

- #Malware used runonly to avoid detection .exe#
- #Malware used runonly to avoid detection code#
- #Malware used runonly to avoid detection series#
What it does: Exploits a vulnerability in an application or operating system

How it spreads: User transfers infected files to other devices
#Malware used runonly to avoid detection code#
What it does: Inserts malicious code into a program or data file Differences between a virus and a worm virus: Worm - self-replicates between computers (from one computer to another). worm The difference between where a virus and a worm replicates (both automatically self-replicating, but in different areas) virus - self-replicates on the host computer but does not spread to other computers by itself Then, it searches for another computer on the network that has same vulnerabilityĭeleting files on the computer or allowing the computer to be remotely controlled by an attacker. Takes advantage of vulnerability in application or host OS. Sends copies of itself to other network devices bat file Uses a "computer network" to replicate bat File a plain text file that contains commands for repetitive tasks. XCOPY c:\original c:\backupfolder /m /e /y macro virus in. When downloaded or delivered in email attachment its clicking will run the file overwrite infection Runs on MS windowsĪlso called shell script, script, batch program Programs do run but provide additional malicious features etc. Destroy specific functionality in an application

Some viruses overwrite existing program code on the system disk or stored in memory(e.g., TRj.reboot virus) to reproduce itself by inserting its code into another file, but only on the same computer a malicious program (program virus) which, after infection, will effectively destroy the original program code it unloads a payload to perform a malicious actionĢ. To make detection even more difficult these parts may contain unnecessary "garbage" code to mask their true purpose split infection Two actions that are performed by a virus when an infected program is launched or the data file is open, either by the user or the operating system 1. Gives control to next piece of virus code Head of virus code starts at beginning of file When the program is launched, the different pieces are then tied together and unscramble the virus code swiss cheese infection Virus codes split into several parts (instead of inserting pieces of the decryption engine throughout the program code) divide the engine to unscramble (decrypt) the virus code into different pieces and inject these pieces throughout the infected program code (decryption engine with decode instructions and decryption key) scramble (encrypt) the virus code to make it more difficult to detectĢ. Normally, the host program keeps functioning after it is infected appending Program viruses designed to avoid detectionĮx: Swiss cheese infection, split infection armored viruses Instead of having a single jump instruction to the "plain" virus code, it performs two actions to make detection more difficult:ġ. Replaces the beginning of file with a jump instruction pointing to the virus code (ex. Normally, the host program keeps functioning after it is infected prepending infection Program virus appends itself to the end of the file Relatively easily detected by virus scanners Once the document is opened, the instructions executeĭangerous: people don't normally think of viruses in documentsĭetected by anti-virus tools macro/data virus Program virus prepends itself to the beginning of a file Most common are written in a script stored within the user document
#Malware used runonly to avoid detection series#
Sed to automate a complex set of tasks or a repeated series of tasks Series of instructions that can be grouped together as a single command But this is not always the case program virus Virus part of a data file (rather than an executable program) Some antivirus scanners automatically consider a file to be secure if it is signed with a valid digital certificate.

To avoid the detection, the attackers can carefully matching number of bits of the file to avoid detections (solar winds attack on US government)
#Malware used runonly to avoid detection .exe#
exe files are digitally signed and thus changes can be detected. Many virus developers go extra miles to avoid detection of changes in the execution file Two main types of circulation viruses program virusĭata/macro virus Inserted/injected into a benign executable file (.exe)
