9.1 - Malware

 9.1 - Malware 

 

Key Terms: 

    • Malware – Software designed to perform malicious and disruptive actions. 
    • The Computer Fraud and Abuse Act – A law that addresses computer related offenses and the cracking of computer systems. 
    • The Patriot Act – Expanded the powers of the Computer Fraud and Abuse Act. 
    • CAN-SPAM Act – Passed to reduce the spread of SPAM. 
    • CrypterSoftware that protects malware code from being analysed and reverse engineered. 
    • Exploit – Taking advantage of a bug or vulnerability. 
    • Injector – A program that injects malware into vulnerable running processes. 
    • Obfuscator – Concealing malware through different techniques. 
    • Packer – Compressing malware to hide it. 
    • Payload – The part of the malware that performs its intended purpose. 
    • Malicious code – Code that defines the malware’s functionality. 
    • Sheep dipping – Analysing emails, files, and systems for malware. 

 

The Computer Fraud and Abuse Act 

The CFAA was introduced in 1984 and has been updated many times since. It defines what computer related crimes are and that they are punishable by law. 

 

The Patriot Act 

This act was introduced to extend the powers of the CFAA. It aimed to make the language used clearer and updated the laws so that they are more relevant to modern computing crimes. 

 

CAN-SPAM Act 

This law was introduced in 2003 with the aim to control SPAM through rules and guidelines for marketing. Under this law, companies must make sure they use accurate headers, subject lines, identifying the message as an advertisement, providing the ability to opt-out, and honouring opt-out requests. 

 

Malware Components 

    • CrypterThis protects the malware from being detected by anti-virus software and analysed. 
    • Exploit – This takes advantage of a bug or vulnerability to execute malware. 
    • Injector – The injector executes malware into other running processes to make it more hidden. 
    • Obfuscator – This conceals the malware. 
    • Packer – This compresses the malware. 
    • Payload – This executes the malicious action the malware was designed to do. 
    • Malicious code – This defines the malware’s basic function. 

 

Virus 

A virus is the most common type of malware. A virus is a self-replicating program that often attaches to legitimate programs to hide itself. It duplicates itself through the computer, attaching to files and causing harm. This is much like a real virus where it self-replicates around the body and hides in cells. 

 

System/Boot Sector Virus 

A virus that embeds itself into the startup file on a computer so that when it is started, the virus gets executed. 

 

Worm 

Worms are self-replicating programs that don't have to be attached to any other programs/files. Once a worm is on a system, it can start running immediately. Worms can also jump between computers on a network, spreading themselves. 

 

Countermeasures 

The main defence against malware are anti-virus programs. These must be kept updated and should scan the system regularly. Companies should also have a strong anti-virus policy to make sure all employees are protected. Installations and downloads should be done carefully, especially if it is from an unknown source. 

 

Trojan 

A Trojan horse program is a type of malicious program that injects itself into legitimate programs to be hidden and trusted by the user. Trojans grant the hacker remote access to a system. From the user’s perspective, it may look like the computer has been possessed which is usually a good sign of a trojan. 

 

Remote Access Trojan (RAT) 

This malware allows hackers to have remote access to a system by tricking the user into believing it is a legitimate file. 

 

Backdoor Trojan 

Creates a backdoor in the system so a hacker can access it. This trojan bypasses security measures such as firewalls. 

 

Botnet Trojan 

This trojan turns the computer into a zombie machine to be part of a botnet. This would happen to a lot of PCs and allows the hacker to perform attacks with high amounts of resources. 

 

Banker Trojan 

This program monitors the user’s activity and steals important information, usually based around finances. 

 

Internet of Things Trojan (IoT) 

This trojan targets IoT devices such as digital thermostats, door controls, locks, and HVAC systems. 

 

Rootkit 

This is a program that gives the hacker root (administrator) privileges on a machine. These programs also install keyloggers and other monitoring programs onto the system. 

 

Spyware 

Spyware programs are designed to stealthily collect information from a system. Spyware will monitor web activity, keystrokes, network activity, application history, and downloads. 

 

Adware 

Adware is not necessarily harmful but is very invasive. Adware displays unwanted advertisements on screen for users to see. These adverts are usually in the realm of pop-ups. 

 

Scareware 

Scareware displays messages on a victim’s computer that state something bad will happen to their computer. This is usually accompanied by a phone number or website that leads them to malicious activity. Scareware is not harmful to the computer however it can cause harmful effects. 

 

Ransomware 

Ransomware is a very sophisticated malicious program. It works by encrypting user files into unreadable media. If the user wants their files back, they must directly pay the hacker in untraceable currency such as cryptocurrency for the decryption key. 

 

Malware Infection Techniques 

Malicious USB drives can contain malicious programs that causes harm to a system. Phishing emails can contain attachments that have malicious files in them. They can also be put on malicious websites that are used to decieve users into downloading malware and running it. 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more