Viruses and Malware

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Anti-Virus

(A-V), software uses a database of known virus patterns (definitions) plus heuristic malware identification techniques to try to identify infected files and prevent viruses from spreading.

Certificate Authority

(CA), Most certificates are issued and vouched for by a third-party. CA adds its own signature to the site certificate.

Comptia 7-step procedure for malware removal:

1) identify malware symptoms 2) Quarantine infected system 3) Disable System Restore(in Windows) 4) Remediate infected systems update anti-malware Scan and removal techniques 5) Schedule scans and run updates 6) Enable System Restore and create restore point (in Windows) 7) Educate end user

What do many Trojans function as?

Backdoors

Several different types of viruses, generally classified by different ways they can infect the computer(the vector):

Boot sector viruses Firmware Viruses Program viruses Script viruses Macro viruses

On-access

All security software is configured to do this. This reduces performance somewhat, essential to maintaining effective protection against malware.

Once the Trojan backdoor is installed what happens?

Allows the attacker to access the PC, upload files, and install software on it.

Windows Defender(Vista/ 7)

Anti-spyware that comes with the computer. Provides protection against programs that might try to modify the web browser or startup programs, display excessive pop-ups, or try to track web activity. NOT A ANTI-VIRUS/ANTI-TROJAN tool

What should you do after following the 7-step procedure?

Apply a quarantine, disable system restore, and then remediate the infected system.

General symptoms of virus infection

Computer fails to boot or experiences lock ups file system or individual files are corrupted or deleted Date stamps and file size of infected files change Permissions attributes of files change, resulting in "access denied" errors. New executable files(EXEs and DLLS) appear in system folders. May have file names that are very close to valid progrmas(notpad.exe) Strange messages or graphics appear on the screen Security applications (anti-virus, firewall, Windows Update) stop working Applications or Windows tools(Notepad for instance) stop working or crash frequently. Performance at startup or generally is very slow Network performance is slow or Internet connections are disrupted.

What are the options for the user when the Anti-virus software detects anything suspicious?

Disinfect Quarantine Delete

How to disable Windows Defender?

Open from control panel, select the tools option. Click Options then scroll to the bottom of the dialog and Uncheck Use Windows Defender(under Administrator Options)

Action Center(win 7/8)

Security notification applet

What other procedures would you need to follow to remove a virus or trojan horse?

Task Manager or taskkill to terminate suspicious processes. Execute commands at a command prompt terminal and/ or manually remove registry items using REGEDIT Use MSCONFIG to perform a safe boot or boot into Safe Mode, hopefully preventing any infected code from running at startup Use the Window Preinstallation Environment (WinPE)/ Recovery Environment) to run commands from a "clean" command environment

Event viewer

The system, application and security logs may be of use in detecting malware that is attempting to remain concealed. Can inspect the log files with this.

Scheduled scans

These scans seriously impact performance, it is best to run them when the computer is otherwise unused.

what does malware often target?

Web browser

Digital certificate

Websites and program code are made trustworthy by proving the site or code authors identity. Certificate is a wrapper for a public/private key pair.

Malware

a catch -all term to describe malicious software threats and social engineering tools designed to vandalize or compromise computer systems.

Rogue Anti-Virus

a particularly popular way to disguise a Trojan. Early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog with a FAKE SECURITY ALERT, warning the user that viruses have been detected.

Trojan Horse

a program (often harmful) that pretends to be something else.

Spyware

a program that monitors user activity and sends the information to someone else.

rootkit

a set of tools designed to gain control of a computer without revealing its presence. One class of backdoor that is harder to detect.

Ransomware

a type of malware that tries to extort money from the victim. Most ransomware will be capable of encrypting removable drives too

root certifcate

allows the user to validate CA's signature because the CA's %^&%& is installed on the computer. Have to be trusted implicitly.

What should you do once the infected system is isolated?

disable System Restore and other automated backup systems, such as File History in Windows 8.

How do anti-virus/anti-malware softwares come?

either as personal security suites designed to protect a single host, or network security suites, designed to be centrally managed from a server console.

Payload

executes when the virus is activated. Can perform any action available to the host process.

Rogueware/Scareware

fake anti-virus, where a web pop-up displays a security alert and claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker's Trojoan

Worms

memory-resident malware that replicate over network resources. Self-contained, does not need to attach itself to another executable file. Typically target some sort of vulnerability in a network application, like a database server. Primary effect of a worm infestation is to consume network bandwidth as the worm replicates. May also be able to crash an OS or server application. Can also carry a payload.

What are common symptoms of infection by spyware/adware?

pop-ups or additional toolbars, the home page or search provider changing suddenly, searches returning results that are different to other computers, slow performance, and excessive crashing(faults). Another symptom is redirection.

Computer viruses

programs designed to replicate and spread amongst computers

Security Center applet (VISTA)

provides a central location for monitoring the status of security features(Windows updates, firewall, and anti-virus)

Hoax virus

quite common. Often sent as mass emails as a prank. Most advise you to forward the alert.

refresh (OS 8)

reinstallation mode theat wipes desktop applications but preserves user data files, personalization settings and Window store apps.

If a file is infected with a virus you can use anti-virus software to try what?

remove the infection(cleaning), quarantine the file(blocks any attempt to open it), or erase the file.

Script Viruses

scripts are powerful languages used to automate OS functions and add interactivity to web pages. Scripts are executed by an interpreter rather than self-executing. MOST SCRIPT VIRUSES TARGET VULNERABILITIES (EXPLOITS) IN THE INTERPRETER.

Heuristic

software uses knowledge of the sort of things that viruses do to try to spot (and block) virus-like behavior

Program viruses

these are sequences of code that insert themselves into another executable program. When the application is executed, the virus code becomes active.

Firmware viruses

these are targeted against the firmware of a specific component, such as the drive controller. Often only used highly directed attacks.

Boot sector viruses

these attack the boot sector information, the partition table, and sometimes the file system

Macro viruses

these viruses affect Office documents by using the programming code that underpins macro functionality maliciously.

Spam

unsolicited email messages. Used to launch phishing attacks and spread viruses and worms. Main problem with spam filters is that they can block genuine messages too, leading to missed communications.


Ensembles d'études connexes

Pathophysiology term 1 Questions

View Set

Pysch (Midterm 3) - Quiz/Textbook Questions

View Set

CMST210 - Exam One (Chapter One)

View Set