Computer Malware and Security Concepts Study Notes

  • Information Attacks

    • Attacks on computer systems and networks involve broader considerations beyond just the immediate threat.

  • Malware Components

    • Delivery Method: Determines how malware is introduced to a system (e.g., phishing emails).
    • Payload: The effect or damage caused by the malware once it is delivered (e.g., ransomware encrypting files).
    • Combination of delivery method and payload allows classification into specific malware types (e.g., virus, worm, Trojan).

  • Malware Definition

    • Malicious software causing unwanted effects or damages, compromising integrity, confidentiality, or availability of information systems.
    • Centered around the CIA Triad:
    1. Confidentiality: Protection of data from unauthorized access.
    2. Integrity: Ensuring data is accurate and trustworthy.
    3. Availability: Ensuring authorized users have access to data when needed.

  • Malware Examples

    • Ransomware: Locks and encrypts files, demanding payment for decryption keys.
    • Viruses: Require human action (like opening a file) to spread and cause damage. Examples include:
    • Melissa Virus (1999): Spread via email by using contacts to send itself, causing significant confusion and financial damages primarily through loss of productivity and repair efforts (approximately 80,000,000).

  • Types of Attacks

    • Availability Attacks: Deny users access (e.g., denial-of-service attacks).
    • Confidentiality Attacks: Involve loss or theft of personal information.
    • Integrity Attacks: Result in altered credible data (e.g., erroneous bank account totals).

  • Computer Viruses

    • Defined as a software program harming computer files and systems, needing a host to spread.
    • Distinction from biological viruses: computer viruses cannot replicate independently.
    • Spread by human interaction (e.g., infected USB drives, email attachments).
    • Types of viruses include:
    • Overwriting viruses
    • Inserting or appending code to existing files

  • Worms

    • Autonomous malware that propagates without human interaction by exploiting software vulnerabilities.
    • Can cause network disruptions through aggressive scanning.
    • Damage is primarily due to network traffic overload.

  • Key Terminology

    • Vulnerability: A flaw in software that can be exploited.
    • Exploit: Code/technique that takes advantage of a vulnerability.
    • Patch: A fix for a discovered vulnerability.

  • Vulnerability Cycle

    • The lifecycle includes:
    1. Discovery
    2. Disclosure
    3. Patch creation
    4. Patching systems in the wild

  • Zero-Day Exploits

    • Vulnerabilities that remain unknown to vendors and users until exploitation occurs, very valuable on the black market.

  • The MS Blaster Worm

    • Originated from a vulnerability in Microsoft's RPC, allowing remote exploitation.
    • Patched on the same day it was discovered, decreasing vulnerability exposure time.

  • Differences Between Viruses and Worms

    • Viruses require human action to spread; Worms self-propagate.
    • Viruses depend on hosts; Worms exploit vulnerabilities directly.
    • Viruses often cause direct damage; Worms can cause network disruptions without malicious payloads.

  • Conclusion: The discourse on security should include understanding different types of malware, how they spread, the significance of vulnerabilities, and the consequences of these attacks across various sectors and systems.