Please enable JavaScript.
Coggle requires JavaScript to display documents.
ITCS: Malware (Phishing (Types (Email phishing (Spotting (links (always…
ITCS: Malware
Phishing
Pretend to be trustowrthy party
form of social engineering
steal valuable information
relies on people trstuing official messages
Types
Email phishing
spam
smtp weakenss: many mail servers still accept unauthenticated messages
spoofing
Spotting
Spelling mistakes
who is it
poor quality images
cotent of the email
links
always however over link to see actual link
social media phishing
Botnets
thousands or even millions of computers running the same program
some harmless botnets
eg used for internet relay chat
spread through viruses and worms
Infected computer = Zombie
Problems caused
floot internet with messages
commit fraud against advertisers
DDoS
Viruses
Writen to insert copies of itself into data
Self replicating
attach to applications
activated when program is first run
Worms
self-replicating
standalone application (unlike virus)
spread through network connections
Four stages in a worm attack
Worm probes
Penetrate vulnerable machines
Worm will down itself to remote machine and stored - persist stage
Worm will propagate itself to new machines
Reasons why malware is created
Many reasons
Intellectual curisotiy
Financial gain
Corporate espoinage
Trojan
Disguises as legitimate program
Some work is isolation
Some rely on networks
Transmit stolen information
allow attackers to bypass security features
Keeping yourself protected
Signatures
Distinctive pattern of data (memory or file) of a program
antivirus program contains thousands of signatures
zero-day attack
when antivirus software doesnt know signatures
sophisticated malware has ability to change its program
polymorphic or metamorphic
Heruistics
use rules to identify viruses based on previous experience of known viruses
may excuted suspicous programs in a virtual machine
based on behaviour
Installing antivirus
Is it compatible?
Reputable source?
Does it provide updates to protect agaisnt latest malware?
Sandboxes and Code signing
Sandbox
way for computers to run programs in controlle enviroment
used widely in modern web browsers
prevent internet cotnent causing damage to files on the computer
Code signing
use of cryptography
software companies issue digitally signed copies of their programs
can be checked by recipients for authenticiity
Used to guarantee OS updates are genuine
drivers