WHAT IS EMAIL BOMBARDMENT?

-
Image
An email bombing is an attack on your inbox that involves sending massive amounts of messages to it. Sometimes these messages are incomprehensible. But more often, they will be confirmation emails for newsletters and subscriptions. Thus, in the latter case, the attacker uses a script to search for forums and newsletters on the internet. Then they sign up for an account with your email address. Each will send you a confirmation email, asking you to confirm your address. Also, this process is repeated on as many unprotected sites as the script can find. The term Email Bombing or Email Bombing; it can also refer to flooding an email server with too many emails. In an attempt to overwhelm the server and disable it. But that's not the goal here; it would be a challenge to cut down on the modern email accounts used. Meanwhile, Google or Microsoft email servers, anyway. So instead of a denial of service (DOS) attack; against the email servers you are using. Also, the flood of messages
2 comments

What does an antivirus do to detect malware?

-

Antivirus is that tool that we constantly mention in our articles and security notices and whose functionality is essential to preserve the integrity of the information and the systems that manage it. However, until now, we have not discussed what it does, exactly, to protect our devices. In this article we will show you some details and characteristics of this basic cybersecurity tool.

What does an antivirus do?

An antivirus is a type of software whose main objective is to detect and block malicious actions on the computer, generated by any type of malware and, in the event of an infection, to eliminate it. Currently, this type of software is part of what are known as security tool suites that incorporate other functionalities: password managers, Wi-Fi network analyzers or blockers of malicious websites such as those used in phishing campaigns .


viruses being detected

Malware detection

Antiviruses incorporate a large number of functions. Today we are going to focus on how they detect malicious code. To do this, they mainly have two types of protection:

  • reactive, signature-based;
  • proactive or heuristic.

Signature database

The method, traditionally used by antivirus to detect malware , is based on signature databases (a way to identify malware ), generated by the manufacturer, also known as vaccines. The possible malicious file is checked against the database and if there is a match then it is malware .

Signature-based detection issues

The main problem with this type of analysis is that it will only detect those malware samples that have already been previously identified and for which a signature has been generated that is in the database. If it does not exist in the database that the user's antivirus has, the user will be exposed to the threat.

Another drawback is the delay between the identification, generation of the signature and updating of the database, this window of time leaves the user defenseless against the threat.

Finally, there are a lot of malicious files that are created on a daily basis, rendering the detection, exclusively based on signatures, obsolete.

Heuristics

As a complementary method to signature-based detection and to solve its deficiencies, proactive detection based on heuristics was designed. This malware detection method responds to many situations where signature-based detection does not arrive, such as:

  • The malware still does not have a signature;
  • The malware has been discovered but the company still has not reached the user.

Heuristics is considered one of the parts of artificial intelligence, designed under rules obtained from experience and a machine learning system that make this method better and more accurate over time.

The operation of heuristic algorithms bases their behavior on different criteria that will determine if a file is malicious , such as, for example, if the registry is modified or a remote connection is established with another device. Each of these criteria is assigned a score. If it exceeds a certain threshold, it will be considered a threat.

Types of heuristic algorithms

This type of proactive analysis can be carried out in different ways, although the three most common are:

  • Generic: this analysis compares the behavior of a certain file with respect to another already identified as malicious. If the analyzed file exceeds the similarity threshold, a variant of the first one will be considered malicious;
  • Passive: it analyzes the file individually, without making any comparison with another identified as malware , and tries to find out what it is doing, for example opening a port or connecting to an IP address. If the actions are considered dangerous, it will mark the sample as malicious;
  • Active: this runs the sample in a safe environment or sandbox that will determine its behavior and identify if it is malware or not.

Heuristic-based detection problems

The main problem with this type of detection is false positives. That is, an application, without any malicious purpose, is identified as malware . Heuristic algorithms usually have different levels of rigor. The more rigorous the analysis, the more likely it is that a false positive will occur and vice versa;

Another drawback of this scan is that the team's workload increases compared to signature-based scan, and the performance of other tools may be affected.

Importance of keeping antivirus updated

This is a recommendation that we always give and now you know why.

When an antivirus is up-to-date and the database with the signatures and heuristic algorithms are in their latest version, the protection will be the highest possible.

An outdated antivirus will not identify as many threats as an updated one, so the risk of infection is higher.

What detection method to choose?

Deciding solely on one detection method or another would be a mistake, since the advantages provided by the other would be lost .

The best thing is to have both analyzes enabled, since one covers the shortcomings of the other and thus the detection capacity is much greater.

Antivirus is one of the key pieces in preventing threats and give your device a total security, so keeping this tool active and up-to-date will prevent most of them. In addition, they currently have a multitude of tools that help improve the device's cybersecurity level considerably, be it a computer or a Smartphone , since these devices must also be protected. Install an antivirus and if you already have it, keep it updated to the latest version!

Comments

Post a Comment

Popular posts from this blog

WHAT IS EMAIL BOMBARDMENT?

-
Image
An email bombing is an attack on your inbox that involves sending massive amounts of messages to it. Sometimes these messages are incomprehensible. But more often, they will be confirmation emails for newsletters and subscriptions. Thus, in the latter case, the attacker uses a script to search for forums and newsletters on the internet. Then they sign up for an account with your email address. Each will send you a confirmation email, asking you to confirm your address. Also, this process is repeated on as many unprotected sites as the script can find. The term Email Bombing or Email Bombing; it can also refer to flooding an email server with too many emails. In an attempt to overwhelm the server and disable it. But that's not the goal here; it would be a challenge to cut down on the modern email accounts used. Meanwhile, Google or Microsoft email servers, anyway. So instead of a denial of service (DOS) attack; against the email servers you are using. Also, the flood of messages
Read more

TESTING THE ANTIVIRUS THAT YOU USE

-
Image
Have you ever wondered how antivirus is tested before it is available on the market? The truth is that, despite what you may think at first, these applications pass a series of tests that have the mission, obviously, of verifying their effectiveness. Well, for most IT security vendors these assessments are now out of date. Testing an antivirus before its launch is something that is done regularly. Thus, the AV Tests (name by which the aforementioned tests are known) allow users to choose which antivirus they want to install on their computers, knowing what their main characteristics are and what they protect against. So far everything normal. So what is the problem? Some manufacturers of security solutions have raised their voices against the fact that these tests are “not modernized”. In what sense? Some companies claim that, although the complexity of security applications has grown considerably in recent times, when conducting evaluations they do not test the new technologies w
Read more

BOOT SECTOR VIRUS

-
Image
Boot sector viruses are one of the oldest forms of computer viruses. They infect the boot sector or partition table of a hard drive so that they start the moment the computer is turned on. Here is everything you need to know about them and the threat they pose. It affects system with the hard drive. Mainly, PC-based computers are affected more frequently, although a Mac system may be affected as well. What is boot sector virus? A boot sector virus is not a specific virus, it is a particular way that viruses can affect your computer. A boot sector is a physical sector on your hard drive that is required to initiate the boot process and load your operating system. By placing a virus here, it means that the virus is activated every time you start your computer, even before your operating system starts to start. Often times, you won't even realize it's happening, making the threat even worse. How does the boot sector virus work? Each boot sector virus works differentl
Read more