TICs
TICs
Bibliography
News
Practices
VIRUS AND ACTIVE SECURITY
Definitions
Malware (malicious software): blanket term that refers to a wide variety of software programs designed to
do damage or do other unwanted actions to a computer, server or computer network.
Virus: type of malware that attaches itself to other programmes, self-replicates, and spreads from one
computer to another. Computer virus can begin infecting your computer immediately, or it can wait for you
to unwittingly trigger it.
Spyware: type of malware that attaches itself and hides on a computer’s operating system. It can be used to
spy on your online activity and compile it.
Infect: instance where a malicious software is installed onto a computer or other device without a user's
knowledge.
Computer Worm: type of malicious software program that exploits vulnerabilities to to infect and spread by
making copies of itself. It can replicate. Unlike the virus, it can replicate without the need to attach itself to a
host program.
Trojans: type of malware that disguises itself as legitimate code or software. Once inside the network,
attackers can carry out any action that a legitimate user could perform, such as exporting files, modifying
data, deleting files, or otherwise altering the contents of the device. Unlike a virus or worm, Trojan malware
cannot replicate itself or self-execute. It requires specific and deliberate action from the user.
Ransomware: type of malware that can encrypt important files on your PC, making them inaccessible until a
sum of money (a ransom) is paid.
Types of viruses
Direct action virus: most common type, it enters your computer, causes chaos and deletes itself.
Boot sector virus: it sneaks into your boot sector and infects your memory right away. Traditionally spread
through hardware.
Resident virus: stores itself within memory, allowing it to infect other files even when the originally infected
program is no longer running.
Multipartite virus: infects both your files and your boot sector moreover, it can hide in either of them.
Brutal.
Polymorphic virus: hides by changing shape: as they replicate, their clones are all slightly different, which
helps to avoid detection.
Macro virus: it is written in the same macro language that is used for software applications. These viruses
infect applications such as Microsoft Word or Excel. Macro viruses attach to an application’s initialization
sequence.
Phases
Dormant phase: the virus is hidden on your system, lying in wait.
Propagation phase (viral stage): the virus begins to self-replicate, stashing copies of itself in files, programs,
or other parts of your disk. The clones may be slightly altered to avoid detection, and these copies will also
self-replicate, creating more clones that continue to copy and spread.
Triggering phase: A specific action is generally required to trigger or activate the virus. This could be a user
action, like clicking an icon or opening an app. Other viruses are programmed to come to life after a certain
amount of time. A trigger might be a minimum of self-replications, such as 100.
Execution phase: Now the virus´s program is executed and releases its payload, the malicious code that is
designed to harm or negatively affect the targeted device.
Active security
How to spot the virus
Symptoms:
Device is slowing down.
Unexpected Pop-ups.
Deleted or corrupted files
Crashing or freezing apps.
Issues when connecting to the internet.
If you recognise these symptoms, you should check if your device has been infected. In Windows, in order to run a
quick test which locates any possible threat you have to: go to settings, go into “Privacy and Security” and click on
“Protection against Virus and Threats”, once you are in there you can run a quick test, a complete test or other
options. Furthermore, in “Protection against Virus and Threats” you can check the last quick test that was
automatically made by your device.
Definitions
Anti-malware: comprehensive solutions that maintain computer security and protect sensitive data that is
transmitted by a network or stored on local devices, including anti-spyware and phishing tools, as well as
antivirus solutions for prominent viruses, which are isolated and identified by security resources.
Antivirus: software that is created specifically to help detect, prevent, and remove viruses or other malware.
Cloud security scanners: tools that help companies discover any flaws and loopholes within the cloud
platform they make use of for data storage and transmission.
Firewall protection: software or dedicated hardware-software unit that restricts internet traffic into, out of,
or within a private network to help prevent malicious activity and to prevent anyone from engaging in
unauthorized web activities.
Ransomware Shield: software that secures your personal photos, documents, and other files from being
modified, deleted, or encrypted by ransomware attacks.
UEFI Scanner: intelligence system that detect threats with the potential to launch before the operating
system boots up.
Exploits blocker: program that protects your device from having a weakness exploited, causing accidental
conduct or acquiring unapproved admittance to delicate detail.
Email security: the techniques to safeguard individuals' and businesses' personal sensitive information
against malware, phishing, or spoofing.
Antivirus vs Anti-malware
Antivirus’ main function is to prevent the entry of viruses, while anti-malware software works more specifically with
the malware that's already inside, it scans your device looking for malicious files and software that shouldn't be
there. If it detects something, it deletes it.
Functioning
1. Check your computer programs and files against a database of known types of malware or unknown types of
malware threats, using three different detection devices:
ESET NOD32 Antivirus: this software is compatible with Windows operating system and can support up to
five devices at a time. It comes with a ransomware shield, UEFI scanner, exploits blocker, and cloud security
scanning.
Trend Micro Antivirus+ Security: this software is compatible with Windows operating systems. This antivirus
software comes with ransomware protection, email scam safeguard, and pay guard.
Take special care on social media. Never open files without checking their source.
Close websites when the browser tells you they’re not secure.
Do not accept files from people you don’t know.
Back up your files regularly.
Bibliography
https://www.santander.com/en/stories/how-to-avoid-computer-viruses
https://www.crowdstrike.com/cybersecurity-101/malware/malware-vs-virus/
https://www.tristartechsolutions.co.uk/the-importance-of-antivirus-and-virus-protection/
https://www.techopedia.com/definition/5416/anti-virus-software
https://www.redeszone.net/tutoriales/seguridad/que-es-antivirus-antimalware/
https://www.getastra.com/blog/security-audit/cloud-security-scanner/
https://www.kaspersky.com/resource-center/definitions/firewall
https://www.wallarm.com/what/what-is-exploit
https://www.mailmodo.com/guides/email-security/
What Is a Computer Virus? | Computer Virus Definition | Avast
https://www.verizon.com/articles/internet-essentials/antivirus-definition/
https://intellipaat.com/blog/what-is-antivirus-software/
https://www.techtarget.com/searchmobilecomputing/opinion/How-mobile-antivirus-software-works-and-how-to-
know-if-you-need-it
https://everphone.com/en/blog/phone-virus-protection/
https://www.ncsc.gov.uk/blog-post/av-or-not-av
Virus & threat protection in Windows Security - Microsoft Support
What is Infect? (computerhope.com)
Macro Virus - CyberMaterial
What to do if your PC has a virus | TechRadar
How to Boot Into Safe Mode on Windows 11 (howtogeek.com)
Most Common 10 Symptoms of Computer Viruses - Cyber Threat & Security Portal (cyberthreatportal.com)
News
https://www.firstpost.com/tech/news-analysis/destructive-computer-virus-shamoon-used-in-cyber-attack-on-saudi-
arabia-two-weeks-ago-3693511.html