ScholarQuill logoScholarQuillUniversity Notes
  • Notes
  • Past Papers
  • Blogs
  • Todo
Login
ScholarQuill logoScholarQuillUniversity Notes
Login
NotesPast PapersBlogsTodo
More
SubjectsDiscussionCGPA CalculatorGPA CalculatorStudent PortalCourse Outline
About
About usPrivacy PolicyReportContact
Notes
Past Papers
Blogs
Todo
Analytics
    Current Subject
    🧩
    Cyber Security
    ITEC3125
    Progress0 / 39 topics
    Topics
    1. Introduction: Fundamental Concepts of Security2. Types of Attacks3. Social Engineering Attacks4. Classification Traits of Malwares5. Circulation6. Infection7. Concealment8. Payload Capabilities9. Web Application Attacks: SQL Injection10. Web Application Attacks: Cross Site Scripting11. Security Management & Cryptography12. Client Side Attacks: Cookies13. Client Side Attacks: DoS14. Client Side Attacks: Man in the Middle15. Client Side Attacks: Replay16. Developing Security Policy17. Deploy and Manage Security Settings18. Security Through Design19. Security Through Anti Malware20. Fundamentals of Cryptography21. OSI Reference Model22. AES23. Standard Network Devices24. Network Security Hardware25. Firewalls26. Types of Firewalls27. Spam Filters28. Virtual Private Networks29. Intrusion Detection and Prevention Study30. DNS31. Network Security: Network Address Translation (NAT)32. Network Access Control (NAC)33. Network Protocols34. TCP/IP35. Wireless Network Security: Wireless Network Attacks36. Wireless Network Security: Types of Attacks37. Mobile Devices Security38. Cloud Security Challenges and Solution39. IoT Security Challenges
    ITEC3125›Infection
    Cyber SecurityTopic 6 of 39

    Infection

    8 minread
    1,428words
    Intermediatelevel

    Malware Infection: How It Occurs and Spreads

    A malware infection refers to the process by which malicious software infiltrates a system, network, or device, with the intention of carrying out harmful actions like stealing data, corrupting files, hijacking system resources, or causing widespread disruption. The infection process involves a series of stages, from delivery to execution, and often relies on exploiting system vulnerabilities, social engineering tactics, or user negligence.

    Understanding the stages and methods of malware infection is critical for both individuals and organizations to prevent and mitigate these attacks.

    1. Stages of Malware Infection

    The infection process typically involves several phases, each of which serves a specific purpose in ensuring the success of the malware's objective. Here are the main stages:

    a. Infection Vector / Delivery

    The infection vector refers to the method or medium used by malware to gain access to a target system. Malware can be delivered through various vectors, such as phishing emails, infected software, malicious websites, or compromised networks.

    • Common Infection Vectors:
      • Phishing emails: Fraudulent emails that include infected attachments or links to malicious websites.
      • Drive-by downloads: Infected websites that exploit vulnerabilities in browsers or plugins to download malware.
      • Malicious software downloads: Programs or files downloaded from untrustworthy sources, often disguised as legitimate software or updates.
      • USB devices: Infected USB drives or other removable storage devices that spread malware when plugged into a system.
      • Exploits: Malware delivered via vulnerabilities in operating systems or software applications, often using exploit kits.
      • Social engineering: Manipulative techniques like fake tech support or prize scams to trick users into downloading or installing malware.

    b. Installation

    Once the malware has been delivered to the target system, it proceeds to install itself. In this phase, the malware may:

    • Drop additional files or payloads that enable it to persist on the system.

    • Modify system files or configuration settings to ensure it starts automatically when the system boots.

    • Conceal itself using rootkits or stealth techniques to avoid detection by security software or system administrators.

    • Example: A Trojan might drop a backdoor that allows attackers to access the system remotely, while a ransomware infection could encrypt files at this stage.

    c. Execution

    In the execution stage, the malware becomes active and begins carrying out its intended actions. This could involve a variety of malicious activities depending on the type of malware:

    • Data theft: Stealing personal, financial, or corporate data (e.g., spyware or keyloggers).
    • System disruption: Corrupting, deleting, or altering files or system configurations (e.g., wiper malware or fileless malware).
    • Persistence mechanisms: The malware may establish persistence by creating new user accounts, modifying system registries, or disabling security measures to avoid detection or removal.
    • Spreading: Some malware (e.g., worms) will attempt to propagate further to other systems and devices on the network or internet, creating a more widespread infection.

    d. Exfiltration or Command & Control (C&C) Communication

    Malware often communicates with a Command & Control (C&C) server or an attacker’s infrastructure to receive instructions or exfiltrate data.

    • Exfiltration: The malware may collect sensitive information and send it back to the attacker’s server. This could include login credentials, financial data, intellectual property, or system information.

    • C&C Communication: Some malware connects to remote servers to receive additional commands (such as activating ransomware or downloading more malware), which can allow attackers to control or monitor infected systems.

    • Example: Botnets that are used for DDoS attacks communicate with a C&C server to receive commands to launch an attack.

    e. Damage or Goal Achievement

    The final stage of malware infection is where the attacker achieves their goal, whether that is monetary gain, disruption, espionage, or stealthy control. Depending on the malware type, this phase might include:

    • Encryption (for ransomware attacks).
    • Data exfiltration (for espionage or identity theft).
    • Resource hijacking (e.g., crypto-mining malware that uses system resources to mine cryptocurrency).
    • Destruction of files or data (as in the case of wiper malware).
    • Network infiltration or lateral movement (for attacks targeting broader network access).

    2. Types of Malware and Infection Mechanisms

    Different types of malware are designed to achieve different outcomes, but the infection process often shares similar characteristics. Below are common types of malware and how they typically infect systems:

    a. Virus

    • How It Infects: A virus attaches itself to a host file, typically an executable program or document. When the infected file is opened or executed, the virus is activated and starts to replicate.
    • Spread: It spreads by attaching to other files or programs and executing each time the infected program runs.

    b. Worm

    • How It Infects: A worm exploits vulnerabilities in the operating system or applications to spread itself. It does not need a host file but instead replicates independently and often scans networks for additional targets.
    • Spread: Worms spread rapidly across networks, including local area networks (LANs) or the internet, without requiring user intervention.

    c. Trojan Horse

    • How It Infects: A Trojan horse masquerades as legitimate software, tricking users into downloading and executing it. Once executed, it performs its malicious actions, such as stealing data or creating a backdoor for further attacks.
    • Spread: Trojans typically don’t self-replicate but can be spread via infected email attachments, malicious downloads, or through deceptive websites.

    d. Ransomware

    • How It Infects: Ransomware is often delivered via phishing emails, malicious links, or drive-by downloads. Once on the system, it encrypts files or locks the system and demands a ransom from the victim in exchange for decryption keys.
    • Spread: Ransomware can spread through networks or external devices if not contained, making it highly dangerous for organizations.

    e. Spyware

    • How It Infects: Spyware is typically bundled with seemingly legitimate software, and users unknowingly install it. It runs silently in the background, collecting sensitive information, such as browsing history, login credentials, or personal data.
    • Spread: It can spread through software downloads, adware, or compromised websites.

    f. Adware

    • How It Infects: Adware often comes packaged with free software, such as games or tools. When installed, it displays unwanted advertisements or tracks users’ browsing activities to serve targeted ads.
    • Spread: Adware spreads via download or via malicious pop-ups that trick users into installing it.

    g. Rootkits

    • How It Infects: A rootkit is designed to conceal the presence of malware or other malicious activities from security software and system administrators. It may exploit system vulnerabilities to gain root or administrator privileges.
    • Spread: Rootkits are typically installed after other malware has infected the system, allowing it to maintain control while avoiding detection.

    h. Keyloggers

    • How It Infects: Keyloggers are a form of spyware that record the keystrokes of users, capturing passwords, credit card details, or other sensitive information. They can be delivered through Trojans, malicious attachments, or infected software.
    • Spread: Keyloggers generally do not self-replicate but are distributed as part of other malware campaigns.

    i. Botnets

    • How It Infects: A botnet consists of a collection of compromised computers (called zombies) that are controlled remotely by the attacker. Malware is installed via Trojans, worms, or other infection vectors, which allow the attacker to control the compromised machines.
    • Spread: Botnets often spread through phishing, software vulnerabilities, or malicious email attachments.

    3. Methods of Evading Detection and Ensuring Persistence

    Malware authors often design their software to evade detection and ensure that the infection persists, even if security measures are in place.

    a. Rootkits

    • Rootkits are used to hide the existence of malicious files, processes, or activities from both users and security software. They are often installed early in the infection process and help the malware maintain control of the system without being detected.

    b. Polymorphism and Metamorphism

    • Polymorphic malware changes its code every time it infects a new system, making it difficult for signature-based antivirus programs to detect. Similarly, metamorphic malware completely rewrites its code to avoid detection by traditional security software.

    c. Fileless Malware

    • Fileless malware does not rely on files or executables to function. Instead, it resides in memory and uses legitimate system tools (e.g., PowerShell, WMI) to execute malicious commands, making it harder to detect by traditional antivirus programs.

    d. Code Injection

    • Code injection techniques involve inserting malicious code into a legitimate running process or application. This allows malware to execute its code without being detected as a separate malicious process.

    e. Persistence Mechanisms

    • Malware often installs persistence mechanisms to ensure it remains active after system reboots. These mechanisms include creating scheduled tasks, modifying registry entries, or adding itself to startup files to be executed automatically
    Previous topic 5
    Circulation
    Next topic 7
    Concealment

    Past Papers

    Open this section to load past papers

    Click on Show Past Papers to see past papers.
    On This Page
      Reading Stats
      Est. reading time8 min
      Word count1,428
      Code examples0
      DifficultyIntermediate