Skip to main content

Describe the types

CompTIA Security+ Guide to
Network Security Fundamentals,
Fifth Edition
Chapter 2
Malware and Social Engineering Attacks
© Cengage Learning 2015
Objectives
• Define malware
• List the different types of malware
• Identify payloads of malware
• Describe the types of social engineering
psychological attacks
• Explain physical social engineering attacks
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
2
© Cengage Learning 2015
Attacks Using Malware
• Malicious software (malware)
– Enters a computer system:
• Without the owner’s knowledge or consent
– Uses a threat vector to deliver a malicious “payload”
that performs a harmful function once it is invoked
• Malware is a general term that refers to a wide
variety of damaging or annoying software
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
3
© Cengage Learning 2015
Attacks Using Malware
• Attackers can mask the presence of their malware
by having it “mutate” or change
• Three types of mutating malware:
 Oligomorphic malware – changes its internal code to
a predefined mutation whenever executed
 Polymorphic malware – completely changes from its
original form whenever it is executed
 Metamorphic malware – can rewrite its own code and
thus appears different each time it is executed
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
4
© Cengage Learning 2015
Attacks Using Malware
• Malware can be classified by the using the primary
trait that the malware possesses:
 Circulation – spreading rapidly to other systems in
order to impact a large number of users
 Infection – how it embeds itself into a system
 Concealment – avoid detection by concealing its
presence from scanners
 Payload capabilities – what actions the malware
performs
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
5
© Cengage Learning 2015
Circulation/Infection
• Three types of malware have the primary traits of
circulation and/or infections:
– Viruses
– Worms
– Trojans
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
6

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition

Viruses
 Computer virus – malicious computer code that
reproduces itself on the same computer
 Program virus – infects an executable program file
 Macro – a series of instructions that can be
grouped together as a single command
– Common data file virus is a macro virus that is
written in a script known as a macro
• Virus infection methods:
 Appender infection – virus appends itself to end of a
file
• Easily detected by virus scanners
7
© Cengage Learning 2015
Viruses
• Virus infection methods (cont’d.)
 Swiss cheese infection – viruses inject themselves
into executable code
• Virus code is “scrambled” to make it more difficult to
detect
 Split infection – virus splits into several parts
• Parts placed at random positions in host program
• The parts may contain unnecessary “garbage” doe to
mask their true purpose
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
8
© Cengage Learning 2015
Viruses
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
9
© Cengage Learning 2015
Viruses
• Viruses perform two actions:
– Unloads a payload to perform a malicious action
– Reproduces itself by inserting its code into another
file on the same computer
• Examples of virus actions
– Cause a computer to repeatedly crash
– Erase files from or reformat hard drive
– Turn off computer’s security settings
– Reformat the hard disk drive
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
10
© Cengage Learning 2015
Viruses
• Viruses cannot automatically spread to another
computer
– Relies on user action to spread
• Viruses are attached to files
• Viruses are spread by transferring infected files
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
11
© Cengage Learning 2015
Worms
 Worm – malicious program that uses a computer
network to replicate
– Sends copies of itself to other network devices
• Worms may:
– Consume resources or
– Leave behind a payload to harm infected systems
• Examples of worm actions
– Deleting computer files
– Allowing remote control of a computer by an attacker
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
12
© Cengage Learning 2015
Trojans
 Trojan horse (Trojan) – an executable program
that does something other than advertised
– Contain hidden code that launches an attack
– Sometimes made to appear as data file
• Example
– User downloads “free calendar program”
• Program scans system for credit card numbers and
passwords
• Transmits information to attacker through network
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
13
© Cengage Learning 2015
Trojans
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
14

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition		 15

Concealment
 Rootkits – software tools used by an attacker to
hide actions or presence of other types of malicious
software
– Hide or remove traces of log-in records, log entries
• May alter or replace operating system files with
modified versions that are specifically designed to
ignore malicious activity
• Users can no longer trust their computer that
contains a rootkit
– The rootkit is in charge and hides what is occurring
on the computer

© Cengage Learning 2015
Payload Capabilities
• The destructive power of malware can be found in
its payload capabilities
• Primary payload capabilities are to:
– Collect data
– Delete data
– Modify system security settings
– Launch attacks
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
16
© Cengage Learning 2015
Collect Data
• Different types of malware are designed to collect
important data from the user’s computer and make
it available at the attacker
• This type of malware includes:
– Spyware
– Adware
– Ransomware
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
17
CompTIA Security+ Guide to Network Security Fundamentals, © Cengage Learning 2015
Fifth Edition
Collect Data
 Spyware – software that gathers information without
user consent
– Uses the computer’s resources for the purposes of
collecting and distributing personal or sensitive
information
 Keylogger – captures and stores each keystroke
that a user types on the computer’s keyboard
– Attacker searches the captured text for any useful
information such as passwords, credit card numbers,
or personal information
18
CompTIA Security+ Guide to Network Security Fundamentals, © Cengage Learning 2015
Fifth Edition
Collect Data
• A keylogger can be a small hardware device or a
software program
– As a hardware device, it is inserted between the
computer keyboard connection and USB port
– Software keyloggers are programs installed on the
computer that silently capture information
• An advantage of software keyloggers is that they do
not require physical access to the user’s computer
– Often installed as a Trojan or virus, can send
captured information back to the attacker via Internet
19
CompTIA Security+ Guide to Network Security Fundamentals, © Cengage Learning 2015
Fifth Edition
Collect Data
20
CompTIA Security+ Guide to Network Security Fundamentals, © Cengage Learning 2015
Fifth Edition
Collect Data
 Adware – program that delivers advertising content
in manner unexpected and unwanted by the user
– Typically displays advertising banners and pop-up
ads
– May open new browser windows randomly
• Adware can also perform tracking of online activities
– Information is gathered by adware and sold to
advertisers
21
CompTIA Security+ Guide to Network Security Fundamentals, © Cengage Learning 2015
Fifth Edition
Collect Data
 Ransomware – prevents a user’s device from
properly operating until a fee is paid
– Is highly profitable
– Nearly 3 percent of those users who have been
infected pay the ransom without questions,
generating almost $5 million annually
• A variation of ransomware displays a fictitious
warning that there is a problem and users must
purchase additional software online to fix the
problem
22
CompTIA Security+ Guide to Network Security Fundamentals, © Cengage Learning 2015
Fifth Edition
Collect Data
23
© Cengage Learning 2015
Delete Data
• The payload of other types of malware deletes data
on the computer
• Logic bomb – computer code that lies dormant until
it is triggered by a specific logical event
– Difficult to detect before it is triggered
– Often embedded in large computer programs that
are not routinely scanned
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
24
© Cengage Learning 2015
Modify System Security
• Backdoor – gives access to a computer, program,
or service that circumvents normal security to give
program access
– When installed on a computer, they allow the
attacker to return at a later time and bypass security
settings
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
25

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition		 26

Launch Attacks
 Zombie – an infected computer that is under the
remote control of an attacker
• Groups of zombie computers are gathered into a
logical computer network called a botnet under the
control of the attacker (bot herder)
• Infected zombie computers wait for instructions
through a command and control (C&C) structure
from bot herders
– A common C&C mechanism used today is HTTP,
which is more difficult to detect and block

© Cengage Learning 2015
Launch Attacks
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
27
© Cengage Learning 2015
Social Engineering Attacks
 Social engineering – a means of gathering
information for an attack by relying on the
weaknesses of individuals
• Social engineering attacks can involve
psychological approaches as well as physical
procedures
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
28

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition		 29

Psychological Approaches
• Psychological approaches goal: to persuade the
victim to provide information or take action
• Attackers use a variety of techniques to gain trust
without moving quickly:
– Attacker will ask for only small amounts of
information
– The request needs to be believable
– Will use slight flattery or flirtation to “soften up” victim
– Attacker “pushes the envelope” to get information
– Attacker may smile and ask for help

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition		 30

Impersonation
 Impersonation – attacker pretends to be someone
else:
– Help desk support technician
– Repairperson
– Manager
– Trusted third party
– Fellow employee
• Attacker will often impersonate a person with
authority because victims generally resist saying
“no” to anyone in power

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition

Phishing
 Phishing – sending an email claiming to be from
legitimate source
– Tries to trick user into giving private information
• Many phishing attacks have these common features:
 Deceptive web links
 Logos
 Urgent request
• Variations of phishing attacks
 Pharming – automatically redirects user to a
fraudulent Web site
31
© Cengage Learning 2015
Phishing
• Variations of phishing (cont’d.)
 Spear phishing – email messages target specific
users
 Whaling – going after the “big fish”
• Targeting wealthy individuals
 Vishing (voice phishing)
• Attacker calls victim with recorded “bank” message
with callback number
• Victim calls attacker’s number and enters private
information
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
32
© Cengage Learning 2015
Phishing
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
33

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition

Spam
 Spam – unsolicited e-mail
– Primary vehicles for distribution of malware
– Sending spam is a lucrative business
• Cost spammers very little to send millions of spam
messages
• Filters look for specific words and block the email
 Image spam – uses graphical images of text in
order to circumvent text-based filters
– Often contains nonsense text so it appears
legitimate
34
© Cengage Learning 2015
Spam
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
35
© Cengage Learning 2015
Hoaxes
 Hoaxes – a false warning, usually claiming to come
from the IT department
• Attackers try to get victims to change configuration
settings on their computers that would allow the
attacker to compromise the system
• Attackers may also provide a telephone number for
the victim to call for help, which will put them in
direct contact with the attacker
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
36
© Cengage Learning 2015
Typo Squatting
 Typo squatting – redirecting a user to a fictitious
website based on a misspelling of the URL
– Also called URL hijacking
• Example: typing goggle.com instead of google.com
• Attackers purchase the domain names of sites that
are spelled similarly to actual sites
– Many may contain a survey that promises a chance
to win prizes or will be filled with ads
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
37
© Cengage Learning 2015
Watering Hole Attack
 Watering hole attack – a malicious attack that is
directed toward a small group of specific individuals
who visit the same website
• Example:
– Major executives working for a manufacturing
company may visit a common website, such as a
parts supplier to the manufacturer
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
38

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition		 39

Physical Procedures
 Dumpster diving
– Digging through trash to find information that can be
useful in an attack
 Tailgating
– Following behind an authorized individual through an
access door
– An employee could conspire with an unauthorized
person to allow him to walk in with him (called
piggybacking)
– Watching an authorized user enter a security code
on a keypad is known as shoulder surfing

© Cengage Learning 2015
Physical Procedures
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
40
© Cengage Learning 2015
Summary
• Malware is malicious software that enters a
computer system without the owner’s knowledge or
consent
• Malware that spreads include computer viruses,
worms, and Trojans
• Spyware is software that secretly spies on users by
collecting information without their consent
• Type of spyware include keylogger, adware and
ransomware
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
41

© Cengage Learning 2015 CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition		 42

Summary
• A logic bomb is computer code that is typically
added to a legitimate program but lies dormant until
triggered by a specific logical event
• A backdoor gives access to a computer, program,
or service that circumvents any normal security
protections
• One of the most popular payloads of malware
today carried out by Trojans, worms, and viruses is
software that will allow the infected computer to be
placed under the remote control of an attacker
(infected computer is known as a zombie)

© Cengage Learning 2015
Summary
• Social engineering is a means of gathering
information for an attack from individuals
• Types of social engineering approaches include
phishing, dumpster diving, and tailgating
• Typo squatting (URL hijacking) takes advantage of
user misspellings to direct them to fake websites
• A watering hole attack is directed toward a smaller
group of specific individuals, such as major
executives working for a manufacturing company
CompTIA Security+ Guide to Network Security Fundamentals,
Fifth Edition
43

The post Describe the types appeared first on My Assignment Tutor.



Logo GET THIS PAPER COMPLETED FOR YOU FROM THE WRITING EXPERTS  CLICK HERE TO ORDER 100% ORIGINAL PAPERS AT PrimeWritersBay.com

Comments

Post a Comment

Popular posts from this blog

Should pit bull terriers be banned in my community

 Discussion Forum: Counterarguments (Should pit bull terriers be banned in my community) You created a question about the topic for your W6 Rough Draft. For this discussion, you will give an answer to that question in the form of a thesis statement. "Dieting Makes People Fat" Main Post: Share your thesis statement with your classmates. Please note: As with last week’s discussion, nothing here is set in stone. Be open to changing everything about your topic, including your position and audience, as you research it and get feedback from your classmates. Topic + Position/Purpose + Supporting Points =Thesis Statement Example: Suppose the question you posed in the Week 5 discussion was something like, “Should pit bull terriers be banned in my community?” After doing some preliminary research, you have concluded that pit bulls, if raised properly, are no more dangerous than other breeds of dogs. Your thesis statement can be something like, “Pitbulls should not be banned
Post a Comment
Read more

Controversy Associated With Dissociative Disorders

 Assignment: Controversy Associated With Dissociative Disorders The  DSM-5-TR  is a diagnostic tool. It has evolved over the decades, as have the classifications and criteria within its pages. It is used not just for diagnosis, however, but also for billing, access to services, and legal cases. Not all practitioners are in agreement with the content and structure of the  DSM-5-TR , and dissociative disorders are one such area. These disorders can be difficult to distinguish and diagnose. There is also controversy in the field over the legitimacy of certain dissociative disorders, such as dissociative identity disorder, which was formerly called multiple personality disorder. In this Assignment, you will examine the controversy surrounding dissociative disorders. You will also explore clinical, ethical, and legal considerations pertinent to working with patients with these disorders. Photo Credit: Getty Images/Wavebreak Media To Prepare · Review this week’s Learning
Post a Comment
Read more

CYBER SECURITY and how it can impact today's healthcare system and the future

 Start by reading and following these instructions: Create your Assignment submission and be sure to cite your sources, use APA style as required, and check your spelling. Assignment: Recommendations Document Due Week 6 (100 pts) Main Assignment Recommendations Document The 1250 to 1500-word deliverable for this week is an initial draft of your recommendations. Note that this is a working document and may be modified based on insights gained in module eight and your professor's feedback. This document should contain the following elements: Summary of your problem or opportunity definition A list of possible recommendation alternatives. In this section, you are not yet at the point of suggesting the best set of recommendations but you are trying to be creative and explore all the different ways that the problem or opportunity might best be addressed. The end result here will be a list of alternatives among which you will choose your final recom
Post a Comment
Read more