Symptoms vary, the virus may open a backdoor for an attacker, delete files, install a zombie and join the system to a botnet, or cause the system to reboot intermittently.
Polymorphic Virus: This type of virus has the ability to change its binary pattern as it replicates or when it is executed. The code is encrypted and uses different encryption after each infection. The ability to change code makes it difficult for an antivirus program to detect this malware.
Armored Virus: This type of malware is able to fool antivirus programs as to its true location, making the antivirus believe it is located in one area while being located in a completely different area. Armored viruses use obfuscated code making it difficult to reverse engineer.
Trojans: Trojans are disguised as something useful, such as a screensaver, or legitimate software. Trojans are added to keygens so that a user activates pirated software. Here are some of the things that occur as a result of a trojan:
- Backdoor: gives an attacker remote control
- Email: Be used to harvest emails from the system
- Usernames & Passwords: Steal this info for bank accounts
- Download: Can be used to update itself or download other malware
One of the platforms for Trojans to be delivered is through email attachments. The best way to protect against this: to prevent executables from running, open the email in plain text, not HTML
CompTIA SYO-501 Security+ covers all of these in the objectives
No comments:
Post a Comment