Attacks Using Malware
Malware is any software designed to damage or disrupt a computer system without the owner’s knowledge or permission. It gets in using a “threat vector” (like an email attachment or infected website) and then unleashes its payload – the actual harmful action.
Attacks Using Malware (Mutation)
Some malware is designed to change its code, making it harder to detect. We have three types:
- Oligomorphic: Changes to a set of pre-defined variations. Think of it like having a few different costumes.
- Polymorphic: Completely transforms its code each time it runs. A shapeshifter.
- Metamorphic: Rewrites its own code entirely, looking completely different every time. A master of disguise.
Attacks Using Malware (Classification)
We can also classify malware based on its key characteristics:
- Circulation: How quickly it spreads.
- Infection: How it infiltrates a system.
- Concealment: How well it hides itself.
- Payload Capabilities: What harmful actions it performs.
Viruses
Viruses are malicious code that replicates itself on the same computer. They need a host file (program or document) to attach to. Infection methods include:
- Appender: Attaches itself to the end of a file. Relatively easy to detect.
- Swiss Cheese: Injects itself into the executable code. More difficult to detect due to code scrambling.
- Split: Splits itself into multiple parts, scattered throughout the host. Harder to find.
Viruses primarily do two things:
- unload their payload (the damage) and reproduce themselves.
- They don’t spread automatically to other computers; they rely on user actions (like opening an infected file).
Worms
Worms replicate themselves across networks, spreading independently without needing a host file like viruses. They actively seek out new victims on the network and can consume resources or deliver payloads.
Trojans
Trojans disguise themselves as legitimate software. You download something that seems harmless, but it secretly contains malicious code. They don’t replicate themselves like viruses or worms.
Rootkits
Rootkits are tools used to hide malware’s presence. They can manipulate system files and logs to conceal their activity, making it very difficult to detect. Essentially, they take control and mask what’s happening on the system.
Payload Capabilities
Malware payloads aim to: collect data, delete data, modify system security settings, or launch further attacks.
Collect Data
- Spyware: Secretly collects information without your consent. Keyloggers are a type of spyware that records keystrokes (passwords, credit card numbers, etc.).
- Adware: Displays unwanted ads and often tracks your online activity to sell this data to advertisers.
- Ransomware : Ransomware encrypts your data and demands a ransom for its release. We’ll discuss recent examples.
Delete Data – Logic Bombs
Logic bombs are dormant code that activates when a specific condition is met (e.g., a date, a certain file being accessed). They’re hard to detect until they trigger.
Backdoors - Modify System Security
Backdoors Proved attackers with secret access, bypassing normal security measures. They allow persistent access even after the initial attack.
Botnets
Zombies are infected computers under an attacker’s remote control. A botnet is a network of these zombies, controlled by a “bot herder,” used to launch large-scale attacks. Command and control (C&C) structures use protocols like HTTP to communicate instructions.
Social Engineering Attacks
Social engineering exploits human psychology to trick individuals into revealing information or taking actions that compromise security.
- Psychological Approaches: Building trust and using subtle manipulation techniques.
- Impersonation: Pretending to be someone else (IT support, a manager, etc.).
- Phishing: Deceptive emails or websites designed to steal credentials. Variations include: Pharming (redirecting to fake websites), spear phishing (targeting specific individuals), whaling (targeting high-profile individuals), and vishing (voice phishing).
- Spam: Unsolicited emails, often carrying malware. Image spam uses images to evade filters.
- Hoaxes: False warnings, often manipulating victims into making system changes that compromise security.
- Typo Squatting: Registering domain names similar to legitimate sites to capture traffic from typos.
- Watering Hole Attacks: Targeting a specific group of users who visit the same website.
- Physical Procedures: Dumpster diving, tailgating, shoulder surfing.
Submissions
Submit your work through the ‘Assessment 1 Practical Lab Work’ before you leave the class Lab 1 CSES >>> Lab 2 CSES >>>