eSecurity 2 - Malware Flashcards
Unit 5 (34 cards)
What’s malware?
Any software that is designed to disrupt or damage a computer system or sometimes a user.
Types of malware
Virus
Trojan
Worm
Spyware
Adware
Rootkit
Malicious bots
What could the consequences of malware be?
Some malware may just cause a minor irritation, such as slowing down a computer, but it could be much more serious, leading to identity theft, corruption of data or blackmail (either to do with personally collected data or to restore blocked data).
What’s a virus?
The only type of malware that infects new files in the computer system. It attaches itself to a clean file, replicates itself, then attaches itself to another clean file. It is designed to spread, much like a human virus.
The aim of a virus is to corrupt and disrupt data in a computer system. It is mainly a method of sabotage for this reason.
How does a virus start its job?
Once a virus has infected a file, it may begin to replicate immediately, or it can lay dormant until actions performed by the computer cause the code to be executed.
How do viruses spread more?
If an infected computer is part of a network, it can then begin to infect other computers on the network. A virus can be especially dangerous if it infects files on a server that are accessed by many different computers.
Signs your computer has a virus
Slower system performance
Files multiplying or duplicating on their own
Files being deleted without your knowledge
Minimising the risk of a virus
- Install robust anti-virus software since it’s hard to eradicate (thf, prevent it).
It’ll scan a computer system and find any files that it thinks contain a virus. It will quarantine these files and alert the user of their presence. The user can then select to delete these files. It is possible to remove this stage and set the software to automatically delete all quarantined files.
The anti-virus software can detect the presence of a virus by comparing the code to a database of known virus codes. If it finds a code that matches it will quarantine the file.
- Install firewall to detect malicious software trying to enter the system. Relies on the necessary criteria to be set in order to detect the malicious traffic in the first place.
- Careful inserting USB memory stick. You should immediately scan any USB memory stick that is inserted into your computer, even if it is your own storage device. It is very common for viruses to be spread through the use of portable storage devices.
Weakness of anti-viruses
It is dependent on the database it holds. Therefore, if a perpetrator manages to infect a system with a virus that is not in the database, it will not be recognised and removed. This could leave it to do a great deal of damage. For this reason, it is also important to update your anti-virus software to make sure that it includes the latest known viruses.
What’s a Trojan?
Type of malware that disguises itself as legitimate software, or is included in legitimate software that may have been infiltrated. They are mostly downloaded from an infected email or website.
Once it’s opened it will release another type of malware, such as a virus. A Trojan needs the user to run the program for it to release other malicious software. Therefore, it will usually encourage the user to run the program.
Minimising the risk of a trojan
It is difficult because they mask themselves as legitimate software. They require the user to make them run, so rely on the error of a user to operate, rather than detection by anti-virus or firewall.
The main way to minimise the risk of a Trojan is to only open files and click run software that you know is from a trusted source.
What’s a worm?
Type of malware that acts in a similar way to a virus. It replicates itself, does not need to attach itself to another program or file to cause damage. Worms exploit security holes and issues in a computer. These normally exist in the operating system.
Aims to fill up all free space on a computer to slow it down and bring it to a halt. Therefore, the first signs for a user that their computer has been infected with a worm is that it starts to run slowly and the space available on their hard drive begins to rapidly decrease.
How do worms spread?
A worm also tries to spread to different computers on a network. For this reason, worms are often used to infect a large number of computers on a network. If a worm is able to spread through a network, it can clog up bandwidth and slow the whole network down.
Worms are normally downloaded and spread through email attachments, peer-to-peer file sharing networks or using a link to website or resource. Once downloaded, they do not need any human interaction to replicate themselves.
Minimising risk of a worm
Worms exploit software vulnerabilities in a computer in the operating system or applications. Regularly check for, and install, updates for your operating system and your applications. This process can be set to automatically occur.
The same guidelines about minimising phishing should also be taken.
Anti-virus software can normally check for a worm too. Therefore, regularly scanning your computer.
Worms can be spread by network connections. Therefore, disconnecting your computer from a network, when the network resources are not required, can keep it safe during this time.
What’s spyware?
]how and what
Malware that is designed to gather information about your interactions with your computer. As the name suggests, the aim of spyware is to spy on the user. Spyware is normally used to gather personal and sensitive data that can be used in fraudulent or criminal activity.
Can be accidentally downloaded from pop-up ads, free cost apps, or consenting its download without knowing (small print).
What’s an example of spyware?
A key logger is installed on a user’s computer, normally without their consent. The key logger will then record any key presses that are carried out by the user. All this data is then sent to a third party to be analysed, normally by another computer, but can be done manually, to establish any patterns in the data. The patterns are then analysed to see if any of them look as though they could be personal or sensitive data, for example, a password.
What’s other things that spyware can do other than key logging?
A user can sometimes unknowingly allow a commercial company to use spyware for several purposes including:
Targeted marketing from tracking browsing habits
Sending unwanted and often irritating pop-up adverts
Installing add-ons and redirecting to advertising websites
Minimising the risk of spyware
Only download from trustworthy and reputable sources.
Do not click on any links or offers in pop-up ads.
Always read the small print when consenting to any user agreement. You are consenting to allowing spyware to be downloaded to track information such as your browsing habits. Look for clauses about sharing your data with third parties.
Cookies are a type of spyware that you may consent to be used to track your internet surfing habits. Check what you are allowing the company to do with the cookies that you consent to being used to track your actions.
Anti-malware software can scan your computer to see if any key logging software is present. It’ll normally remove any key logger if it is found. If it does find a key logger, change all your passwords immediately, in case your data has been gathered and analysed.
What’s adware?
Adware is a type of software that is designed to display targeted advertising on your computer. It does this by collecting data about your internet browsing habits. Adware can be legitimate, but it can also be illegitimate. Some program developers will justify the inclusion of adware in their product by claiming that it will generate revenue for them, keeping the cost of the product lower.
How can you end up with adware?
Adware can be bundled in legitimate software downloads. You may end up with adware on your computer without actually asking to download it. This happens when you are given the chance to customise what is downloaded. For example, there may be a hidden addition to the download of a task or search bar that is added to your current internet browser.
How does adware affect you?
Adware can prove difficult to delete as they do not normally have any uninstall feature. It may not act maliciously, but will often serve as a method of advertising for the company, or try to get you to use their search function.
Adware as malware will present adverts when a user is browsing the web that are often shown constantly. They are normally in the form of pop-up windows that cannot be closed. They can be very irritating.
Minimising the risk of adware
Be careful about what adware you allow to be installed on your computer. You may allow some adware to track your browsing habits online to see adverts for products that you might be interested in. You don’t want adware to make your browsing experience become irritating by having too many adverts popping up on a constant basis.
Check what is being downloaded onto your computer. Look at the list of component parts that will be downloaded and make sure that any that look like they could be adware (for example, a search bar or task bar addition to your browser) are not ticked. If they are present, untick them immediately before allowing the download to go ahead.
Once downloaded, unwanted adware can be very difficult to remove. It may take several scans with an anti-malware software to detect and remove the adware.
What’s a rootkit?
Computer program that enables a person to gain administrator access to a victim’s computer. They are designed to stay hidden on a user’s computer to be controlled from a remote location. A rootkit allows the unauthorised user to do several criminal acts with the computer, such as hide illegal files on a computer, use the computer as part of a large cyber attack or to steal personal data and information.
How do rootkits get installed?
Victim’s password is cracked or a vulnerability in the security system is exploited.
