什麼是:惡意軟件

From Information Security Terms
Revision as of 07:35, 14 April 2020 by 8TG1K2 admin (talk | contribs) (Created page with "=== 根套件 === Rootkit是一種惡意程序,它通過對受感染系統的低級修改來隱藏其存在。 Rootkit可以阻止其可執行進程出現在系統進程列...")
Jump to navigation Jump to search
Other languages:
Bahasa Indonesia • ‎Bahasa Melayu • ‎Deutsch • ‎English • ‎Tiếng Việt • ‎Türkçe • ‎español • ‎français • ‎italiano • ‎português • ‎русский • ‎العربية • ‎فارسی • ‎हिन्दी • ‎中文 • ‎日本語 • ‎한국어

什麼是:惡意軟體

惡意軟體-是幾種類型的軟體的通用名稱,旨在獲得對計算設備(計算機,智慧型手機等)或網絡的未經授權的訪問和/或故意傷害這些設備的用戶。 因此,取決於軟體的使用目的,而不是取決於該軟體所基於的特定方法論或技術,將軟體定義為惡意軟體。

使用目的

創建第一個惡意軟體程序是為了實驗還是為了娛樂。如今,惡意軟體最常用於竊取與財務,個人或企業相關的信息。惡意軟體既可以用於組織攻擊(滲透到本地網絡),也可以用於國家/地區,還可以用於竊取有關個人的特定信息(盜竊銀行數據,訪問各種服務的詳細信息等)。

當前大多數現有的病毒和蠕蟲都旨在控制受攻擊的設備(計算機,智慧型手機等)。此後,受監控的設備可用於發送垃圾郵件,存儲非法信息(例如兒童色情內容)或進行其他類型的攻擊。

惡意軟體分類

某些惡意軟體產品可能同時屬於幾種類型。這種程序通常具有木馬和蠕蟲的特徵,有時還具有病毒的特徵。通常,惡意程序會以特洛伊木馬程序的形式交付給最終用戶,但是在啟動後,它會在用戶的設備上進行自我修復並感染其他程序的可執行文件,即像病毒一樣;它還可以通過網絡攻擊其他設備,即像蠕蟲一樣。

病毒

計算機病毒是隱藏在其他軟體中的程序,通常有用或無害。病毒能夠創建自己的副本並將其插入其他程序的可執行文件中。病毒通常執行某些惡意操作-例如,數據盜竊或破壞。

蠕蟲

計算機(網絡)蠕蟲是一種軟體,可通過計算機網絡將自身複製到其他計算機以進行分發。通常,使用操作系統或網絡設置中的空白。

間諜軟體

間諜軟體 是一種軟體,其目的是從計算機系統中竊取第三方的私人信息。間諜軟體會收集信息並將其發送給攻擊者。

特洛伊木馬

特洛伊木馬(或簡稱為「特洛伊木馬」)是一種惡意程序,偽裝成常規的有用程序或說服受害者安裝的應用程序。特洛伊木馬通常會攜帶隱藏的破壞性功能,該功能會在裝有特洛伊木馬的應用程序啟動時啟動。該術語源自古希臘的一個關於特洛伊木馬的秘密故事,該木馬曾秘密地入侵特洛伊市。 與計算機病毒和蠕蟲不同,特洛伊木馬通常不嘗試將自己嵌入其他文件或以其他方式傳播。

邏輯炸彈

邏輯炸彈是一種惡意程序,它使用觸發器來激活惡意代碼。在觸發事件發生之前,邏輯炸彈不起作用。邏輯炸彈一經發射,就會注入惡意代碼,從而危害計算機。網絡安全專家最近發現了邏輯炸彈,它們攻擊並摧毀工作站或服務器上的設備組件,包括冷卻風扇,硬盤驅動器和電源。邏輯炸彈會使這些設備過載,直到它們過熱或發生故障。

勒索軟體

屏幕阻止程序是一種偽警察程序,可將設備鎖定在屏幕上,並通知用戶表面上指控他或她被指控收集非法內容,試圖嚇victim受害者並令其支付「罰款」。

根套件

Rootkit是一種惡意程序,它通過對受感染系統的低級修改來隱藏其存在。 Rootkit可以阻止其可執行進程出現在系統進程列表中或阻止其文件讀取。

Backdoors

A backdoor is a malicious program that provides access to the infected device by means of bypassing normal authentication procedures, usually through a network connection. After a system (computer or subnet) is hacked, a backdoor can be installed to provide access to the hacked system in the future, invisibly to its user.

Adware

Adware is a type of malware that redirects your browser to an advertising web page without your consent. Often these pages try to download other malware. As cyber security experts say, adware is often found in so-called free programs, such as games or browser extensions.

Cryptojacking

Cryptojacking is malware that uses power of your device (e.g. computer) to mine cryptocurrencies without your knowledge. Such mining software may run in the background on your operating system or even like JavaScript in a browser window.

Malvertising (Malicious Advertising)

Malicious advertising is using legitimate advertisements or ad networks to deliver malware. For example, a cybercriminal may pay for placing an advertisement on some website. When a user clicks on this ad, the code in the ad either redirects the user to a malicious website or installs malware on the victim's computer. In some cases, malware embedded in such ads can run automatically without any user’s action - this method is called "boot from disk".

Methods of Infection

Security Gaps in Software

Malicious software may use security flaws (vulnerabilities) in the operating system, individual applications, or application extensions (plug-ins). A common method of infection is to exploit the buffer overflow vulnerability.

Overly privileged users and overly privileged code

In computer systems, different users and programs have different privileges as to how they can influence the system. In poorly designed systems, users and programs can be given too high privileges without explicit need for it, and malicious software can take advantage of this.

Insecure system settings or user errors

Insecure settings include, for example, ability to autoload from removable media (USB, CD, DVD, etc.). User errors are actions of the device user, which lead to infection. Most often, these actions include launching programs of dubious or obviously dangerous origin (cracks and keygens for paid software, opening email attachments, etc.) without checking them first.