Scribd Logo
Carica

Benvenuto in Scribd!

  • IS4560 Unit 6 Assignment 1

    Caricato da

    Graydrone
    131 visualizzazioni2 pagine
    Hacking and Countermeasures

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Hacking and Countermeasures

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    131 visualizzazioni2 pagine

    IS4560 Unit 6 Assignment 1

    Caricato da

    Graydrone
    Hacking and Countermeasures

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    IS4560

    Unit 6 Assignment 1
    Malware Lifecycle
    Virus Profile: FakeAlertAVSoft
    This Binary is Trojan fake alert, as the name, this Trojan gives fake alerts to the compromised
    user system. This creates a mirage as if the user system is severely affected when it isnt and then
    it will give fake balloon tips when clicked. Afterwards it will ask the compromised user to buy
    fake antivirus software. FakeAlert-AVSoft will silently install and run a virus scan on the
    system. It will falsely claim that it found viruses and will require the user to register the product
    to clean the system. The malware attacks and makes registry modification and tricks the user and
    prompts them to buy the fake antivirus software.
    Threats
    The FakeAlert-AVsoft upon execution creates the following registry keys
    HKEY_CURRENT_USER\Software\AvScan and the following are added to registry.
    [HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Download"RunInvalidSignatu
    res], also registry values are modified. The following registry keys are deleted in the
    system.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Win
    dows "AppInit_DLLs". The user is prevented from running any executables and the following
    message is displayed upon attempted execution: After the FakeAlert has been left running for a
    period of time, it loads Internet Explorer and opens www.adu[Removed].com and displays a fake
    warning message. These are only a few of the system disruption changes that the malware
    performs, and it will leave the infected computer inoperable to perform even basic tasks.
    Removal instructions
    According to mcAfee use current engine and DAT files for detection and removal, modifications
    made to the system Registry and/or INI files for the purposes of hooking system startup, will be
    successfully removed if cleaning with the recommended engine and DAT combination (or
    higher).
    Conclusion
    This malware is designed to trick users into clicking on a fake Windows security alert balloon
    message, once user has clicked on balloon, the FakeAlert-AVSoft will silently install and run a
    virus scan on the system. The fake scan will indicated that it discovered viruses on your
    computer, but it is their scan that infected and gave you the virus that modifies computer registry.
    This malware is designed to infect your computer and trick you into purchasing their fake anti-
    virus product to clean your computer.

    Potrebbero piacerti anche