Multi-partite A virus that will use a number of infection methods. Master boot record A virus that infects the first physical sector of all disks.
There are several types of viruses, including the following:įile infector A virus that attaches to an executable file.īoot sector A virus that places code in the boot sector of a computer so that it is executed every time the computer is booted. However, there are no viruses that can physically damage your computer hardware.
Malignant viruses are the most dangerous because they can cause widespread damage, such as altering software and data, removing files or erasing the entire system. A benign virus still consumes valuable memory, CPU time, and disk space. A benign virus does not have any destructive behavior it presents more of an annoying or inconvenient behavior, such as displaying messages on the computer at certain times. Viruses travel from computer to computer when users transmit infected files or share storage media, such as a floppy disk. To do this, it often attaches to executable files, known as host files. A virus can execute itself, and replicate itself to other files within the system. They each use different ways to infect computers, and each has different motivations behind its use.Ī virus is a program that can infect files by attaching to them, or replacing them, without the knowledge of the user. The terms tend to be used interchangeably, but they are really three very distinct entities. Many people get confused over the difference between a virus, a worm, and a trojan. Trojans, Viruses, and Worms: What is the difference? We will also be using our own, lab-created backdoor packet captures called sub-seven_log and netbus_log, also located on the accompanying CD-ROM in the /captures directory. Scan2.log is located on the accompanying CD-ROM in the /captures directory. In this section we will be using Scan2.log that was provided by the Honeynet Research Alliance as part of the Honeynet Project Scan of the Month challenge. This makes them very difficult to detect with antivirus software.
They even have password protection and encryption features for intruders to protect the computers they own! There are hundreds, maybe even thousands, of trojan programs circulating the Internet, usually with many variations of the code. They give an intruder access to just about every function of the computer including logging keystrokes, activating the webcam, logging passwords, uploading and downloading files, and much, much more. Backdoors operate in a client-server architecture and allow the intruder to have complete control of a victim’s computer, remotely over the network. In the information security field, trojans are malicious programs that are often disguised as other programs such as jokes, games, network utilities, and sometimes even the trojan removal program itself! Trojans are often used to distribute backdoor programs without the victim being aware that they are being installed. Once the horse was brought inside the city walls of Troy, the Greek soldiers that were hiding inside of the hollow horse emerged and assisted in capturing the city. In the story of the Trojan war, the Greeks left a large wooden horse as an apparent peace offering to the Trojans. The term trojan horse originally came from the Greek epic poem the Iliad, by Homer. You will also notice that the intruder is using a somewhat static pair of source ports, 5219. Most ports respond with an RST/ACK packet, however the highlighted packets show the SYN/ACK response, and subsequent RST exchange on the https port. However, many current firewalls and Intrusion Detection Systems (IDSs) will notice this type of activity.
SYN scans are known as stealth scans because not as many devices will notice or log them, as they never create a full connection. The intruder will then follow with an RST to close the connection. If a SYN/ACK is received it indicates that the port is open and listening. If an RST/ACK is received it indicates the port is closed. An intruder sends a SYN packet and analyzes the response. It is used to determine which ports are open and listening on a target device. The next scan that we will be analyzing is a TCP SYN scan, also known as a half-open scan because a full TCP connection is never completed.