Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Explain how an appender infection works.

22/12/2020 Client: saad24vbs Deadline: 10 Days

Security+ Guide to Network Security Fundamentals,

Fourth Edition


Chapter 2


Malware and Social Engineering Attacks


*


Objectives


Describe the differences between a virus and a worm

List the types of malware that conceals its appearance

Identify different kinds of malware that is designed for profit

Describe the types of social engineering psychological attacks

Explain physical social engineering attacks

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Attacks Using Malware


Malicious software (malware)

Enters a computer system:

Without the owner’s knowledge or consent

Refers to a wide variety of damaging or annoying software

Primary objectives of malware

Infecting systems

Concealing its purpose

Making profit

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads


Viruses

Malicious computer code that reproduces itself on the same computer

Virus infection methods

Appender infection

Virus appends itself to end of a file

Moves first three bytes of original file to virus code

Replaces them with a jump instruction pointing to the virus code

*


Women’s Health Magazine


*


Malware That Spreads (cont’d.)


Virus infection methods (cont’d.)

Swiss cheese infection

Viruses inject themselves into executable code

Original code transferred and stored inside virus code

Host code executes properly after the infection

Split infection

Virus splits into several parts

Parts placed at random positions in host program

Head of virus code starts at beginning of file

Gives control to next piece of virus code

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


When infected program is launched:

Virus replicates itself by spreading to another file on same computer

Virus activates its malicious payload

Viruses may display an annoying message:

Or be much more harmful

Examples of virus actions

Cause a computer to repeatedly crash

Erase files from or reformat hard drive

Turn off computer’s security settings

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Spreads (cont’d.)


*


Figure 2-4 Annoying virus message


© Cengage Learning 2012


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


Security+ Guide to Network Security Fundamentals, Fourth Edition


Virus cannot automatically spread to another computer

Relies on user action to spread

Viruses are attached to files

Viruses are spread by transferring infected files

Recent Postal Service example

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


Types of computer viruses

Program

Infects executable files

Macro

Executes a script

Resident

Virus infects files opened by user or operating system

Boot virus

Infects the Master Boot Record

Companion virus

Adds malicious copycat program to operating system

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


Types of computer viruses (cont’d.)

Tunneling virus

Installs under anti-virus system & intercepts OS calls

Armored virus

Thwarts attempts to examine its code

Multipartite virus

Can infect exe files & boot sectors

Polymorphic virus

Changes tis virus signature

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Spreads (cont’d.)


Worm

Malicious program

Exploits application or operating system vulnerability

Sends copies of itself to other network devices

Worms may:

Consume resources or

Leave behind a payload to harm infected systems

Examples of worm actions

Deleting computer files

Allowing remote control of a computer by an attacker

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Conceals


Trojans

Program that does something other than advertised

Typically executable programs

Contain hidden code that launches an attack

Typically created using Visual Basic scripting language

Sometimes made to appear as data file

Example

User downloads “free calendar program”

Program scans system for credit card numbers and passwords

Transmits information to attacker through network

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Conceals (cont’d.)


Rootkits

Software tools used by an attacker to hide actions or presence of other types of malicious software

Hide or remove traces of log-in records, log entries

May alter or replace operating system files with modified versions:

Specifically designed to ignore malicious activity

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Conceals (cont’d.)


Rootkits can be detected using programs that compare file contents with original files

Rootkits that operate at operating system’s lower levels:

May be difficult to detect

Removal of a rootkit can be difficult

Rootkit must be erased

Original operating system files must be restored

Reformat hard drive and reinstall operating system

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Malware That Conceals (cont’d.)


Logic bomb: eg: Michelangelo Virus (March 6)

Computer code that lies dormant

Triggered by a specific logical event

Then performs malicious activities

Difficult to detect before it is triggered

Backdoor

Software code that circumvents normal security to give program access

Common practice by developers

Intent is to remove backdoors in final application

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Table 2-2 Famous logic bombs


Malware That Conceals (cont’d.)


Roll Summary Video


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits


Botnets

Computer is infected with program that allows it to be remotely controlled by attacker

Often payload of Trojans, worms, and viruses

Infected computer called a zombie

Groups of zombie computers together called botnet

Early botnet attackers used Internet Relay Chat to remotely control zombies

HTTP is often used today

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Botnets


Botnets’ advantages for attackers

Operate in the background:

Often with no visible evidence of existence

Provide means for concealing actions of attacker

Can remain active for years

Large percentage of zombies are accessible at a given time

Due to growth of always-on Internet services

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Table 2-3 Uses of botnets


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Spyware

Software that gathers information without user consent

Usually used for:

Advertising

Collecting personal information

Changing computer configurations

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Spyware’s negative effects

Slows computer performance

Causes system instability

May install new browser menus or toolbars

May place new shortcuts

May hijack home page

Causes increased pop-ups

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Adware

Program that delivers advertising content:

In manner unexpected and unwanted by the user

Typically displays advertising banners and pop-up ads

May open new browser windows randomly

Can also perform tracking of online activities

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Keyloggers

Program that captures user’s keystrokes

Information later retrieved by attacker

Attacker searches for useful information

Passwords

Credit card numbers

Personal information

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


Malware That Profits (cont’d.)


Keyloggers (cont’d.)

Can be a small hardware device

Inserted between computer keyboard and connector

Unlikely to be detected

Attacker physically removes device to collect information

*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks


Directly gathering information from individuals

Relies on trusting nature of individuals

Psychological approaches

Goal: persuade the victim to provide information or take action

Flattery or flirtation

Conformity

Friendliness

Youtube: “Mitnick fakes way into LA Telco Central Office”

See also “Freedom Downtime”

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Attacker will ask for only small amounts of information

Often from several different victims

Request needs to be believable

Attacker “pushes the envelope” to get information:

Before victim suspects anything

Attacker may smile and ask for help

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks


Kevin Mitnick Video Example

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Impersonation

Attacker pretends to be someone else

Help desk support technician

Repairperson

Trusted third party

Individuals in roles of authority

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Phishing

Sending an email claiming to be from legitimate source

May contain legitimate logos and wording

Tries to trick user into giving private information

Variations of phishing

Pharming

Automatically redirects user to fraudulent Web site

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Variations of phishing (cont’d.)

Spear phishing

Email messages target specific users

Whaling

Going after the “big fish”

Targeting wealthy individuals

Vishing (voice phishing)

Attacker calls victim with recorded “bank” message with callback number

Victim calls attacker’s number and enters private information

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


SIGNS


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Spam

Unsolicited e-mail

Primary vehicles for distribution of malware

Sending spam is a lucrative business

Spim: targets instant messaging users

Image spam

Uses graphical images of text

Circumvents text-based filters

Often contains nonsense text

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Hoaxes

False warning or claim

May be first step in an attack

Physical procedures

Dumpster diving

Digging through trash to find useful information

Tailgating

Following behind an authorized individual through an access door

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Table 2-5 Dumpster diving items and their usefulness


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Social Engineering Attacks (cont’d.)


Methods of tailgating

Tailgater calls “please hold the door”

Waits outside door and enters when authorized employee leaves

Employee conspires with unauthorized person to walk together through open door

Shoulder surfing

Casually observing user entering keypad code

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Summary


Malware is software that enters a computer system without the owner’s knowledge or consent

Malware that spreads include computer viruses and worms

Malware that conceals include Trojans, rootkits, logic bombs, and backdoors

Malware with a profit motive includes botnets, spyware, adware, and keyloggers

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Summary (cont’d.)


Social engineering is a means of gathering information for an attack from individuals

Types of social engineering approaches include phishing, impersonation, dumpster diving, and tailgating

Security+ Guide to Network Security Fundamentals, Fourth Edition


*


Security+ Guide to Network Security Fundamentals, Fourth Edition


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


*


Applied Sciences

Architecture and Design

Biology

Business & Finance

Chemistry

Computer Science

Geography

Geology

Education

Engineering

English

Environmental science

Spanish

Government

History

Human Resource Management

Information Systems

Law

Literature

Mathematics

Nursing

Physics

Political Science

Psychology

Reading

Science

Social Science

Home

Blog

Archive

Contact

google+twitterfacebook

Copyright © 2019 Homework

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Calculation Guru
University Coursework Help
Helping Hand
Writer Writer Name Offer Chat
Calculation Guru

ONLINE

Calculation Guru

I see that your standard of work is to get content for articles. Well, you are in the right place because I am a professional content writer holding a PhD. in English, as well as having immense experience in writing articles for a vast variety of niches and category such as newest trends, health issues, entertainment, technology, etc and I will make sure your article has all the key pointers and relevant information, Pros, Cons and basically all the information that a perfect article needs with good research. Your article is guaranteed to be appealing, attractive, engaging, original and passed through Copyscape for the audience so once they start reading they keep asking for more and stay interested.

$70 Chat With Writer
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$77 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$75 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Fluke 73 ii multimeter - Brown eyes blue eyes jane elliott video - Ieee transactions on industrial informatics - The slippery slope of litigating geologic hazards answers - United parcel service annual report - Photosynthesis and cellular respiration practice test - The Grant Era and the New South Discussion - Capital budgeting quiz questions and answers - Daksh gupta net worth - Long term care week 6 - Marketing teacher swot analysis - Spd electrical protection handbook - East lancs financial services - Hallidays functions of language - The disappearance of the golden toad worksheet answers - At 9000 direct labor hours the flexible budget - Two essays about innovation company - Calculus - Red flag signs in child development ppt - If prices fall, then real wealth __________ and the quantity of aggregate demand __________. - Unit 8 Philosophy paper - Ethical principles of nursing australia - QUIZ - Discussion #6A1 - International causes of the great depression - Palisade creek co closing entries - Betta electrical emerald qld - Week 10 Discussion for Bus 599 - Abercrombie and fitch market segmentation - What are some borrowed theories in nursing - Ethical dilemma and ethical lapse - Triaxial shear test lab manual - Chemical storage segregation chart - Is 1000 meters a kilometer - Chinese healthcare beliefs and practices - Marriott corporation the cost of capital case - Harvey norman te rapa - Alliteration in the happiest refugee - Raisin and the sun pdf - Xim tile doc epoxy acrylic coating aerosol - The futile pursuit of happiness - Physics, Le - 2016 vcaa specialist exam 1 - Swot analysis - Cultural Distinction for Discussion Board - 3403 184 forbes street - DISCUSSION WEEK ,Qualitative Research Design - Respond to all 4 discussion boards. - Discussion Board: The Link Between Aetna's Goals and Its Diversity Outcomes - Define segregation and integration - Amoeba sisters alleles and genes video recap answer key - Professional career action plan paper - Sennoside docusate 8.6 50 mg tablet - Tier 3 words examples - Calculating specific heat worksheet answers - Kwl chart special education and learning disabilities - The supply of loanable funds is perfectly elastic - Sas metal ceiling tiles - What is a job plan - What planet is orange colored dot - Which communication method would score highest in channel richness - City of san clemente building department - Alternate or parallel forms reliability - Icheme hazop leader accreditation - Colleagues Response week 2 - EZ Furniture Wholesalers, Inc. - Hyperbole for loud noise - Phet simulation circuit construction kit - Water can kill exploring effects of osmosis answer key - Birthplace of three religions - Southwest airlines financial analysis 2016 - Jtc import export pty ltd - Amazon.com/amazon-prime-one-year-membership/dp/b00dbybnee - Whitman edu virtual pig dissection - Sustainability plan example childcare - Student Loan Debt Policy - Case 4 537 - The pre socratic philosophers were searching for - Lesson 17 openness and concealment answers - The other wes moore chapter 1 questions and answers - Response to Week Discussion 7 - Decision making multiple choice questions - The interesting narrative of the life of olaudah equiano questions - Describe the historical development of the FBI’s Uniform Crime Reporting Program - 5 page essay accounting and tax laws - Disadvantages of oil circuit breaker - Comparison between glycolysis and gluconeogenesis - Human growth and development - Supportive Psychotherapy Versus Interpersonal Psychotherapy - Minitab data labels decimal places - Toshiba ssd trim utility - Additional funds needed problems and solutions - Article Assignment - Case study / 4~5 pages / need it within 24 hours - Orange oblong pill 153 half moon - Pleasantville movie questions answers - Scale of the univers - Information Systems - A seller uses a perpetual inventory system - Case Study Report