CompTIA Security +: Malware and Malware Infections

By AS Snipes

 In this book, we're going to talk about what Malware is, and, all of the different types of Malware.This book will help you prepare for the malware section of the CompTIA Security + 601 certification exam. 

 

• Language: English
• Publisher: Adil Ahmed
• Release date: Jul 21, 2022
• ISBN: 9798201050726

Book preview

Viruses

The first type of malware that we're going to discuss is a virus.

A computer virus is simply made up of malicious code that runs on a machine without the user's knowledge. And this code allows it to infect the computer whenever it's being run.

Now, what does this look like in the real world? Well, maybe you've gone to download a new game from a website, and when you download that installation file

inside of it there may have been some malicious code. When you run the program to install it, you're allowing the code to be installed on your machine and that virus now can take hold.

At this point, the virus is going to want to reproduce and spread and it does this because you have taken a user action. In this example, you installed the program

and that allowed the code to be run and the virus to start doing its nefarious things. This allows it to begin to replicate and spread across your network.

Now, the Security+ exam is going to separate viruses into 10 different types. We have boot sector, macro, program,

multipartite, encrypted, polymorphic, metamorphic,

stealth, armor, and hoax.

The first one we're going to talk about is a boot sector virus. A boot sector virus is one that's stored in the first sector of a hard drive and is loaded into memory whenever the computer boots up. These are actually very difficult to detect

because they're installed before the operating system boots up. And so your antivirus that you have inside your Windows or your Mac machine is not going to be able

to find these boot sector viruses very easily. Instead, you have to use an antivirus that specifically looks for boot sector viruses.

Next we have macros. Macros are a form of code that allows a virus

to be embedded inside another document. And when that document is opened by the user, that virus then is executed. The most common examples of macros are ones that are found inside Word documents or Excel spreadsheets, or PowerPoint presentations.

By default, macros aren't malicious. Actually, macros are used out there as a way

for you to do a lot of good functions in a very short period of time. For example, I have a macro that I use within Microsoft Excel that allows me to do quicker calculations.

That is a piece of code that works properly, but because we have the ability to add code

to these Office documents, bad guys can also add malicious codes to those documents.

And that's exactly what a macro virus does.

The next type of virus is a program virus. Program viruses seek out executables

or application files to infect. For example, if you went and loaded a virus and was able to install itself into your Microsoft Word program, every time you opened up Word

you'd be loading that virus again and again. And that's why a program virus targets programs.

The next type of virus we have is a multipartite. A multipartite virus is a combination of a boot sector type virus and a program virus. By using this combination, the virus is able to place itself in the boot sector and be loaded every time the computer boots. And by doing so, it can then install itself in a program where it can be run each and every time the computer starts up. This