Certified Ethical Hacker - Part 6-2 Malware Threat

by Riazul H. Rozen
Dec. 7, 2017 0 comments 3 minute read Certifications CEH
Download PDF


Computer Viruses are dangerous programs, because they can be transferred through the most common and popular used file transfer methods; from downloads on untrusted sites, to USB transfers, viruses are known to attach themselves in the most inconspicuous ways. Viruses can infect a system, when pirated software is being downloaded, emails with viruses attached to them are being opened, when anti-virus is out-dated, and when plug ins are not being updated.

One of the dangers of the virus is in its ability to regenerate rapidly and within a short period. Its ability to attach itself to files, other programs and even other systems causes huge problems, in terms of containing it.

Viruses are multi-purpose programs that initiate its written code, according to the specificity of the programmer. They carry out a number of instructions, from changing the infected systems data, to replication, infecting other application on the target system and corrupting files beyond use by the host system.

Viruses are only inactive, as long as the target host has not performed any action with regards the infected file. When the virus is written and sent to the target system, it regenerates itself and attaches itself to other files. These infected files comprise of dormant viruses, until they are used. Some viruses are set to activate by a means defined by the attacker. For instance, the attacker may choose to set the virus’s active periods to a definite day or time.

Reasons why computer viruses exist

It has been established that viruses are dangerous to the systems they infect, but the reason behind virus being created by its programmers is yet to be defined. Hence the list of reasons below - Viruses are written by rivals to sabotage the businesses of competitors. This is done to gain an edge or competitive advantage, in the market space. It is also used by attackers to gain financial rewards from their target hosts. This is seen in the increasing cases of ransomware across organizations. Viruses could either be used for academic purposes or to play pranks. It could be used for purely malicious reasons. For instance, vandalism and cyberterrorisim. * It could also be used for political purposes, by activists to deliver a message to the government.

Types of viruses

Boot Sector Virus

These viruses work by moving the MBR from its original position, before the computer is booted, infecting the system, and moving the MBR back to its original position on booting.

Boot Sector Virus

File virus and multipartite virus

These types of viruses infect the files that can be executed in the system. For instance, EXE, COM and BAT files. Multipartite viruses on the other hand, infect both the boot sector and executable files.

Multipartite virus

Macro Virus

Macro viruses are used by attackers to infect files created with Microsoft word or Excel. The viruses work by targeting template, or infecting documents and converting them to template files.

Macro Virus

Cluster Virus

This works by redirecting users to an infected code, from the original program. This virus does not reproduce; it only exists as one program in the entire system. It initiates itself when a program is started, but passes control to the originally intended program thereafter.

Stelth Virus

these viruses are experts at being undetected by the anti-viruses. They do this by diverting alerts from the anti-viruses to the operating systems, hence ensuring they stay hidden. This type of virus also sends a response of an uninfected file to the anti-virus, confusing the defending system by acting like it’s free from viruses.

Stelth Virus

Encryption Virus

These types of viruses are not easily detected by the system’s defence mechanism. They work by encoding each infected file with simple codes.

Encryption Virus

Metamorphic Virus

These viruses change with each executable file they infect. These viruses not only rewrite themselves, they are able to change their code from viral codes to normal codes, and switch back when necessary.

Metamorphic Virus

File Extension Virus

These viruses change the extensions of the files that have been infected.

Add-on & Intrusive Virus

The former attach their codes to the host code, while the latter replaces their code with the host code.

Shell Virus

Shell viruses and boot virus programs are similar in the sense that the shell viruses forms a ring around the target program, switches its programs and acts like the original program, while diverting the main program to act as a substitute.

How to discover if a target system has been infected with a virus

A couple of occurrences could point to a virus in the system. However, most of these occurrences are flukes; hence the need to understand the situations that prove a virus has infected a Machine.

  • The system slows down. The running of programs and applications are not as quick as before.
  • The hard drive name changes.
  • The operating system stops booting when the computer is turned on.
  • The system is continually encountering errors, and it freezes constantly.
  • The names of files and folders change to gibberish.
  • The browser windows freeze constantly
  • Files and folders cannot be found.
  • The anti-virus gives alarms for viruses that have been detected.

The dangers of false alarms

Hoaxes are alarms or pop-up messages that occur when a user browses through the internet, telling the user to download anti-viruses. These hoaxes consist of links that have files or in order words anti-viruses that the attackers encourage the users to download. These messages are false alarms, which most likely have viruses attached to the flies.

They could also be in form of messages, spreading bad news, and requesting that the user deliver said message to family and friends.

These are maleware, paraded as anti-viruses by attackers who have malicious intentions towards the target system. When a user installs these files, they cause damage to the user’s computer. Viruses that are used for financial gain.

Cryptolocker, Cryptodefence, Cryptowall, Cryptobit and police-themed ransomware are all malware that are used on target systems by attackers for financial exploitation. Attackers gain access to the target hosts system, and limit the user’s access to certain files and folders. This is done with the sole aim, of reaping financial benefit. The payment method is usually presided over an online method, for instance bitcoin, which it makes it a bit difficult to catch the perpetrator.

Published with the express permission of the author.