
2.  A worm, which is a stand-alone program, is independent and does not need a host to carry it. 
3. It self-replicates itself through a network.
 4. It does not need a carrier object to attach itself to
5. The worm can also spread by initiating telecommunications by itself.
6. There is no need to wait for a  human to send the file or document.
7. While worms harm the network by consuming bandwidth, viruses infect or corrupt files.

 

Classification of Worms

Some classifications of worms include:

Rabbits: A rabbit is a kind of worm whose main line of activity is to self-replicate limitlessly, fill the hard disk, and exhaust all computer resources. Apart from self-replicating, rabbits, generally, do not cause any harm to data and programs. 
Email worms: E-mail worms primarily use e-mail as the main vehicle for propagation. They spread through infected email messages as an attachment or a link to an infected website.
Instant Messaging Worms: They spread via instant messaging applications by sending links to infected websites to everyone on the local contact list.


 
Information security



Trojan horse

A Trojan horse is a malicious program disguised to trick an unsuspecting user into installing it.

They hide inside another program so that when the original innocent program is installed and executed, the Trojan program also gets installed and executes

 

Once this takes place the malware purposefully performs an action or actions that the user doesn’t expect they provide remote access to the infected machine, allowing attackers to steal data, install additional malware or monitor user activity.

Trojans don’t replicate (as a worm would), nor do they infect other files (like a virus).

 

Functions of trojans

A. Typical functions for a Trojan might include
B. Logging keystrokes,
C. Taking screen captures, 
D. Accessing files on local and shared drives,
 E. Acting as a server where the client is the hacker
F. Sending and receiving files
G. Viewing cached passwords
H. Restarting the system
I.  Launching processes
J. Modifying files
K. Sharing files
L. Modifying the registry keys

 Also check: Computers

Spyware

Information security



Spywares collect information and personal preferences of users and pass this information to the sellers. With the help of this information, sellers create and display customized advertisements in pop-up messages.
 Spyware can also negatively affect a computer’s performance by installing additional software, redirecting web browser searches, changing computer settings, and reducing connection speeds.

 A kind of spyware is the keylogger


A keylogger captures keystrokes punched in by a user and transmits the sequence of punched keystrokes to hackers. Keyloggers help in collecting sensitive information such as passwords, credit card numbers, and PINs

 

Adware

Adware is a special type of spyware. Adware is any type of program that downloads or displays unwanted banner advertisements in software being used by a person. 

Adware is often bundled within software a computer owner purchases. While spyware gets installed into the system without seeking the consent of the user, adware usually seeks permission from the user before it is installed. 

 









Comments