Chapter 3: Computer Security
Attacks Using Malware
• Malware (malicious software)
– Software that enters a computer system without the owner’s knowledge or consent
– Performs unwanted and usually harmful action
• Method of classifying the various types of malware is by using the primary trait of the
malware:
– Circulation
– Infection
– Concealment
– Payload capabilities
Circulation/Infection
• Malware can circulate: (network, email, USB)
– By using the network to which all devices are connected
– Through USB flash drives that are shared among users
– By sending the malware as an email attachment
• When reaching a system, malware must “infect” or embed itself into the system
• Three types of circulation malware:
– Viruses, worms, and Trojans
• Viruses
– Malicious computer code that reproduces on a single computer
• Methods of spreading virus
– Virus appends itself to a file
– Appender infection
• Virus changes the beginning of the file
• Adds jump instruction pointing to the virus
– Split infection
• Injects portions of code throughout program’s executable code
• Types of viruses
– Program virus
• Infects program executable files
– Macro virus
• Stored within a user document
• Virus actions
– Causing computer to crash repeatedly
– Erasing files from hard drive
– Turning off the computer’s security settings
– Reformatting the hard disk drive
• Virus can only replicate on host computer
– Cannot spread between computers without user action
– Must rely on the actions of users to spread to other computers
– Spread by a user transferring infected files to other devices
• Worms
• Worms’ vs viruses
, (Does not relay on the user’s action)(virus = files , worms= software that enters the
computer , infinite loop).
– Malicious program that uses a computer network to replicate
• Takes advantage of a vulnerability in program or OS
– Searches for another computer with same vulnerability
– Sends copies of itself over the network
• Worm actions
– Deleting files on the computer
– Allowing the computer to be remotely controlled by an attacker
• Trojans
– An executable program that masquerades as performing a benign activity while
actually doing something malicious
Action Virus Worm Trojan
What does it do? Inserts malicious code Exploits a vulnerability Masquerades as
into a program or data in an application or performing a
file operating system benign action but
also does something
malicious
How does it spread to User transfers infected Uses a network to travel User transfers Trojan
other computers? files to other devices from one computer to file to other
another computers
Does it infect a file? Yes No It can
Does it require user Yes No Yes
action to spread?
Concealment
• Rootkit
(hide any malicious activity)(having rootkit - even if you have the best antivirus you will
never be able to know about the virus , never detect malicious activity )
– Set of software tools used by an attacker
– Conceals presence of other malware (viruses, worms, or Trojans)
– Actions
• Hide or remove all traces of evidence that may reveal the malware (such as
log entries)
• Changing operating system to ignore malicious activity
How to delete rootkit from the computer? (there is only one solution which is formatting
the device and deleting all files including operating system)
Payload Capabilities
Attacks Using Malware
• Malware (malicious software)
– Software that enters a computer system without the owner’s knowledge or consent
– Performs unwanted and usually harmful action
• Method of classifying the various types of malware is by using the primary trait of the
malware:
– Circulation
– Infection
– Concealment
– Payload capabilities
Circulation/Infection
• Malware can circulate: (network, email, USB)
– By using the network to which all devices are connected
– Through USB flash drives that are shared among users
– By sending the malware as an email attachment
• When reaching a system, malware must “infect” or embed itself into the system
• Three types of circulation malware:
– Viruses, worms, and Trojans
• Viruses
– Malicious computer code that reproduces on a single computer
• Methods of spreading virus
– Virus appends itself to a file
– Appender infection
• Virus changes the beginning of the file
• Adds jump instruction pointing to the virus
– Split infection
• Injects portions of code throughout program’s executable code
• Types of viruses
– Program virus
• Infects program executable files
– Macro virus
• Stored within a user document
• Virus actions
– Causing computer to crash repeatedly
– Erasing files from hard drive
– Turning off the computer’s security settings
– Reformatting the hard disk drive
• Virus can only replicate on host computer
– Cannot spread between computers without user action
– Must rely on the actions of users to spread to other computers
– Spread by a user transferring infected files to other devices
• Worms
• Worms’ vs viruses
, (Does not relay on the user’s action)(virus = files , worms= software that enters the
computer , infinite loop).
– Malicious program that uses a computer network to replicate
• Takes advantage of a vulnerability in program or OS
– Searches for another computer with same vulnerability
– Sends copies of itself over the network
• Worm actions
– Deleting files on the computer
– Allowing the computer to be remotely controlled by an attacker
• Trojans
– An executable program that masquerades as performing a benign activity while
actually doing something malicious
Action Virus Worm Trojan
What does it do? Inserts malicious code Exploits a vulnerability Masquerades as
into a program or data in an application or performing a
file operating system benign action but
also does something
malicious
How does it spread to User transfers infected Uses a network to travel User transfers Trojan
other computers? files to other devices from one computer to file to other
another computers
Does it infect a file? Yes No It can
Does it require user Yes No Yes
action to spread?
Concealment
• Rootkit
(hide any malicious activity)(having rootkit - even if you have the best antivirus you will
never be able to know about the virus , never detect malicious activity )
– Set of software tools used by an attacker
– Conceals presence of other malware (viruses, worms, or Trojans)
– Actions
• Hide or remove all traces of evidence that may reveal the malware (such as
log entries)
• Changing operating system to ignore malicious activity
How to delete rootkit from the computer? (there is only one solution which is formatting
the device and deleting all files including operating system)
Payload Capabilities
