Security Academy – Course 104 : Malware Part 2

Check other parts here:

In part one, we have identified malware as the umbrella term. This is a big catchall phrase that covers all sorts of software with nasty intent. In this post, we will talk about how malware will reach you [Delivery Methods]

Virus : Breaks Stuff

[Key thing to remember] They need the first click from the user!!!]

Virus_Stuff

It is a type of Malware and it is nothing but a piece of code that is designed to render your PC completely inoperable, while others simply delete or corrupt your files—the general point is that a virus is designed to cause havoc and break stuff.

Often viruses are disguised as games, images, email attachments, website URLs, shared files or links or files in instant messages.

Spread:

Viruses can spread sometimes to other machines, but usually it spread slowly and most of the time, rely on the user to transfer the infected file. You can have viruses in your computer but they are setting there doing nothing until you click on the executable they attach themselves to. So it needs a human action and they don’t propagate by themselves. Infected USB drives are famous way of moving the virus around.

An interesting  type of viruses are Macro Viruses. A macro is a piece of code that can be embedded in a data file. In most respects, macro viruses are like all other viruses. The main difference is that they are attached to data files (i.e., documents) rather than executable programs.

Effect:

It infects files and programs and usually destroy files and can also interfere with computer operations by multiplying itself to fill up disk space or randomly access memory space, secretly infecting your computer.

Worm: Copy Themselves <massive effect>

[Key thing to remember] They don’t need the first user click or any action. They can propagate by their own using your network.

worm

Some consider them sub class of viruses but the key difference is that they don’t need the first user click or any action. They can propagate by their own.

It is called warm because they can move around by their own. You can think of them as viruses that are self-contained and go around searching out other machines to infect.

Effect:

Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding.

Examples

Some of the most famous worms include the ILOVEYOU worm, transmitted as an email attachment, which cost businesses upwards of 5.5 billion dollars in damage. The Code Red worm defaced 359,000 web sites, SQL Slammer slowed down the entire internet for a brief period of time (75000 infections in the first 10 minutes !), and the Blaster worm would force your PC to reboot repeatedly.

Spread

 worms are standalone software and do not require a host program or human help to propagate. It also uses a vulnerability or social engineering to trick the user into spreading them.

Worm rely on network to spread. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver’s address book, and the manifest continues on down the line.

Trojans Horses: Install a Backdoor

In simple words, it is a software that you thought was going to be one thing, but turns out to be something bad.

Do you remember that story you had to read in high school about the big wooden horse that turned out to be full of guys with spears? This is the computer equivalent.

trojan horse

It is a program that either pretends to have, or is described as having, a set of useful or desirable features but actually contains damaging code.

Generally, you receive Trojan horses though emails, infected webpages, instant message, or downloading services like games, movies, and apps. True Trojan horses are not technically viruses, since they do not replicate; however, many viruses and worms use Trojan horse tactics to initially infiltrate a system.  So although Trojans are not technically viruses, they can be just as destructive.

7 comments on “Security Academy – Course 104 : Malware Part 2

  1. Pingback: Security Academy – Course 101: Know Your Enemy | Ammar Hasayen - Blog

  2. Pingback: Security Academy – Course 102: Types of Network Damage | Ammar Hasayen - Blog

  3. Pingback: Security Academy – Course 103 : Why in the heck do I get attacked? | Ammar Hasayen - Blog

  4. Pingback: Security Academy – Course 104 : Malware Part 1 | Ammar Hasayen - Blog

  5. Pingback: Security Academy – Course 104 : Malware Part 3 | Ammar Hasayen - Blog

  6. Pingback: Security Academy – Course 105 : Botnets Part 1 | Ammar Hasayen - Blog

  7. Pingback: Security Academy – Course 105 : Botnets Part 2 | Ammar Hasayen - Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s