Security+ and Malware Threats
Malicious software (malware) is a wide range of different software that has malicious intent. If you’re studying for a security certification such as Security+ , it’s important to understand some basics about malware.
Virus
The term virus is sometimes used erroneously to imply all types of malware. Actually, a virus is a specific type of malware, and malware includes many other types of malicious software including viruses, worms, Trojans (or Trojan horses), logic bombs, and rootkits.
A virus is a set of malicious code that attaches itself to a host application. The host application must be executed to run, and when the host application is executed, the malicious code executes.
USB drives have become a popular method of delivering viruses. Systems automatically detect a USB drive as soon as a user plugs it in. Malware on an infected USB flash drive will often infect the computer when a user plugs it in, and the infected system will then infect any other USB drives that a user plugs in.
Here’s an interesting story about how malware was introduced to a U.S. Department of Defense DoD networks from a USB flash drive. Most DoD systems now prohibit the use of USB flash drives today due to the threat.
Master Security+ Performance Based Questions Video
Worm
A worm is self-replicating malware that travels throughout a network without the assistance of a host application or user interaction. A worm resides in memory and is able to use different transport protocols to travel over the network. In comparison, viruses must be executed.
Trojan
A Trojan (or Trojan horse) appears to be something useful but instead is something malicious. Users may download pirated software, key generators, rogueware/scareware, or something else they perceive as useful. However, this software includes malicious code called a Trojan. It’s named after the Trojan horse from Greek mythology.
The following figure shows an example of rogueware/scareware. Something like this can pop up when a user visits a malicious site indicating that the user’s system is infected with malware. However, the site shows the same dialog box to every user.
If the user believes it, they’ll be encouraged to download and install free antivirus software. However, it turns out that the free version is only a trial version. If the user wants to remove the malware, they have to pay the full price. Additionally, the trial version is also malware that is difficult to remove and may join the computer to a botnet, or give an attacker remote access to the user’s system.
If you want to read more about rogueware and scareware, check out this article.
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Realistic SY0-601 Security+ Practice Test Questions
- Performance-based questions.
- All of the flashcards from the study guide. View them in any Web browser. See demo here
- All of the audio from the study guide.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
Logic Bomb
A logic bomb is a string of code embedded into an application or script that will execute in response to an event. The event may be a specific date or time, when a user launches a specific program, or any event the programmer decides on.
As an example, a UNIX engineer planted a logic bomb after being fired from his job at Fannie Mae. Their account management policy did not revoke his elevated system privileges right away and he wrote and installed malicious code set to run at 9 a.m. on January 31, 2009. If the script wasn’t detected, it would have deleted data and backups for about 4000 servers, changed passwords, and shut them down.
| Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Over 40 new multiple-choice questions we’ve added after publishing the study guide.
- Over 30 performance-based questions. See a demo here.
- All of the flashcards from the study guide. View them in any Web browser.
- All of the audio from the study guide. Listen to a sample here.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
Rootkits
A rootkit is a group of programs (or in rare instances, a single program) that hides the fact that the system has been infected or compromised by malicious code. A user may suspect something is wrong, but antivirus scans and other checks may indicate everything is fine since the rootkit hides its running processes to avoid detection.
Rootkits have system level or kernel access and can modify system files and system access. A file integrity checker can detect files modified by a rootkit, and an inspection of RAM can discover hooked processes. It’s important to remember that rootkits are very difficult to detect, since they can hide so much of their activity. A clean bill of health by a malware scanner may not be valid.
Of course each of these types of malware has much more depth than I’ve shown here. However, this does provide a brief overview that may help you with the Security+ exam.
