Free Essay

Is4560 Unit 6

In:

Submitted By spekter
Words 513
Pages 3
IS4560 Hacking and Countermeasures

I was assigned the task of reviewing top malware threats reported by the McAfee Anti-Virus Corporation. The purpose of investigation reporting is to understand the typical lifecycle of new malware and how the threat presented by malware can change over time.
Malware Capabilities and Description
Virus Profile: FakeAlertAVSoft
This Binary is Trojan fake alert, as the name, this Trojan gives fake alerts to the compromised user system. This creates a mirage as if the user system is severely affected when it isn’t and then it will give fake balloon tips when clicked. Afterwards it will ask the compromised user to buy fake antivirus software. FakeAlert-AVSoft will silently install and run a virus scan on the system. It will falsely claim that it found viruses and will require the user to register the product to clean the system. The malware attacks and makes registry modification and tricks the user and prompts them to buy the fake antivirus software.
Threats
The FakeAlert-AVsoft upon execution creates the following registry keys HKEY_CURRENT_USER\Software\AvScan and the following are added to registry.
[HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Download"RunInvalidSignatures”], also registry values are modified. The following registry keys are deleted in the system.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows "AppInit_DLLs". The user is prevented from running any executables and the following message is displayed upon attempted execution: After the FakeAlert has been left running for a period of time, it loads Internet Explorer and opens www.adu[Removed].com and displays a fake warning message. These are only a few of the system disruption changes that the malware performs, and it will leave the infected computer inoperable to perform even basic tasks.
Removal instructions According to mcAfee use current engine and DAT files for detection and removal, modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Conclusion
This malware is designed to trick users into clicking on a fake Windows security alert balloon message, once user has clicked on balloon the FakeAlert-AVSoft will silently install and run a virus scan on the system. The fake scan will indicated that it discovered viruses on your computer, but it is their scan that infected and gave you the virus. This virus modifies computer registry which is a vital part of the computer operating system, because the registry is essentially the catalog or reference source for your computer.
When you attempt to open a program, your computer queries the registry to find where the program is stored. The registry contains references to settings and values for the operating system, the programs, user profiles, document types, property sheet settings, system hardware and ports. Basically, much of what goes into or comes out of your computer is noted in the registry. This malware is designed to infect your computer and trick you into purchasing their fake anti-virus product to clean your computer.

References

http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=258592#none

Similar Documents

Free Essay

Is4560 Unit 2 Assignment 1

...Shaun Howard IS4560 – Hacking and Countermeasures Unit 2 Assignment 1 September 30, 2014 1. _________ type of certificate is used to provide security on Web sites. a. SSL 2. __________ is the most common public key encryption systems and, in most cases, this relies on manual trust and key distribution. b. PKI 3. __________ provides authentication or proves integrity of a digital message. c. MAC 4. ___________ encryption scheme was broken and was replaced with a third round version of itself. d. 3DES 5. _________ is the first algorithm suited to both signing and encryption, and it is now widely used in e-commerce and other public key systems. e. RSA 6. The entity that issues certificates is a __________. f. Certificate Authority 7. The document to check to verify whether a certificate has been revoked is __________. g. CRL 8. Each bit of length _______the number of keys. h. Increases 9. Currently, _______ bit certificates are commonly used for web communications. i. 128 10. Triple DES provides ________ bits of security, despite using a 168 bit key. j. 112 11. Thawte, Verisign, and Comodo are all examples of _____________. k. SSL Certificate Providers 12. Hiding data in images is an example of ____________. l. Steganography 13. Data Encryption Standard (DES), ROT13, and Enigma are all examples of ______________. m. Cryptography ...

Words: 273 - Pages: 2

Premium Essay

Test

...Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110  NT1210 Structure and Introduction to  ComputerLogic Networking    IS3120 IS3110 NT1210 Network  Risk Management in Introduction to General Education / General Studies NT2580 NT2799 Communications Information Technology Introduction to Information Security NSANetworking Capstone Project IS4550 NT2640 Security Policies and Implementation IP NT2640...

Words: 2305 - Pages: 10