Difference between pages "QCOW Image Format" and "Malware"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
(Exploit Kit)
 
Line 1: Line 1:
[[QEMU]] uses the '''QEMU Copy-On-Write (QCOW)''' files to store a disk image.
+
'''Malware''' is a short version of '''Malicious Software'''.
  
== MIME types ==
+
Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.
  
== File signature ==
+
== Virus ==
QCOW files start with hexadecimal: 0x51 0x46 0x49 0xfb (ASCII: "QFI.")
+
A computer program that can automatically copy itself and infect a computer.
  
== File types ==
+
== Worm ==
Currently there two are versions of the QCOW format; version 1 and 2. Version 2 is the preferred format.
+
A self-replicating computer program that can automatically infect computers on a network.
  
== Contents ==
+
== Trojan horse ==
The QCOW format is used to store storage media data, e.g. disk images.
+
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
  
The QCOW image file consists of:
+
== Spyware ==
* the file header
+
A computer program that can automatically intercept or take partial control over the user's interaction.
* the L1 table (cluster aligned)
+
* the reference count table (cluster aligned)
+
* reference count blocks
+
* snapshot headers (8-byte aligned on cluster boundary)
+
* clusters containing:
+
** L2 tables
+
** storage media data
+
  
The clusters are 512 bytes of size
+
== Exploit Kit ==
 +
A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits]. Often utilizing a drive-by-download.
  
== Encryption ==
+
=== Drive-by-download ===
The QCOW2 format supports optional AES encryption
+
Any download that happens without a person's knowledge [http://en.wikipedia.org/wiki/Drive-by_download].
  
 
== See Also ==
 
== See Also ==
* [[Disk Images]]
 
  
 
== External Links ==
 
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Malware Wikipedia entry on malware]
 +
* [http://en.wikipedia.org/wiki/Drive-by_download Wikipedia drive-by-download]
 +
* [http://www.viruslist.com/ Viruslist.com]
 +
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
  
* [http://people.gnome.org/~markmc/qcow-image-format-version-1.html The QCOW Image Format], by [[Mark McLoughlin]], June 2006
+
=== Exploit Kit ===
* [http://people.gnome.org/~markmc/qcow-image-format.html The QCOW2 Image Format], by [[Mark McLoughlin]], September 2008
+
* [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits What Are Exploit Kits?], by [[Lenny Zeltser]], October 26, 2010
* [https://googledrive.com/host/0B3fBvzttpiiSSzlxcHFxRC0zYTA/QEMU%20Copy-On-Write%20file%20format.pdf QEMU Copy-On-Write file format], by the [[libqcow|libqcow project]], December 2010
+
* [http://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/ The four seasons of Glazunov: digging further into Sibhost and Flimkit], by Fraser Howard, July 2, 2013
  
[[Category:File Formats]]
+
[[Category:Malware]]

Revision as of 02:05, 21 October 2013

Malware is a short version of Malicious Software.

Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.

Virus

A computer program that can automatically copy itself and infect a computer.

Worm

A self-replicating computer program that can automatically infect computers on a network.

Trojan horse

A computer program which appears to perform a certain action, but actually performs many different forms of codes.

Spyware

A computer program that can automatically intercept or take partial control over the user's interaction.

Exploit Kit

A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [1]. Often utilizing a drive-by-download.

Drive-by-download

Any download that happens without a person's knowledge [2].

See Also

External Links

Exploit Kit