Question

Answer the following questions.

6. Describe some worm countermeasures.

7. (bonus, 1pt) What is the difference between a “phishing” attack and a “spear-phishing” attack, particularly in terms of who the target may be? (no sentence limit).

Answer 1

6. Describe some worm countermeasures.

Answer:

A worm is form of Computer virus. These are malicious programs that replicate, run and spread themselves across a network of computers without any human interference. They target computers connected to a network (like internet) and execute themselves on the computers. A worm infected computer may not work properly and behave according to the instructions written in the malicious worm program.

Countermeasures to protect from worm:

1) Keep scanning your files and folders which are downloaded from the internet.

2) Scan all email attachments you received before opening.

3) Do not click on any suspicious links on unknown websites.

4) Do not install any software available freely on the internet whose author is not known.

5) Always keep an updated anti-virus program with a firewall in your computer.

6) Maintain a backup of all your data incase if your data is infected then you can have another copy.

7) Scan your computer regularly using an updated anti-virus program to detect any virus present in your files.

8) Do not use an infected computer until the virus is cleaned from it.

-----------------------------------------------------------------------------------------------------------------------------------------------

7) What is the difference between a “phishing” attack and a “spear-phishing” attack, particularly in terms of who the target may be?

Answer:

Phishing attack is an illegal way to acquire important information like usernames, passwords, bank account information, credit card details etc by sending dubious emails to hundreds of individuals. They do not target victims individually but send phishing emails to many people at a time. The attackers disguise themselves as a trustworthy person and acquire information from their victims by making them click on a website link or force them to send their bank details. For example, the victims receive an email from a shell company which says that they have won a big lottery and inorder to claim the reward, the victims needs to send some information. In this way they fall for the attacker and loose money by trusting the unknown person and follow his instructions.

On the other hand, a spear-phishing attack is targeted to a specific individual. Here the attacker pretends to know the victim very well. For example, the attacker behaves like a senior employee of the victim's organization who has the authority to command the victim to transfer funds into malicious companies. In a proper way, the attacker convinces the victim to follow his instructions and cheats later. The attackers performs a well research on their victim before carrying out the spear-phishing attack. They may use the victim's social media profiles on the internet inorder to obtain the victim's personal information. In this way, they can convince people to believe that they can trust the attacker.