security essentials ch 3
fee-based Internet backup services
- file feedback information - delayed deletion
types of malware Traits
1. Circulation 2.Infection 3.concealment 4.payload capabilities
types of malware
1. Virus 2. Worm 3. Trojan
2 actions of the virus
1st) it unloads a payload to perform a malicious action/s; examples: -caused a computer to crash repeatedly -erased files from a hard drive -turned off the computer security settings -reformatted the hard disk drive 2nd) reproduce by inserting its code into another file on the same computer. A virus can only replicate on the host computer by itself. Instead it is located; it cannot automatically spread to another computer by itself. it must rely on actions of users to spread... since it is attached to files it must be send or transferred
arbitrary code execution
6. Malware payload allows an attacker to execute virtually any command on the victim's computer an attacker's ability to execute any command of the attacker's choice on a target machine or in a target process.
Other important terms to know;
Botnet: A number of Internet connected devices that are running one or more bots. Botnets are used to perform distributed denial of service attacks, send spam, and steal data. Containment: The process of stopping the spread of malware, and preventing further damage to hosts. Endpoint: A security approach to the protection of computer networks that are remotely bridged to client devices. Devices that are not in compliance can thereby be provisioned with limited access. Privilege: In computing, privilege means the access to modify a system. Signature: Signs that are specific to either a certain type of behavior or a specific item of malware. Threat: In computing security, a computer or network is deemed under threat when it harbors persistent software vulnerabilities, thereby increasing the possibility or certainty of a malicious attack Track: Evidence of an intrusion into a system or a network. Advanced malware can clean folders, clear event logs, and hide network traffic to cover their tracks. Zombie: A computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse. It can be used to perform malicious tasks.
Payload capabilities
The part of the malware program that actually does the damage. allows the attacker to execute the commands on the remote computer or to steal the passwords and other valuable data from the users system, deletes programs so the computer cannot function properly and to modify security settings It can use Affected computer to launch attacks on other computers
keylogger
a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information. - Keyloggers can be used to capture passwords, credit card numbers, or personal information. - Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. - Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet.
logic bomb
a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company. -Erase all data if John Smith's name is removed from the list of employees. -Reformat the hard drive three months after Susan Jones left the company. -If the company's stock price drops below $10, then credit Jeff Brown with 10 additional years of retirement credit.
Viruses
a piece of software must possess to qualify as a virus is an urge to reproduce that is programmed into it. This mechanism means that this type of malware will distribute copies of itself, using any means to spread. Another characteristic common to viruses is that they are covert, making it hard to detect their presence on a system, without dedicated security programs called antivirus. They hide within computer files, and the computer must run that file (execute that code, in other words) for a virus to do its dirty work. At its core, a virus is nothing but a contagious code or program that attaches itself to other software and usually requires human interaction to propagate. This is how viruses are further classified, depending on whether they reside in binary executables, data files, or in the boot sector of a hard drive of a particular system. **A virus will self-replicate on the host computer but not other computers.**
rootkit
a set of software tools that enable an unauthorized user to gain control of a computer system without being detected. Uses tools to hide the actions or presence of other types of software, such as trojans, viruses or worms. they change the operating system to force it to ignore their malicious files or activities
backdoor
access a computer, program, or service that circumvents any normal security protections
Trojan
any malicious computer program which misleads users of its true intent. ... Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
Trojans
any malicious computer program which misleads users of its true intent. ... Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
spyware
general term used for describing software that gathers information without the user's consent
Worms
malicious program that uses a computer network to replicate (sometimes called network viruses) it is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an operating system. it searches for another computer with the same vulnerabilities
Circulation/Infection
primary trait is spreading rapidly to other systems in order to impact a large number of users. malware can circulate through a variet of means: by using the netwrok to which all the devices are connected, through USB flash drives that are shared AMONG USERS, OR BY SENDING THE MALWARE AS AN EMAIL ATTACHMENT.
worm symptoms and traits
slow down the network through which they were transmitted by replicating so quickly that they consumed all network resources. Actions performed by the payload they leave behind; -deleting files on the computer -allowing the computer to be remotely controlled by an attacker **A worm will self-replicate between computers (from one computer to another)**
adware
software that automatically displays or downloads advertising material (often unwanted) when a user is online. - it can interfere with a user's productivity - it displays objectionable content - it can cause a computer to crash or slow down
Malware
software that enters the computer without the user's knowledge, it intends to damage or disable computers and computer systems. allowing attacker access to confidential and sensitive information, as well as the ability to spy on personal and private computers.
malware that have primary trait of circulation/infection are:
viruses, worms and trojans
Botnets are composed of
zombies