Viruses and Worms - CompTIA Security+ SY0-701 - 2.4
Understanding Computer Viruses and Worms
What is a Computer Virus?
- A computer virus replicates itself from one computer to another, requiring human intervention (like clicking a link) to activate.
- Viruses can cause outages or downtime, but some remain undetected in the background, posing ongoing risks.
- Antivirus software is commonly included in operating systems to monitor for known malicious executables.
- Keeping antivirus signature files updated is crucial for identifying new threats effectively.
Types of Viruses
- Some viruses reside in the boot sector and execute automatically during system startup.
- Scripts run by browsers or applications (e.g., Microsoft Office macros) can also harbor viruses exploiting software vulnerabilities.
- Fileless viruses operate entirely in memory without writing malicious code to storage drives, evading traditional antivirus detection.
Mechanism of Fileless Viruses
- Fileless viruses often begin with user actions like clicking on malicious links that exploit system vulnerabilities (e.g., Flash, Java).
- Once active, they can execute scripts using tools like PowerShell directly in memory without saving files on disk.
- These viruses may install additional malware or exfiltrate data while remaining undetectable by standard antivirus solutions.
Persistence and User Intervention
- To maintain persistence after reboots, fileless viruses may modify the Windows registry for autostart functionality.
Understanding Worms
Characteristics of Worm Malware
- Unlike viruses, worms self-replicate across networks without user interaction, making them particularly dangerous.
- They propagate quickly through networked systems at high speeds due to their ability to move freely without needing user clicks.
Prevention Measures Against Worm Attacks
- Network-based firewalls and intrusion prevention systems are essential for detecting and stopping worm propagation within networks.
Case Study: WannaCry Worm