LightBlog

Sunday, 10 March 2019

Ethical Hacking Tutorials - What is Malware?

Ethical-Hacking-Tutorials-What-is-Malware


Ethical Hacking Tutorials - What is Malware?

"Malware" is a part of a program or program that contains malicious ("goods") or unwelcome Impact on your Computer security. 

It contains several different words that you may have heard Before that, like "viruses", "worm" and "trojan" and possibly something that you do not like "Rootkit", "logbomb" and "spyware". 

This text will introduce, define, and interpret each of These subdivisions of malware, give you examples, and explain something Countermeasures can be installed to prevent problems caused by Malware.

What is Viruses? (VRI)


Virus - This is the most common type of malware that people will be aware of. the reason is that It is known as a virus, rather it is rather historical than anything else. The Press Launched the Earlier Stories About the spread of AIDS computer virus at the same time. 

At that time, there There were simple parallels which could easily be drawn between the two, propaganda through Interaction with a contaminated party, dependence on a host and last "death" Anything infected The result was this, and still, there are occasional concerns that people could do. 

A computer becomes "infected" with a virus.

Viruses or viruses are self-replicating pieces of software, which are similar to a biological virus, are attached In the second program itself, or, in the case of "macro virus", in the second file. 

Is a virus Only run when the program or file is played or opened. This is what separates the virus Insects If the program or file is not accessed in any way, the virus will not run and will not run Copy yourself forward.

There are several types of viruses, however, importantly, today is the most common form Macro viruses and others, such as boot sector viruses are now only found "in captivity".

Boot Sector Viruses


Boot Sector Virus The first type of virus was created. It hides in executable The code at the beginning of the bootable disk. This meant that to infect a machine, you need to boot from an infected floppy disk.

Before a long time, (15 years or more) booting There was a relatively regular occurrence with floppy, which meant that such viruses were actually By that time, the matter had spread well enough that people had come to know what was happening. This virus (and All other types) should leave a signature that detects subsequent infection efforts, therefore As not repeatedly to infect the same goal. This is the signature that allows other software (Such as anti-virus-software) to detect infection.

The Executable File Virus

The executable file virus attaches itself to files, such as .exe or .com files. Some viruses Especially for those programs which were a part of the operating system, and thus Every time the computer is most likely to turn on, it increases. The possibility of successful dissemination There were a few ways to add a virus

The executable file, some of which worked better than others. The simplest way (and at least Micro) was to overwrite the first part of the executable file with the virus code. It's aimed This virus executes, but this program will crash later, it will leave it a lot It was obvious that there was a transition - especially if the file was an important system file.

The Terminate and Stay Resident (TSR) Virus


TSR is a word from DOS where an app will load itself in memory, and then Be there in the background, so that the computer can run normally Foreground The more complex system of these viruses will intercept the call Uncover them and return false results - others will connect themselves with 'Dior'. Command, and then infect every app in the listed directory - anything Anti-virus software installed on the system has been stopped (or deleted).

The Polymorphic Virus

It was easy to detect early viruses. They had a definite signature to identify them, Either as a method to stop the infection again, or just that they were one The specific structure that was possible to detect. Then the polymorphic virus came together.

Poly - which means much more sophisticated - meaning size. These viruses change themselves Every time they repeat, rearrange your code, changing encryption, and generally Look at yourself completely differently. 

It created a very big problem as if there There were very small signatures that remained the same - some were "better" viruses Less to detect some bytes The problem was increased with Virus writing allowed the release of several polymorphic kits in the community Any virus has to be rebuilt as polymorphism.

The Macro Virus


Macro uses the built-in capability of several programs to execute the virus Code. Programs like Word and Excel are limited but are very powerful, versions of Visual Basic Programming Language 

This allows for automation of repetitive tasks, and Automatic configuration of specific settings These macro languages are misused Attach viral code to documents that will automatically copy itself to another document, and publicity 

Although Microsoft has discontinued this feature by default On new installations, it used to be that Outlook will execute some code automatically Connected to e-mail as soon as you read This meant that the virus was promoting Very fast, it has been sent to the e-mail address, which was stored on Infected machine.


What is Worms


Worms are older than viruses. The first worm was first made by the virus several years ago. This worm used a flaw in the UNIX Finger Command so that it could be quickly moved to the bottom Internet (which was very small at that time) It is related to the following section Insects

A worm is a program that, after starting, repeats without any need for human intervention. This will propagate from host to host to take advantage of Unsafe service or services. 

This will back a network without the need of a user Send an infected file or e-mail. Most of the press events have occurred recently Bugs instead of viruses.

Trojan and Spyware


The first Trojan Horse was built by the Greeks several thousand years ago. Think about the Film "Troy" if you have seen it). The basic concept is that you press something in something Otherwise secure computer under the guise of some good. 

It can range from one Downloading the game trailer on e-mail while promising the nude photos of your favorite celebrity. The section includes Trojan and spyware.

Trojans are fragments of malware that are either useful or flowing as something You are desirable to get them to run. 

At this point, they can do some unpleasant things Install your computers such as backdoors or a rootkit, or worse - dial one Premium rate phone number that will cost you money Spyware is a software that often installs itself from websites you can go to. Once installed, it will look for information that it considers valuable. It can be used

Statistics about your web surfing or it may be your credit card number. Some pieces of Spyware blown the cover of all your ads instead of teasing Desktop.

Rootkit and Backdoors


Often when a computer is compromised by a hacker, they will try to Install a method to maintain easy access to the machine. There are many variations on this, Some of which have become quite famous - there is a look on the Internet for "back orphis"!

Rootkits and backdoors are pieces of malware that create ways to maintain access For a machine. They can be simple (from a program listening to a port) to many Complex (programs that will hide processes in memory, modify log files and listen to Harbour ). Often a backdoor would be as simple as creating an additional user in a password file Who has super-user privileges, in the hope that it will be ignored. that's because The backdoor is designed to bypass the system's general authentication. Sobig and MyDoom virus installs backdoor as part of its payload.


Logic bombs and Timebombs

System programmers and administrators can be quite weird people. It has been known There should be measures on a system that must meet certain criteria to be active.

for Example, A program can be created, which administrator should fail to log in for more For three weeks, the disk will start to remove random bits of data. It happened in Famous cases related to programmers in the company of General Dynamics in 1992.

He created a logic bomb, which will remove important data and which was set to be activated After her departure. They expected that the company would pay them a significant amount Come back and fix the problem. 

However, another programmer found a logic bomb Before it was closed, and the malicious programmer was convicted of a crime and fined $ 5,000 US dollars. The judge was merciful - the penalty was imposed for the charges presented in the court $ 500,000 USD, as well as prison time

Logic bombs and Timebombs are programs that do not have any replication capabilities The ability to create an access method, but there are parts of the application or application Due to damage to the data, they should be activated. 

They can stand alone, or run away Insects or viruses Timebomb is programmed to issue its payload at a fixed time.

When there is a certain event, LogicBom is programmed to release its payload. However, the idea behind Timebomb is also useful. Timebomb programming Used to allow you to download a program and try for a period of time - usually 30 days. 

By the end of the trial period, the program stops working, unless there is a registration code. Has provided. This is an example of non-malicious timebomb programming.

Countermeasures

There are several ways to detect, remove and prevent malware. some These are general knowledge, there are other technical options. Following section, Some of these highlighted, with a brief description and example.


Anti-virus

Anti-virus-software is available in many commercial and open-source versions. Do all this work Follow the same method. Each of them has a database of known viruses and they will By signing these against the files on the system, see if there are any infections or not. 

Often, though, with modern viruses, these signatures are very small, and can often be False positives - Things that appear as viruses that are not Some virus scanners do one thing The technique is known as heuristics, which means that they have a concept of what the virus looks like Like "and can determine whether any unknown application matches these criteria.

Recently antivirus software has exceeded the limit in host-based intrusion check, keeping a list in mind. Files and checksums for scanning speed.

NIDS

Detecting network intrusion is similar to an antivirus virus. It looks like a special sign or Behavior with worm or virus It can then alert the user, or stop automatically Network traffic carrying malware

HIDS

Host-based intrusion detection systems, such as tripwires, are able to detect changes Made for files. 

It is reasonable to expect that an application, once compiled, should not be Need to change, so looking at its various aspects, such as its size, the last revision date, and Checksum, make it immediately clear that something is wrong.

Firewall

Worms engage in weak services on each host and promote the whole network. Apart from ensuring that none of these insecure services are in progress, the next best thing is To make sure that your firewall does not allow connections to these services. 

Many modern The firewall will provide some type of packet filtering that is similar to a NIDS that will control the packets Matcha definite signature (Firewall Section 7.1.2 has been discussed in more detail).

Sandboxes

The concept of the sandbox is simple. Your application has a small world to play in Nothing can be done for the rest of your computer. It has been implemented in Java as a standard Programming Language and other utilities like Chirot can also be implemented In Linux, This prohibits the damage that any malware host can do with the Operating System Just denying it the necessary use. 

Another option is to run a full machine inside a machine Using a virtual machine product like VMWare. It separates the virtual machine from the Host operating system only allows user-defined access.

Good Security Advice

You can do many simple things to reduce your risk for malware.
  • Download only from reputable sources (this means W4R3Z, please.)
  • Do not open e-mail attachments from people you do not know.
  • Do not skip the default macros enabled in your applications.
  • Keep your OS and applications up to date with patches.
  • Download and install software with Checksum - Check the checksum.


Related:

No comments:

Post a Comment