Learning Security+ Issue 9

D369
4 min readMay 19, 2022
2 Cents Learning Security+ Viruses
Learning Security+ Viruses

Key Takeaways

  • Macro: Embedded into a file and executed when the file is opened.
  • Boot Sector: Stored in the first sector of a hard drive and loaded into memory upon boot up.
  • Program: Infects an executable or app
  • Multipartite: Combines boot & program: Attaches to boot sector and system files before attacking other files.
  • Encrypted: Encrypts its payload to make its detection difficult.
  • Polymorphic: Encrypted virus that changes itself each time it’s executed by altering the decryption module to avoid detection.
  • Metamorphic: Advanced polymorphic virus that completely rewrites itself before infection attempts.
  • Stealth: Uses various mechanisms to avoid detection by antivirus software.
  • Armored: Has a layer of protection to confuse a program or person analyzing it.
  • Hoax: Displays a false message warning users of having a computer virus that’s really non-existent.

Viruses

Computer viruses are a kind of malware. Most people have had a virus at one time or another. Viruses are very common. Especially, on Windows-based computers. Macs get viruses, too. Although, less often.

Consumers deal with viruses by using things like anti-virus apps, like Avast. Cyber security pros need to be keenly aware of what kinds of viruses there are in the world and how to handle them.

The most common viruses to know for Security+ exams are:

Program/Macro

A program or acro virus embeds itself into a file. To do this, it’s written in the same macro code (typically, used for automation) as the document. It’s activated when the document is opened (or macros is enabled) and begins to infect other files. Macros are commonly spread via phishing emails containing files that carry the virus, but they can also spread through downloads and shared networks or discs, like CDs and DVDs.

Boot Sector

This virus infects the boot sector of floppy disks and hard drives or the Master Boot Record (MBR) of hard drives. It is stored in that first sector– the boot sector–of a hard drive and loaded into memory upon boot up. From there, it’s most commonly spread via removable media, such as USB drives.

Multipartite

This is combination of boot & program viruses that’s fast-acting and attacks boot sectors and program files simultaneously. Multipartites are more problematic than a boot or program virus alone because they can spread in multiple ways and can reinfect a disk or file multiple times if not completely purged.

Encrypted

This virus encrypts itself making it more difficult to find with typical malware or antivirus software. It can create havoc on machines by encrypting or deleting files or blocking access to networks, systems, or other services.

Metamorphic & Polymorphic

These are encrypted, adaptive, mutating viruses that hackers use to infiltrate and steal information while avoiding detection. They both alter their code in order to avoid most anti-malware apps. However, they’re not exactly the same.

A polymorphic virus uses a single tranformation technique. It rewrites its decryption module to avoid detection while retaining the same basic routines after every infection. This technique makes uses mutation engines–also called polymorphic engines–to create different encryption keys each time. Advanced versions can create billions of these keys.

A metamorphic virus completely re-writes itself and uses multiple transformation techniques. Therefore, each new version of itself no longer matches its previous iteration. This makes it even more difficult to identify and deal with.

Stealth

Stealth viruses are relatively new compared to some of the aforementioned ones. They use various mechanisms to avoid detection by antivirus and antimalware software allowing them to hide within files, boot sectors, and partitions without alerting the system or user. They change computer settings so attackers can control a system and modify code to cover their tracks.

Armored

An armored virus uses a layer of protection to confuse software or people analyzing it. Basically, it tricks anitvirus and antimalware about its exact location, so they detect it elsewhere instead of where it really exists within the system. It’s also built to make tracing, disassembling, and reverse engineering very difficult for software or people analyzing it.

Hoax

The hoax virus displays false messages warning users of having a computer virus that’s really non-existent. These messages are extremely annoying but can also be threatening and cause users to react in a panicked manner. Unlike most other viruses, these are not self-replicating.

Conclusion

These are the most common viruses to date, but as times change, more and more will eventually come into being. Staying up-to-date is extremely important.

Moving on, the next bit of malware to discuss is worms. Yeah… worms. Sounds gross, but there’s no dirt or slime involved. I promise! 😂

--

--