Question

I. Malicious software can be classified by propagation method or payload. Explain the difference between the three common propagation methods: worm, virus and social engineering;

II. Explain the difference between a normal virus, a metamorphic virus and a polymorphic virus, including discussing how easy they are to detect by anti-virus software

Answer 1

The three common propagation methods are explained below:

• Virus: In this type of propagation, the malware takes the form of virus which infects other executable/interpreted files by inserting/attaching its code/content into them. This propagation method requires the host file to be transmitted to other systems.
• Worm: In this type of propagation, the malware takes the form of self-replicating worm which spreads to different systems on network on its own by exploiting software vulnerabilities.
• Social Engineering: This propagation method requires tricking the users of system to bypass the security mechanisms to download/install the malware. The malware usually is hidden under the guise of some useful software, application or tool.

The three forms of virus are:

• Normal Virus: A normal virus is a malware which infects other executable/interpreted files on the system by inserting/attaching its code/content to them. As the host file transmits to different systems on network, the virus also spreads infecting more files. A normal virus can be easily detected by a good antivirus software due to its consistent and known signature.
• Polymorphic virus: This is a type of virus which changes its "appearance" as it propagates. This makes them harder to be detected than normal virus as its signature is not consistent.
• The virus is able to change its appearance by encrupting its content using variable key encryption.
• Metamorphic Virus: This is a type of virus which can edit and rewrite its own code, changing its structure as it propagates. Unlike Polymorphic virus, they don't just change the appearance by encryption and don't require variable encryption key. They are considered more advanced than polymorphic virus and are even more harder to detect as their whole code structure changes frequently.

Hope this is helpful please please kindly upvote if helpful it helps me alot please

please kindly dont downvote

THANK YOU IN ADVANCE