Virus and Worm

      Virus and worm

I welcome all my readers to this blog, today we will talk about few important types of malware, this blog will be helpful for all students who wants to learn about cyber security, or want to complete certification like Comp TIA Security+ or CEH.

Introduction:

Malware is a software design to damage a computer (workstation, mobile, server or network), it can delete the data, modify the data or encrypt the data, and it can change the setting of your computer or registry and can spy data from the system.

Types of malware:

Virus and worms

Ransomware and crypto malware

Trojan and RATS

Rootkits

Keyloggers

Adware and Spyware

Bot and Botnets

We will now discuss each one of it one by one.  In this blog we will start with virus and Worms, and I will try to cover all malware one by one in my coming blogs.  Now let’s start with virus

Virus:

The name virus is used from the medical field because computer virus behavior is similar to a virus (It replicates itself). We just need to run a program and then it can replicate itself and it can spread itself by file system or network, sometimes a virus may not cause a problem, and sometimes it can be a disaster. The first virus detected on ARPANET (ARPANET was the network that became the basis for the Internet, in 1970) and its name was Creeper.

These days virus are very common every day thousand of virus are created and spread around globe.

Types of Virus:

Program Virus

Boot sector virus

Script virus

Macro virus

Encrypted virus:  

Polymorphic Virus:  

1. Program Virus: 

These are the part of application, email attachment, or storage media like CD,  floppy, and virus code are written hidden in it, it’s like a trogon and when we run application,when we open the attachment or when we play storage media its code work in background

2. Boot sector virus: 

These are the virus design to effect boot sector/ master boot Record (MBR) or external storage media like CD, floppy disk etc.

3. Script Virus: 

These are web based virus, which attack a computer with the help of a website. Sometimes a malicious website is designed to attack a system, by running script. We can understand it with an example when we download any file from a website or if we play any video on a website, a script can run in background which can be very harmful.

4. Macro virus: 

These are the virus that can be executed from executed files; the best example is Microsoft Office world file. Notepad files can also be used for this purpose, such virus is spread by using email with the attachment. These are the .bat files that excite its code when we click on it. We always suppose to check file extension before exciting it.

5. Encrypted virus:

Attacker send the virus code in encrypted form, so that it cannot be easily detected, in most cases it carry decryption algorithms as well, so that  when it reaches the target the decryption  algorithm code decrypt the file code for execution.

6. Polymorphic Virus: 

Polymorphic means (occurring in several different forms, in particular with reference to species or genetic variation) we have studied about it in biology and chemistry in our days, the best example is in biology is phenotype , now it’s time to read polymorphic in computer science.

Traditional antivirus works on signature base, so attacker use polymorphic property in coding so that if antivirus detect its signature, it changes its signature in next installation so that antivirus should not detect it.  

I have explained the types of virus, Apart from these we can also categorize virus like Armored Virus, Multipartite Virus, Tunneling Virus, Stealth Virus but these are made based on different types of technique used by virus and I think I do not need to explain that much here.   

  

Now we will take an example how attacker can write a program to create a virus and how attacker can spread it, I request from my readers to not apply this technique on anyone because it’s illegal, I am writing this blog just for education purpose.

The best example is the .bat file extension program, attacker can spread these file by an attachment in the email.

Below are the steps:

1. Open notepad file.

2. Write the below code.

@echo off

Shut down -s -t 00

3. Save the file with .bat extension

4. And run it just by double clicking it

the command “shutdown -s –t 00 shutdown the computer each time when it starts, so user can never start the computer normally and it may cause to loss data.

Other example is

@echo off

deltree C:\

It will delete files permanently from the hard disk.

How can we protect our computer from virus attack

The best way is to use antivirus with latest virus definition, the antivirus contain signatures of all the virus detected and protect your machine from such virus.

1.          Use firewall
2.          Use authenticated website
3.          Always download from file, video or other documents from good source
4.          Use emails carefully and do not open attachment from unknown email

If you want to know more about how to protect your machine please read my blog:

How to protect computer from virus attack

Worm: A computer worm is self-replicating malware that duplicates itself to spread to uninfected computers. It can move from one system to another or from one network to other network without human intervention. It uses network as transmission and that’s why it spread quickly.

How we can protect our computer from worm ?

We can use firewall to protect out network from worm, apart from this we can use antivirus with latest signature update.

The main difference between virus and worm

Virus	Worm
It needs human intervention	It do not need human intervention
Virus is slower than worm,	It effects more faster than virus
Antivirus plays a very important role to protect our environment from virus	Antivirus and firewall  play important role to protect from worm
Virus main impact is, it delete a file, corrupt a file.	Main purpose of worm is to slowdown the network or system.

Tips to use Email

I welcome all my readers in my second blog. I will start this blog with a small story. One of my friends is looking for a job and every week he has to attend interview sometimes in the city and sometimes outside the city and it’s really difficult for him to carry all the documents with him. It has become more difficult because each company has its own requirements, few wants education certificate, few wants personal documents too and few company has other requirements, so it is really difficult for him to carry all his documents with him everywhere so he decided to keep all his document's scan copy in his email inbox and he takes print out of whatever documents he required. This is a very easy and effective way to carry documents anywhere without any physical file.

But just think what will happen when some unauthorized person has access of your email. It may go worst than our expectation; an unauthorized person can see your data, your education qualification, your contact details, passport details and many more. How can we protect our email from such an unauthorized access, we are going to discuss it today. I will give you basic idea to protect your device or email from an unauthorized person. 

Create your email password strong:

A strong password protects your email from Brute-Force attack (I will write a separate blog for Brute-Force attack), We suppose to use upper case, lower case, numbers and special characters in our password together to avoid someone from guessing our password, never use your name, date of birth or mobile number as your password because it can be easily guessed by anyone.

(i) Use Multi factor Authentication:

It is an authentication method in which user has to pass more than one authentication to complete any task. Nowadays all banks transaction systems has adopted this method but when we talk about the general public I saw only few people who use this technology to protect his/ her email or personal device.

(ii) How Multi factor Authentication works:

Take an example when you enter your ATM card in the ATM machine you cannot withdraw the money just by entering your ATM card you need to enter your ATM PIN also to do any transaction this is an example of 2 factor Authentication because it has two layers of protection, one is ATM card and the other is ATM PIN  similarly, we have one more example and that is OTP ( one time Password ) when we do any online transaction by net banking we have to enter our password to login and then we have to enter OTP also to complete the transaction, similarly we can do 2 steps verification in our mail also. I will share a good example of Gmail here because it is used by many people and very common in general public. In Gmail we have option for Voice or Text Message so, whenever anyone will try to login in the Gmail account it will send a text or voice message on phone and we have to enter that to login in Gmail account.

(iii) Never share your password with anyone:

I was travelling in a taxi and the taxi driver requested me to reset his Paytm password because he was not much educated and he did not know how to use that application, nowadays people are using data much more and they had started using many money transfer application but they do not know how to use that. It's very common to share password with friends and relatives.

(iv) Do not use same password everywhere:

This is the common mistake I find with people they use same passwords for all application. They use same password for computer login, emails and for banks also and they share the password with friends without knowing that they are sharing passwords of all his application. All security applications, software and tools are useless if someone knows your password so we need to think about it. 

  

 Public Place email access (Use of public Wi-Fi or computer)

Today internet is available everywhere in the metro cities, railway stations, airports, etc. and it’s very common practice to use public internet to check ticket details when we are travelling, watching your favorite shows online, when we are waiting for someone or while waiting for flight, and to save our data we use free public Wi-Fi which is not a good practice, we do not know who manage it and since it’s for common purpose and many people use same network and subnet so it’s easy for an unauthorized person to access your phone from the same network.

(i) Look over your shoulder

Generally people don’t think much on small things which might come out like a disaster, when we use our PC or mobile at public place we don’t see what other people are doing around.  Suppose you are entering the password and someone saw that from your back side, in such case he can login in your email, so we have to be careful whenever we enter our password. Always check behind your shoulder is there anyone looking at your device (phone, PC)

Use VPN:

This is something that people use mostly in companies, but we can protect our computer or emails by using it, it provides a virtual private network so, other people need permission to enter in your network, apart from this we can avoid extra unwanted ads while browsing, we can access 

out home network from anywhere or public internet more effectively and securely with the help of VPN.

Use internet carefully:

We use internet but only few of us check the links that we open, we suppose to open only those links which are secured, and the best method to know about it is to see at the URL: if it is HTTPS then it is secured and if it is without “s” ( HTTP) then it is not secured so please try to use those websites which are secured and which starts with HTTPS.

 (i) Don’t click on any link in the email if you are not sure

Clicking on any link can put you in trouble, because you can allow someone to encrypt your data, or you can give permission to install any software in background which can be a spyware. Do not click on any link or attachment if it is not from an authorized person.

Fake call or email:

Few days back a person called my brother on behalf of Paytm, and told that he will help him in KYC process, since my brother is not from technical background he was not able to understand the process then that guy shared my brothers mobile screen by using team viewer ( A software used to share the screen of computer with other person) and he saw his user ID, password, bank details everything and my brother did not even noticed it and after that, that person tried to login in his email and bank account.

Like this you may get an email or call for technical support or for a lucky draw, always be careful and contact police cyber sell for such issue.

Use antivirus:

Always use antivirus in your phone and laptop, it will protect your device from unauthorized access and apart from this there is many other benefits of using antivirus and we suppose to use it every time.

Always update your operating system and other software in your device 

We suppose to update our operating systems as well as all the software that we use in our device, because whenever a company find any malware or any security related issue in its products they issue a new patch or issue a new updated version of that software which will help to protect our device, avoid to use free or unwanted software or websites that is not from an authorized source.

I hope the above information will help my readers to protect his/her computer from an unauthorized access, Please share it with your friends and put your questions related to this post, suggestions and advice are most welcome.  

Conficker and Rogue System Detection

This is my first blog, and my aim is to share real-world experiences from cybersecurity experts. I’ll cover prominent cyber-attacks and how professionals protect their environments from such threats. Additionally, I’ll provide tutorials on various cybersecurity technologies and tools.

Today, I’m starting with a very well-known cyber-attack that first surfaced in November 2008. It affected government organizations, private sectors, and even home computers across over 190 countries, making it the largest known computer worm infection since 2003. If you’re a cybersecurity professional, you’ve likely guessed it—I'm talking about Conficker.

Conficker targeted Microsoft Windows operating systems, and its initial detection was in 2008. In 2011, Ukrainian police arrested Mikael Sallnert, who was sentenced to 48 months in prison for his role in the attack.

 

How Conficker affect your machine ?

 

Conficker used dictionary attacks on administrator passwords to propagate itself while forming a botnet. It could execute arbitrary code via a crafted RPC request that triggered a buffer overflow during canonicalization. Once on a system, Conficker copied itself with a random name into the system directory (%systemroot%\system32) and registered itself as a service.

After gaining access to a machine, Conficker set up a small HTTP server and began scanning for other vulnerable machines. When a target was identified, the infected machine would send a URL with the payload to the target, which would then download the worm and continue the infection cycle.

                                   

Why Do Such Attacks Happen?

Attacks like Conficker often succeed due to unmanaged or unprotected machines within a network. These “rogue” machines can be a gateway for attackers to infiltrate your environment.

What Is a Rogue Machine?

A rogue machine is any unprotected system within a network. If a machine lacks antivirus software or doesn’t adhere to security policies, it becomes a rogue system. These machines pose a significant risk because they can be exploited by attackers to spread infections throughout an entire network.

How Can We Protect Our Environment?

Using antivirus software is crucial, but it’s not always enough—especially if some machines don’t have antivirus installed. Identifying rogue systems is challenging but essential for comprehensive network protection.

For example, consider a car manufacturing company with several business units—manufacturing, design, dealerships, and showrooms. The company manages its manufacturing and design units directly, but it may not manage the dealer’s computer systems. However, dealers may need access to the company’s network. An attacker could target a dealership’s unprotected machine and, through it, gain access to the more secure manufacturing unit.

To protect against such threats, it’s important to monitor all machines in your network, regardless of whether they are directly managed. This is where Rogue System Detection (RSD) comes into play.

How Does Rogue System Detection Work?

Rogue System Detection involves placing sensors within your network, often using a DHCP server. These sensors detect all devices connected to the subnet—laptops, desktops, IP phones, printers, etc.—and send the information to an endpoint management tool that cybersecurity professionals use.

Rogue System Detection works by employing tools like WinPcap to monitor network traffic and protocols such as ARP and DHCP to identify all systems on the network. The sensor sends details about every device to the antivirus management tool, which filters out the rogue machines.

You can also configure exceptions for devices like printers or IP phones that you don’t want to monitor. Additionally, you can block specific machines as needed to tighten security.

By using Rogue System Detection, you can ensure that all machines in your network—whether directly managed or not—are monitored, reducing the risk of attacks from unmanaged systems. This approach would have been effective in mitigating the spread of infections like Conficker, which took advantage of such weaknesses.

In this post, we’ve explored the Conficker worm and the dangers posed by rogue machines. By implementing Rogue System Detection, organizations can safeguard their networks from such threats. Stay tuned for more tutorials and insights into how cybersecurity professionals defend against real-world attacks!