![]() Takes advantage of vulnerability in application or host OS. Sends copies of itself to other network devices bat file Uses a "computer network" to replicate bat File a plain text file that contains commands for repetitive tasks. XCOPY c:\original c:\backupfolder /m /e /y macro virus in. When downloaded or delivered in email attachment its clicking will run the file overwrite infection Runs on MS windowsĪlso called shell script, script, batch program Programs do run but provide additional malicious features etc. Destroy specific functionality in an application Some viruses overwrite existing program code on the system disk or stored in memory(e.g., TRj.reboot virus) to reproduce itself by inserting its code into another file, but only on the same computer a malicious program (program virus) which, after infection, will effectively destroy the original program code it unloads a payload to perform a malicious actionĢ. To make detection even more difficult these parts may contain unnecessary "garbage" code to mask their true purpose split infection Two actions that are performed by a virus when an infected program is launched or the data file is open, either by the user or the operating system 1. Gives control to next piece of virus code Head of virus code starts at beginning of file When the program is launched, the different pieces are then tied together and unscramble the virus code swiss cheese infection Virus codes split into several parts (instead of inserting pieces of the decryption engine throughout the program code) divide the engine to unscramble (decrypt) the virus code into different pieces and inject these pieces throughout the infected program code (decryption engine with decode instructions and decryption key) scramble (encrypt) the virus code to make it more difficult to detectĢ. ![]() Normally, the host program keeps functioning after it is infected appending Program viruses designed to avoid detectionĮx: Swiss cheese infection, split infection armored viruses Instead of having a single jump instruction to the "plain" virus code, it performs two actions to make detection more difficult:ġ. Replaces the beginning of file with a jump instruction pointing to the virus code (ex. Normally, the host program keeps functioning after it is infected prepending infection Program virus appends itself to the end of the file Relatively easily detected by virus scanners Once the document is opened, the instructions executeĭangerous: people don't normally think of viruses in documentsĭetected by anti-virus tools macro/data virus Program virus prepends itself to the beginning of a file Most common are written in a script stored within the user document Sed to automate a complex set of tasks or a repeated series of tasks Series of instructions that can be grouped together as a single command But this is not always the case program virus Virus part of a data file (rather than an executable program) Some antivirus scanners automatically consider a file to be secure if it is signed with a valid digital certificate. To avoid the detection, the attackers can carefully matching number of bits of the file to avoid detections (solar winds attack on US government) exe files are digitally signed and thus changes can be detected. Many virus developers go extra miles to avoid detection of changes in the execution file Two main types of circulation viruses program virusĭata/macro virus Inserted/injected into a benign executable file (.exe)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |