Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Explain how an appender infection works.

22/12/2020 Client: saad24vbs Deadline: 10 Days

Security+ Guide to Network Security Fundamentals,

Fourth Edition


Chapter 2


Malware and Social Engineering Attacks


*


Objectives


Describe the differences between a virus and a worm

List the types of malware that conceals its appearance

Identify different kinds of malware that is designed for profit

Describe the types of social engineering psychological attacks

Explain physical social engineering attacks

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Attacks Using Malware


Malicious software (malware)

Enters a computer system:

Without the owner’s knowledge or consent

Refers to a wide variety of damaging or annoying software

Primary objectives of malware

Infecting systems

Concealing its purpose

Making profit

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads


Viruses

Malicious computer code that reproduces itself on the same computer

Virus infection methods

Appender infection

Virus appends itself to end of a file

Moves first three bytes of original file to virus code

Replaces them with a jump instruction pointing to the virus code

*


Women’s Health Magazine


*


Malware That Spreads (cont’d.)


Virus infection methods (cont’d.)

Swiss cheese infection

Viruses inject themselves into executable code

Original code transferred and stored inside virus code

Host code executes properly after the infection

Split infection

Virus splits into several parts

Parts placed at random positions in host program

Head of virus code starts at beginning of file

Gives control to next piece of virus code

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


When infected program is launched:

Virus replicates itself by spreading to another file on same computer

Virus activates its malicious payload

Viruses may display an annoying message:

Or be much more harmful

Examples of virus actions

Cause a computer to repeatedly crash

Erase files from or reformat hard drive

Turn off computer’s security settings

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Spreads (cont’d.)


*


Figure 2-4 Annoying virus message


© Cengage Learning 2012


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


Security+ Guide to Network Security Fundamentals, Fourth Edition


Virus cannot automatically spread to another computer

Relies on user action to spread

Viruses are attached to files

Viruses are spread by transferring infected files

Recent Postal Service example

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


Types of computer viruses

Program

Infects executable files

Macro

Executes a script

Resident

Virus infects files opened by user or operating system

Boot virus

Infects the Master Boot Record

Companion virus

Adds malicious copycat program to operating system

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


Types of computer viruses (cont’d.)

Tunneling virus

Installs under anti-virus system & intercepts OS calls

Armored virus

Thwarts attempts to examine its code

Multipartite virus

Can infect exe files & boot sectors

Polymorphic virus

Changes tis virus signature

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


Worm

Malicious program

Exploits application or operating system vulnerability

Sends copies of itself to other network devices

Worms may:

Consume resources or

Leave behind a payload to harm infected systems

Examples of worm actions

Deleting computer files

Allowing remote control of a computer by an attacker

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Conceals


Trojans

Program that does something other than advertised

Typically executable programs

Contain hidden code that launches an attack

Typically created using Visual Basic scripting language

Sometimes made to appear as data file

Example

User downloads “free calendar program”

Program scans system for credit card numbers and passwords

Transmits information to attacker through network

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Conceals (cont’d.)


Rootkits

Software tools used by an attacker to hide actions or presence of other types of malicious software

Hide or remove traces of log-in records, log entries

May alter or replace operating system files with modified versions:

Specifically designed to ignore malicious activity

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Conceals (cont’d.)


Rootkits can be detected using programs that compare file contents with original files

Rootkits that operate at operating system’s lower levels:

May be difficult to detect

Removal of a rootkit can be difficult

Rootkit must be erased

Original operating system files must be restored

Reformat hard drive and reinstall operating system

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Conceals (cont’d.)


Logic bomb: eg: Michelangelo Virus (March 6)

Computer code that lies dormant

Triggered by a specific logical event

Then performs malicious activities

Difficult to detect before it is triggered

Backdoor

Software code that circumvents normal security to give program access

Common practice by developers

Intent is to remove backdoors in final application

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Table 2-2 Famous logic bombs


Malware That Conceals (cont’d.)


Roll Summary Video


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits


Botnets

Computer is infected with program that allows it to be remotely controlled by attacker

Often payload of Trojans, worms, and viruses

Infected computer called a zombie

Groups of zombie computers together called botnet

Early botnet attackers used Internet Relay Chat to remotely control zombies

HTTP is often used today

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Botnets


Botnets’ advantages for attackers

Operate in the background:

Often with no visible evidence of existence

Provide means for concealing actions of attacker

Can remain active for years

Large percentage of zombies are accessible at a given time

Due to growth of always-on Internet services

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Table 2-3 Uses of botnets


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Spyware

Software that gathers information without user consent

Usually used for:

Advertising

Collecting personal information

Changing computer configurations

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Spyware’s negative effects

Slows computer performance

Causes system instability

May install new browser menus or toolbars

May place new shortcuts

May hijack home page

Causes increased pop-ups

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Adware

Program that delivers advertising content:

In manner unexpected and unwanted by the user

Typically displays advertising banners and pop-up ads

May open new browser windows randomly

Can also perform tracking of online activities

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Keyloggers

Program that captures user’s keystrokes

Information later retrieved by attacker

Attacker searches for useful information

Passwords

Credit card numbers

Personal information

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Keyloggers (cont’d.)

Can be a small hardware device

Inserted between computer keyboard and connector

Unlikely to be detected

Attacker physically removes device to collect information

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks


Directly gathering information from individuals

Relies on trusting nature of individuals

Psychological approaches

Goal: persuade the victim to provide information or take action

Flattery or flirtation

Conformity

Friendliness

Youtube: “Mitnick fakes way into LA Telco Central Office”

See also “Freedom Downtime”

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Attacker will ask for only small amounts of information

Often from several different victims

Request needs to be believable

Attacker “pushes the envelope” to get information:

Before victim suspects anything

Attacker may smile and ask for help

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks


Kevin Mitnick Video Example

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Impersonation

Attacker pretends to be someone else

Help desk support technician

Repairperson

Trusted third party

Individuals in roles of authority

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Phishing

Sending an email claiming to be from legitimate source

May contain legitimate logos and wording

Tries to trick user into giving private information

Variations of phishing

Pharming

Automatically redirects user to fraudulent Web site

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Variations of phishing (cont’d.)

Spear phishing

Email messages target specific users

Whaling

Going after the “big fish”

Targeting wealthy individuals

Vishing (voice phishing)

Attacker calls victim with recorded “bank” message with callback number

Victim calls attacker’s number and enters private information

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


SIGNS


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Spam

Unsolicited e-mail

Primary vehicles for distribution of malware

Sending spam is a lucrative business

Spim: targets instant messaging users

Image spam

Uses graphical images of text

Circumvents text-based filters

Often contains nonsense text

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Hoaxes

False warning or claim

May be first step in an attack

Physical procedures

Dumpster diving

Digging through trash to find useful information

Tailgating

Following behind an authorized individual through an access door

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Table 2-5 Dumpster diving items and their usefulness


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Methods of tailgating

Tailgater calls “please hold the door”

Waits outside door and enters when authorized employee leaves

Employee conspires with unauthorized person to walk together through open door

Shoulder surfing

Casually observing user entering keypad code

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Summary


Malware is software that enters a computer system without the owner’s knowledge or consent

Malware that spreads include computer viruses and worms

Malware that conceals include Trojans, rootkits, logic bombs, and backdoors

Malware with a profit motive includes botnets, spyware, adware, and keyloggers

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Summary (cont’d.)


Social engineering is a means of gathering information for an attack from individuals

Types of social engineering approaches include phishing, impersonation, dumpster diving, and tailgating

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


Applied Sciences

Architecture and Design

Biology

Business & Finance

Chemistry

Computer Science

Geography

Geology

Education

Engineering

English

Environmental science

Spanish

Government

History

Human Resource Management

Information Systems

Law

Literature

Mathematics

Nursing

Physics

Political Science

Psychology

Reading

Science

Social Science

Home

Blog

Archive

Contact

google+twitterfacebook

Copyright © 2019 Homework

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Calculation Guru
University Coursework Help
Helping Hand
Writer Writer Name Offer Chat
Calculation Guru

ONLINE

Calculation Guru

I see that your standard of work is to get content for articles. Well, you are in the right place because I am a professional content writer holding a PhD. in English, as well as having immense experience in writing articles for a vast variety of niches and category such as newest trends, health issues, entertainment, technology, etc and I will make sure your article has all the key pointers and relevant information, Pros, Cons and basically all the information that a perfect article needs with good research. Your article is guaranteed to be appealing, attractive, engaging, original and passed through Copyscape for the audience so once they start reading they keep asking for more and stay interested.

$70 Chat With Writer
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$77 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$75 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Domestic notice to statistically close case - What is the liability to equity ratio of chester - Dr mike israetel height weight - Www ticketlink com au - Rc willey independence day sale - Dr deb travel doctor - Jane yolen america's cinderella - Statistical Thinking - What is dorothea orem's self care theory - Trial of Socrates - Junit Test Cases - Dimensions of an a2 - During may joliet fabrics corporation manufactured - Cisco unified workforce optimization - Guo nian hao translation - The yellow wallpaper notes - Lame v3 99.3 for windows exe - Tm 11 5820 890 13&p 10 - A level physics springs - Seo first year fast track - How to make 75 cents - Sodium borohydride reduction of 2 methylcyclohexanone - Question answer Nursing Essay - Application of hysteresis motor - What is environmental scanning in management - Assignment 1 - A 90 kg person rides a spinning amusement park ride - Criminology books for css pdf - How to do dupont analysis - Discuss data visualization - Foundation In Special Education - Week - 7 phy sec discussion - Www southamptonvts co uk - Is aluminum foil a good conductor - Slope intercept form - Provisional balance sheet excel format - Paradise lost baltimore - Construction industry institute membership - How to enter charges in epic - Project network diagram calculator - Cjjs - Blue in great gatsby - Research Paper In American Literature I - Week 10 - Marketing - 3 plate mold opening sequence - The eagle of zeus - Future of the juvenile justice system proposal presentation - New york care information gateway - Importance of ERM usage in organizations. - Louis p pojman ethics discovering right and wrong - Event Planning - Sam cengage excel project 7 - How to see webassign answers - Go all in one computer concepts and applications answers - Cross cultural essay topics - For your advice please - Assignment #1: Research Specialty Care Paper .Rubric attached - The village surgery wheathampstead - Rules for assigning oxidation states - What's driving porsche case study - Critical evaluation essay thesis statement and outline - A role set refers to - Document Analysis Worksheet - Ecology of the West - 10 page Economics Paper plus reference page about UBER. APA format. 100 % plagarism free! - The following information is from the annual financial statements of raheem company. - What is the theme of a sorrowful woman - What were the most compelling topics learned in this course - Electrolyte ppt presentation - 2 Responses to discussion. Leadership - Academic Success and Professional Development Plan Part 2: Academic Resources and Strategies - Purification of Bovine Brian Tubulins - Answer the question, one page ,and reply - Cambridge international examinations english language - Past tense of build - Identifying hazards in occupational environments ati - Xmlpad 3.0 2.1 free download - Pop evil university of michigan song - Prose in english literature - Semplica girl diaries pdf - La camarera te sirvió el plato de pasta con mariscos - Leadership - Unfolding clinical reasoning case study answers - Jaworski's ski store is completing the accounting process - What is checklist observation method - Big boeing fmc user's guide - 500-700 Argument Essay (Critical Thinking) - Leonardo da vinci fibonacci - Companies that use personal selling - The gruffalo in scots - The royalton banquet hall - Automobile airbags contain solid sodium - 42 customers increased by 50 - Powerpoint - Ups mission statement analysis - 5 weightless shoulder isolation - Clean edge razor case study solution - Financial accounting craig deegan - How do you figure square miles - 600 ml to liters - What is my worst subject quiz