Vous êtes sur la page 1sur 5

Name:

Awais Ahmed Khan


CMS ID:
1699-2015
Semester:
8th
Program:
BS (Computer Science)
Date:
13 May 2019
Submitted To:
Sir Kashif Alam
Network Computer virus Types and Its Attack
computer virus :
A computer virus is a type of malicious software that, when
executed, replicates itself by modifying other computer programs and inserting its
own code. When this replication succeeds, the affected areas are then said to be
"infected" with a computer virus.

Types:
Resident Virus:
Resident viruses live in your RAM memory. It can interfere with normal system
operation which can lead to the corruption of files and programs. The most popular
examples of resident viruses are CMJ, Meve, MrKlunky, and Randex.
Multipartite Virus:
This type of virus can easily spread in your computer system. It is very infectious,
performing unauthorized actions in your operating system, in folders, and other
programs on the computer. They have the ability to infect both the executable files
and the boots sector.
Direct Action Virus:
Direct action viruses attack certain types of files, typically .exe and .com files. The
main purpose of this virus is to replicate and infect files in folders. On the lighter
note, they do not typically delete files or affect PC performance and speed. It can
be easily removed by antivirus programs.
Browser Hijacker:
This type of virus infects your web browser in which it will bring you to different
websites. Typically, if you key in a domain name in the internet address bar, the
browser hijacker will open multiple fake websites that may harm your computer.
On the other hand, most trusted browsers have built-in features to block them
ahead.
Overwrite Virus:
From the name itself, this virus overwrites the content of a file, losing the original
content. It infects folders, files, and even programs. To delete this virus, you also
need to get rid of your file. Thus, it is important to back up your data.
Web Scripting Virus:
This virus lives in certain links, ads, image placement, videos, and layout of a
website. These may carry malicious codes in which when you click, the viruses
will be automatically downloaded or will direct you to malicious websites.
Boot Sector Virus:
Boot sector viruses affect floppy disks. They came to existence when floppy disks
are important in booting a computer. Although they are not very common today, it
is still causing other computer units, especially the outdated ones. Some examples
include Polyboot.B and AntiEXE.
Macro Virus:
Macro viruses target applications and software that contain macros. These viruses
can carry out series of operations affecting the performance of the program or
software. Some examples of macro viruses are O97M/Y2K, Bablas, Melissa.A,
and Relax.
Directory Virus:
Directory viruses change file paths. When you run programs and software that are
infected with directory viruses, the virus program also runs in the background.
Further, it may be difficult for you to locate the original app or software once
infected with directory viruses.
Polymorphic Virus:
Polymorphic viruses use a special method of encoding or encryption every time
they infect a system. With this, antivirus software finds it hard to locate then using
signature searches. They are also capable of replicating easily. Polymorphic
viruses include Satan Bug, Elkern, Tuareg, and Marburg.
File Infector Virus:
This virus also infects executable files or programs. When you run these programs,
the file infector virus is activated as well which can slow down the program and
produce other damaging effects. A large block of existing viruses belongs to this
category.
Encrypted Virus:
This type of virus uses encrypted malicious codes which make antivirus software
hard to detect them. They can only be detected when they decrypt themselves
during replication. Although they don’t delete files or folders, they can badly affect
PC performance.
Remote Attacks:

DoS attacks:
DoS, or Denial of Service, is an attempt to make a computer or network
unavailable for its intended users. DoS attacks obstruct communications
between affected users, preventing them from continuing in a functional way.
One common method of attack involves saturating the target machine with
external communications requests, so that the target machine cannot respond
to legitimate traffic, or responds so slowly as to be rendered effectively
unavailable. Such attacks usually lead to a server overload. Computers
exposed to DoS attacks usually need to be restarted in order to work properly.
The targets of DoS attacks are web servers and the aim is to make them
unavailable to users for a certain period of time.

DNS Poisoning:
Using DNS (Domain Name Server) poisoning, hackers can trick the DNS
server of any computer into believing that fake data is legitimate and
authentic. The fake information is cached for a certain period of time,
allowing attackers to rewrite DNS replies of IP addresses. As a result, users
trying to access DNS poisoned websites will download computer viruses or
worms instead of the website's original content.

Port scanning:
Port scanning is used to determine which computer ports are open on a
network host. A port scanner is software designed to find such ports.
A computer port is a virtual point which handles incoming and outgoing data
– this is crucial from a security point of view. In a large network, the
information gathered by port scanners may help to identify potential
vulnerabilities. Such use is legitimate.
Still, port scanning is often used by hackers attempting to compromise
security. Their first step is to send packets to each port. Depending on the
response type, it is possible to determine which ports are in use. The scanning
itself causes no damage, but be aware that this activity can reveal potential
vulnerabilities and allow attackers to take control of remote computers.
Network administrators are advised to block all unused ports and protect
those that are in use from unauthorized access.

TCP desynchronization:
TCP desynchronization is a technique used in TCP Hijacking attacks. It is
triggered by a process in which the sequential number in incoming packets
differs from the expected sequential number. Packets with an unexpected
sequential number are dismissed (or saved in buffer storage if they are present
in the current communication window).
In desynchronization, both communication endpoints dismiss received
packets, at which point remote attackers are able to infiltrate and supply
packets with a correct sequential number. The attackers can even manipulate
or modify communication.
TCP Hijacking attacks aim to interrupt server-client and/or peer-to-peer
communications. Many attacks can be avoided by using authentication for
each TCP segment. It is also advised to use the recommended configurations
for your network devices.

SMB Relay:
SMBRelay and SMBRelay2 are special programs that are capable of
carrying out attacks against remote computers. The programs take advantage
of the Server Message Block file sharing protocol which is layered into
NetBIOS. A user sharing any folder or directory within the LAN most likely
uses this file sharing protocol. Within local network communication,
password hashes are exchanged.

Vous aimerez peut-être aussi