Malware Threats and Distribution Techniques

Questions and Answers

Malware can be distributed through social engineered click-jacking.

True

A Trojan horse can only delete files on a computer.

False

Drive-by downloads exploit flaws in browser software to install malware.

True

Adware is a type of malware that typically only delivers advertisements to users.

True

Compromised legitimate websites are a method used by hackers to distribute malware.

True

A wrapper binds a Trojan executable with a visible .EXE application.

True

A Botnet Trojan infects a single computer to control it for various attacks.

False

A Command Shell Trojan allows an attacker to gain remote control of a victim's command shell.

True

Changing a Trojan's syntax can help it evade detection by antivirus software.

True

Viruses are non-replicating programs that do not attach themselves to other software.

False

A computer worm can replicate itself but cannot attach to other programs.

True

Computer viruses can be detected using signature detection methods.

False

One reason people create computer viruses is for financial benefits.

True

Users can prevent infections by installing pirated software.

False

The stages of a virus life include design, replication, launch, detection, incorporation, and elimination.

True

A worm requires human interaction to spread across networks.

False

Antivirus software developers assimilate defenses against viruses during the elimination phase.

False

Opening infected email attachments can lead to viral infections.

True

Computer viruses use self-replication as a method of spreading.

False

A key difference between a virus and a worm is that a worm spreads automatically without attaching to other programs.

True

Sniffing is a method used to capture data packets over a network.

True

Passive sniffing sends additional data packets to capture traffic.

False

Active sniffing is primarily used in switch-based networks.

True

In a hub-based network, only the host sending the data can capture the traffic.

False

MAC flooding is a technique used in active sniffing.

True

A hacker can extract passwords from redirected traffic.

True

Protocols like HTTPS are vulnerable to sniffing.

False

Sniffers operate at the Data Link layer of the OSI model.

True

A hardware protocol analyzer alters the traffic it captures.

False

Passwords and data sent in clear text are not susceptible to interception.

False

Active wiretapping involves monitoring, recording, and altering communication traffic.

True

Lawful interception requires consent from all parties involved in the communication.

False

Wiretapping is considered a criminal offense without a warrant in most countries.

True

PRISM is a tool designed specifically for domestic surveillance within the United States.

False

A protocol analyzer allows attackers to view individual data bytes of data packets.

True

Passive wiretapping can alter the traffic it monitors.

False

The Keysight N2X N5540A is a type of protocol analyzer.

True

The Access Switch/Tap is not part of the lawful interception process.

False

Wiretapping requires the use of complex algorithms for basic monitoring tasks.

False

The NSA utilizes PRISM to wiretap foreign internet traffic that passes through U.S. servers.

True

In an offline attack, the attacker tries to crack passwords on their own system after copying the target's password file.

True

A brute forcing attack attempts to guess a password using predefined dictionary words.

False

Default passwords are typically supplied by the manufacturer with new equipment.

True

A keylogger sends back user credentials to the attacker after infecting the victim's machine.

True

Password guessing attacks have a high failure rate because the attacker guesses randomly.

True

A rainbow table is used to capture sensitive information like passwords from raw network traffic.

False

In a replay attack, attackers capture packets and authentication tokens to gain access to a system.

True

Enabling information security audit can help monitor and track password attacks.

True

The passive online attack known as Wire Sniffing is computationally complex and hard to perpetrate.

False

Attacks that utilize cleartext protocols are more secure than those using strong encryption.

False

Using a random string as a prefix or suffix with the password enhances security before encrypting it.

True

Vertical privilege escalation involves acquiring the same level of privileges as another user.

False

Implementing multi-factor authentication can help defend against privilege escalation.

True

Locking out an account after too many incorrect password guesses can prevent brute force attacks.

True

Malicious applications executed during the attack phase are used to gather information and maintain access.

True

Password cracking techniques are used to recover passwords from computer systems.

True

Active online attacks involve the attacker communicating indirectly with the victim machine.

False

Shoulder surfing is a type of non-electronic password attack.

True

Trojans can only be used for deleting files on a computer.

False

Hiding files is a significant goal during the system hacking stage.

True

Study Notes

Malware Threats

• Malware is malicious software designed to damage or disable computer systems, granting the creator limited or full control for theft or fraud.
• Examples of malware include Trojan Horses, viruses, backdoors, worms, rootkits, spyware, ransomware, botnets, adware, and crypters.

Ways Malware Enters Systems

• Instant messaging applications (IRC, etc.)
• Browser and email software bugs
• Removable devices
• Attachments
• Legitimate "shrink-wrapped" software (disgruntled employee)
• NetBIOS (FileSharing)
• Fake programs
• Untrusted sites and freeware
• Downloading files, games, and screensavers from Internet sites

Malware Distribution Techniques

• Blackhat SEO: Ranking malware pages highly in search results.
• Social Engineering (Clickjacking): Tricking users into clicking on innocent-looking webpages.
• Malvertising: Embedding malware in ad networks displayed across many legitimate sites.
• Spearphishing Sites: Mimicking legitimate institutions to steal login credentials.
• Compromised Legitimate Websites: Hosting embedded malware that spreads to visitors.
• Drive-by Downloads: Exploiting browser flaws to install malware by visiting a webpage.

How Hackers Use Trojans

• Delete or replace critical operating system files.
• Disable firewalls and antivirus.
• Generate fake traffic to create DDoS attacks.
• Record screenshots, audio, and video of victim's PC.
• Use victim's PC for spamming, blasting email messages, and downloading malicious files.
• Create backdoors to gain remote access.
• Infect victim's PC as a proxy server for relaying attacks.
• Use victim's PC as a botnet to perform DDoS attacks.
• Steal information like passwords, security codes, credit cards using keyloggers.

How to Infect Systems Using a Trojan (Steps)

• Create a new Trojan packet using a Trojan Horse Construction Kit.
• Create a dropper, which installs malicious code on the target system.
• Create a wrapper using wrapper tools to install Trojan on the victim's computer.
• Propagate the Trojan.
• Execute the dropper.
• Execute the damage routine.

Wrappers

• Bind a Trojan executable with an innocent-looking .EXE application, like games or office programs.
• Installation happens in the background while the application runs in the foreground.
• Two programs are wrapped into a single file.
• Attackers might send a birthday greeting that installs a Trojan.

Command Shell Trojans

• Give remote control of a command shell.
• Trojan server installed on the victim's machine opens a port for attacker connection.
• The attacker's client machine launches a command shell on the victim's machine.

Remote Access Trojans (RATs)

• Trojan works like a remote desktop access program.
• Hacker gains complete GUI access to the remote system.
• An attacker can control the infected computer remotely.

Botnet Trojans

• Infect a large number of computers geographically to create a network of controllable "bots" (Command and Control Center).
• Botnet is used to launch various attacks like denial-of-service attacks, spamming, click fraud, and theft of financial information.

Evading Anti-Virus Techniques

• Break the Trojan file into multiple pieces and zip them as a single file.
• Write your own Trojan and embed it in an application.
• Change Trojan's syntax (e.g., convert EXE to VB script, change extensions).
• Change content using a hex editor, alter checksum, and encrypt the file.
• Never use Trojans downloaded from the web.

Introduction to Viruses

• Self-replicating programs that spread by attaching to programs, boot sectors, or documents.
• Typically spread via downloads, infected drives, or email attachments.
• Virus Characteristics: Infects other programs, alters data, transforms itself, corrupts files, and encrypts or replicates itself.

Stages of Virus Life Cycle

• Design (developing the virus code).
• Replication (virus replicates in the system).
• Launch (virus gets activated, runs the infected program).
• Detection (the virus is identified as a threat).
• Incorporation (antivirus software developers create defenses against the virus).
• Elimination (users install antivirus software to remove virus threats).

Why People Create Computer Viruses

• Inflict damage to competitors
• Financial benefits
• Research projects
• Play pranks
• Vandalism
• Distribute political messages
• Cyberterrorism

How a Computer Gets Infected by Viruses

• Accepting files/downloads without checking the source.

Encryption Viruses

• Encipher the code with a different key for each affected file.
• Difficult for antivirus scanners to directly detect due to encryption.

Computer Worms

• Malicious programs that replicate, execute, and spread across networks independently.
• Created to replicate and spread across a network; some carry payloads to damage the system.
• Attackers use worms to install backdoors (turning computers into zombies), creating botnets for further attacks.

Worms vs. Viruses

• Worms replicate independently, spreading through networks.
• Worms don't need to attach themselves to another program, while viruses do.

Anti-Virus Sensor Systems

• Collection of software detecting and analyzing malicious code threats (viruses, worms, Trojans).

How to Detect Trojans

• Scan for suspicious open ports, running processes, files/folders, registry entries, network activities, device drivers and Windows services.
• Use Trojan scanners.

Trojan Countermeasures

• Avoid opening email attachments from unknown senders.
• Install operating system and application patches/updates.
• Block unnecessary ports using a firewall.
• Avoid accepting programs from instant messaging.
• Harden default configuration settings.
• Monitor internal network traffic.
• Scan CDs/DVDs with antivirus software.
• Restrict permissions in the desktop and avoid blindly installing programs.
• Maintain local workstation file integrity.
• Avoid downloading from untrusted sources.
• Use host-based AV, firewall, and intrusion detection software.

Backdoor Countermeasures

• Use commercial antivirus (scans and detects backdoor programs).
• Educate users not to install apps from untrusted sources and attachments.
• Use anti-virus tools (e.g., McAfee, Norton).

Virus and Worm Countermeasures

• Install anti-virus software to prevent and remove infections.
• Be attentive when downloading and pay attention to instructions.
• Avoid opening unknown sender attachments.
• Create an antivirus policy.
• Update the anti-virus software regularly.
• Back up data regularly as viruses can corrupt it.
• Don't accept disks or programs without proper checking.
• Use currently updated anti-virus software.

Virus and Worms Countermeasures (Continued)

• Ensure executable codes sent to organization is approved.
• Avoid booting with infected bootable disks.
• Know about the latest virus threats.
• Check DVDs/CDs for virus infections.
• Use pop-up blockers and internet firewalls.
• Run disk cleanup, registry scanner, and defragmentation.
• Turn on firewall if using Windows XP.
• Run anti-spyware/adware.
• Don't open files with multiple extensions.
• Be cautious about files transmitted via instant messaging.

Anti-Virus Tools

• (A list of common anti-virus tools is) included.

Description

This quiz covers various types of malware, including Trojan Horses and ransomware, as well as the methods through which malware can infiltrate systems. Understand how malware is distributed via techniques like Blackhat SEO and social engineering. Test your knowledge on security and protection against these threats.