Using suitable examples, differentiate between the launch and evade actions of

Question

Using suitable examples, differentiate between the launch and evade actions of 
malware. Your answer must give the types of malware as examples and use the 
examples to show the difference between the two actions

GPT 3.5 · Answer

The launch and evade actions are distinct behaviors exhibited by malware with different purposes and outcomes. Here are examples to illustrate the differences between these actions:

1. Launch action:
The launch action refers to the initial execution of the malware on the target system. This involves the activation or installation of the malicious code, allowing it to carry out its intended tasks. Malware designed to launch itself can include:

a) Viruses: Viruses attach themselves to legitimate files or programs and execute when the infected file or program is opened. For example, the "Melissa" virus in 1999 spread via email attachments, replicating itself and causing significant disruptions.

b) Worms: Worms are self-replicating malware that can spread autonomously across networks without user interaction. An example is the "Conficker" worm, which exploited vulnerabilities in Windows operating systems to rapidly infect and control millions of computers in 2008.

2. Evade action:
The evade action refers to the attempts made by malware to avoid being detected, removed, or countered by security mechanisms or defenses. These evasion techniques aim to prolong the malware's lifespan and effectiveness. Malware that employ evasion tactics can include:

a) Rootkits: Rootkits aim to hide the presence of malware by modifying or replacing core system components. They can tamper with the operating system to give the malware administrative privileges, making it tough to detect or remove. The "Sony BMG Copy Protection rootkit" in 2005, installed on music CDs, evaded detection by hiding its files and processes.

b) Polymorphic malware: Polymorphic malware alters its code structure or characteristics with each infection instance to avoid signature-based detection methods. This constantly changing behavior makes it challenging for antivirus software to identify and block it. The "Storm Worm" in 2007 was a polymorphic malware that adapted its structure to evade detection and deliver spam emails.

In summary, the launch action refers to the initiation of malware on a system, while the evade action involves the techniques the malware employs to avoid detection or removal. Understanding these distinctions is crucial for developing effective security measures to detect, counter, and mitigate the impact of malware attacks.