Non-Physical Threat

From GEST-S482 Digital Business
Jump to navigation Jump to search

Virus

A computer virus is a type of computer program designed to, when executed, to infect executables (.exe or .dll) that it will modify by inserting its own code.

Examples:

  • Sality

Sality is classification for a familly of malwares infecting Microsoft Systems. Its goal is to form a botnet to relay spam, proxying communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks for the purpose of processing intensive tasks.

  • Virut

Virut is also a botnet malware. It has been used for DDoS attacks, fraud, data theft,...

Note: The term virus is often misused for malware. Malware is the term englobing virus but also all the onces cited bellow.

Trojan

Named after the famous ancient Greek story, a Trojan horse is a malware that misleads its user of its intent. It is commonly used to collect personal data such as banking information and passwords for example. Another usage of this malware is to create a botnet.

Computer Worms

There are several ways how computer worms can be transmitted (a few are listed below):

  • software vulnerabilities
  • as attachments in spam emails
  • instant messages (IMs)

Once installed, a computer worm can go to work and independently infect the machine without the user's knowledge.

They can:

  • modify and delete files
  • make copies of itself
  • steal data
  • install a backdoor
  • etc.

Difference between virus and worms

The overall name of a harmful software is called Malware. It includes both viruses and worms

A virus that enters your system lays in it until you execute it or take some other required action. Once activated, the virus inserts its code into other programs on your device to help copy itself, corrupt your files, damage device performance, and spread to additional devices.

Computer worms are self-sufficient programs that don’t require a host program or file. Thus, worms do not rely on you to trigger them. Many worms can self-replicate and self-propagate without any human activation. This allows worms to spread extremely quickly, often over a local network and sometimes at an exponential rate.

Ways to protect yourself from computer worms

  1. Adequate and up-to-date protection software
  2. Regularly run scans like a virus scan
  3. As worms replicate themselves a lot of time, they can occupy a lot of space on your device. Is your utilization coherent with the free space that is left?
  4. Monitor speed and performance. Are programs often crashing?
  5. Are there files that have gone missing?

Features

Features Explanation
Independence A worm does not need a host program, as it is an independent program or code chunk. Therefore, it is not restricted by the host program, but can run independently and actively carry out attacks.
Exploit Attacks Because a worm is not limited by the host program, worms can take advantage of various operating system vulnerabilities to carry out active attacks.
Complexity Some worms are combined with web page scripts. There are also some worms that are combined with backdoor programs or Trojan horses.
Contagiousness Worms are more infectious than traditional viruses. They not only infect local computers, but also all servers and clients on the network based on the local computer. Worms can easily spread through shared folders, e-mails, malicious web pages, and servers with a large number of vulnerabilities in the network.

Spyware

software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

Keylogger

A keylogger is a software that you install without having any acknowledge of its presence. From the time of installation, everything you will type in on the keyboard will be saved (e.g. passwords)

Adware

An adware is a type of malware which consists in different forms of pop-ups or windows displaying unwanted advertisement on a user's screen. They often are legal, and thus not dangerous but simply annoying, however some can be real threats and are able to spy the user's activity on their computer.

Denial of Service Attacks

A Denial of Service (DoS) attack is a cyber-attack that aims at making a machine or a network ressource unavialable to its intended users. This is done by flooding the target with requests in order to slow down or prevent any legitimate request from being fulfilled. Theses attacks are easily blocked by blocking a single source.

An analogy to DoS could be if a prankster decides to call over and over your phone, preventing you from getting legitimates call. This problem is easily overcome by blocking the number of the prankster.

A Distributed Denial of Service (DDOS) attack counters the possibility to block a single source by sending requests from multiple sources.

An analogy to DDoSing is if the telephone number of a star is leaked and loads of pranksters decide to call this star. It will prevent this star from getting legitimate phone calls and its only solution will be to shut it's phone down (i.e. the server).

Access to computer

Getting access to the computer of old people and scamming them is a very lucrative business in some parts of the world. It is very important to teach everyone to NEVER let unknown people access your computer. Often time scammers will ask vulnerable people to install TeamViewer or a similar legit program but then use it for bad things. If you want to know how these scammers operate and how to combat them, watch Jim Browning and his newest videos like;

Access to web application

Phishing

The purpose of this non-physical threat is to retrieve sensible information through a reputable company. One of the most used platform to connect with people is the mailboxes. Although the certificat can be valide, the website is not the correct one.

Ransomware

Ransomware is a type of malicious software (malware) designed to block access to a computer system until a sum of money is paid.

There are different types of ransomware :

  • Encryption ransomware : the idea is to encrypt personal files and folders documents (spreadsheets, pictures and videos). The affected files are deleted once they have been encrypted and user generally encounter text file with instructions for payments in the same folder as the now non-accessible file.
  • Locker ransomware: it locks the computer screen and demand a payment to unlock the device.
  • Master boot record (MBR) ransomware : Master boot record is the part of the computer hard drive that allow the operating system to boot up. This kind of ransomware change the computer in MBR to an abnormal boot process and the process is interrupt.

For example: you receive a word file and by opening the word document and turning on macros ( it is the hack), the user become infected with ransomware. The user's files are now encrypted. The criminals leave a ransom note. To solve this, paying is not a guaranteed solution and it proves to cybercriminal that their technique works !

Other computer security risks

Sextorsion

Where to go?

Main page Exercises - Next Session Cryptography