Study Notes on Computer Viruses and Worms

Computer Viruses

• Definition: Computer viruses replicate from one system to another, requiring user interaction (e.g., clicking a link).

• Effects: Cause outages and downtime; some can remain undetected in the background.

• Antivirus Software: Essential for detecting and preventing virus infections; updates signature files regularly for effective protection.

Types of Viruses

• Executable Viruses: Triggered by running programs or links.

• Boot Sector Viruses: Activate automatically during system boot.

• Macro Viruses: Exploit vulnerabilities in scripting features (e.g., Microsoft Office macros).

• Fileless Viruses: Operate entirely in a system's memory without writing to storage; can evade detection by traditional antivirus software.

• Infection Process: Typically starts with user action, exploits software vulnerabilities, and relies on existing system tools like PowerShell to download malicious scripts.

• Persistence Mechanism: Fileless viruses often modify the system registry for autostart on reboot.

Worms

• Definition: Malicious software that self-replicates without user interaction, spreading quickly across networks.

• Propagation: Efficient replication using network speed; no user intervention required.

• Preventative Measures: Network-based firewalls and intrusion prevention systems are crucial for controlling worm propagation.

• Example: WannaCry worm - replicated through network vulnerabilities, installing ransomware to encrypt files on infected systems. Infection escalated via exploitation techniques like EternalBlue.