Malware Threats and Distribution Techniques

Questions and Answers

What is the primary purpose of malware?

To enhance user experience

To provide software updates

To damage or disable computer systems (correct)

To improve system performance

Which method is NOT commonly used to distribute malware?

Downloading games from the Internet

Using blackhat SEO techniques

Visiting compromised legitimate websites

Sending unencrypted emails (correct)

What is one of the functions of a Trojan in a cyber attack?

Creating backdoors for remote access (correct)

Creating legitimate software updates

Enhancing antivirus capabilities

Blocking users from malware sites

Which of the following is a type of malware?

Worm

How can malware installations occur through drive-by downloads?

By exploiting browser software flaws

What is the primary function of a wrapper when used with a Trojan executable?

To bind the Trojan with an innocent application

Which of these is a characteristic of a Remote Access Trojan?

Provides the attacker with complete GUI access

What technique can be used to evade anti-virus detection?

Changing the .EXE extension to obscure formats

What do Botnet Trojans primarily accomplish?

Create a network of controlled computers for various attacks

What defines a computer virus?

A self-replicating program that attaches to other programs

What is one characteristic of a computer virus?

Self-replication

What is the first stage of a virus's life cycle?

Design

Which of the following is a reason people create computer viruses?

Cyber terrorism

How can a computer become infected by a virus?

By accepting files without proper checks

Which type of virus can encrypt its code?

Encryption viruses

What distinguishes a worm from a virus?

Worms self-replicate across networks

During which stage does antivirus software assimilate defenses against a virus?

Incorporation

What happens during the launch stage of a virus's life?

User actions activate the virus

How do attackers use worm payloads?

To install backdoors in infected systems

What is a common misconception about how viruses function?

They can operate without a host

What is the process of capturing and monitoring data packets in a network called?

Sniffing

Which sniffing method involves injecting packets into the network to manipulate the switch’s CAM table?

Active Sniffing

What mode must a network interface card (NIC) be set to in order to capture all data on a segment?

Promiscuous Mode

Which of the following is NOT classified as a technique of active sniffing?

Traffic Analysis

What is a common issue due to open switch ports in enterprises?

Unmonitored access to the network

What is the primary function of wiretapping?

To monitor and record conversations.

Which of the following is a type of wiretapping that involves altering data traffic?

Active Wiretapping

Which hardware protocol analyzer is NOT listed in the provided content?

Cisco Packet Tracer

What must typically exist for lawful interception to take place?

Court order or request

Which tool is specifically designed to collect and process foreign intelligence data passing through American servers?

PRISM

What type of information does passive wiretapping primarily focus on?

Monitoring and recording data traffic.

What is a potential consequence of wiretapping without consent?

Criminal offense in most countries.

Which component is involved in lawful interception for accessing intercepted data?

Access Switch/Tap

What role do service providers play in lawful interception?

They set an access switch/tap on exchange routers.

Which type of wiretapping strictly observes data without altering it?

Passive Wiretapping

Which of the following protocols is NOT vulnerable to sniffing?

SSH

What is the function of a hardware protocol analyzer?

To capture and analyze signals without modifying data

At which layer of the OSI model do sniffers primarily operate?

Data Link layer

Which of the following types of data is most at risk during sniffing attacks?

Passwords and sensitive information

Why might upper layers of the OSI model remain unaware of sniffing occurring at the Data Link layer?

Upper layers are designed to work independently.

What is the primary goal when performing password cracking techniques?

To bypass access controls

Which of the following is considered a non-electronic attack for password cracking?

Shoulder Surfing

Which technique is used to execute applications once access to the system has been gained?

Trojans

What type of attack involves the attacker communicating directly with the victim machine?

Active Online Attack

What technique is primarily used to hide evidence of a hacker's activities?

Clearing Logs

What is a dictionary attack primarily based on?

User account information and a list of potential passwords

Which of the following options best describes a brute forcing attack?

Trying every possible combination of characters

How does a Trojan/Spyware/Keylogger attack typically operate?

By running in the background to capture user credentials

What is a significant characteristic of password guessing attacks?

They have a low success rate and are conducted with automated tools.

What type of password is primarily targeted in default password attacks?

Manufacturer-supplied passwords for new devices

What is the primary method used by attackers in a rainbow table attack?

Precomputing and using a hash value table

What is a key characteristic of a Replay Attack?

It uses previously captured authentication tokens

Which of the following is NOT a recommended defense against password cracking?

Using system default passwords

Which technique is used to monitor network traffic in a passive online attack?

Packet Sniffing

What must an attacker ensure in order to effectively execute a Man-in-the-Middle (MITM) attack?

Trust from one or both communication sides

What is vertical privilege escalation?

Gaining higher privileges than the existing ones

Which method can be employed to defend against privilege escalation attacks?

Implement multi-factor authentication

What should be avoided when creating passwords?

Incorporating personal information like names or birthdays

What occurs during the phase referred to as 'owning' the system?

Executing malicious programs remotely on the victim's machine

What action should be taken when an account has too many incorrect password guesses?

Lock the account temporarily

Study Notes

Malware Threats

• Malware is malicious software that damages or disables computer systems, granting limited or complete control to the creator for theft or fraud.
• Examples of malware include Trojan Horses, viruses, backdoors, worms, rootkits, spyware, ransomware, botnets, adware, and crypters.

Ways Malware Enters a System

• Instant messenger applications (IRC, etc.)
• Browser and email software bugs
• Removable devices
• Attachments
• Legitimate "shrink-wrapped" software (planted by disgruntled employees)
• NetBIOS (File Sharing)
• Fake programs
• Untrusted sites and freeware
• Downloading files, games, and screensavers from the internet.

Common Malware Distribution Techniques

• Blackhat SEO: Ranking malware pages highly in search results.
• Social Engineering: Tricking users into clicking malicious links or downloads.
• Clickjacking: Tricking users into clicking innocent-looking links or webpages that trigger malware installation.
• Malvertising: Embedding malware within ad networks.
• Spearphishing: Mimicking legitimate institutions to steal login credentials.
• Compromised Legitimate Websites: Hiding malware on legitimate websites to infect visitors.
• Drive-by Downloads: Exploiting vulnerabilities in browser software to install malware simply by visiting a webpage.

How Hackers Use Trojans

• Deleting or replacing critical operating system files.
• Disabling firewalls and antivirus software.
• Generating fake traffic to trigger DOS attacks.
• Recording screenshots, audio, and video of the victim's PC.
• Using the victim's PC for spamming and sending emails.
• Downloading spyware, adware, and malicious files.
• Creating backdoors for remote access.
• Infecting as a proxy server for relaying attacks.
• Using the victim's PC as a botnet to execute DDoS attacks.
• Stealing information like passwords, security codes, and financial details using keyloggers.

How to Infect Systems Using a Trojan

• Create a new Trojan packet using a Trojan Horse Construction Kit.
• Create a dropper, which installs the malicious code on the target system.
• Create a wrapper using wrapper tools to install the Trojan on the victim's computer.
• Propagate the Trojan.
• Execute the dropper.
• Execute the damage routine.

Wrappers

• Bind a Trojan executable to an innocent-looking application (games or office apps).
• After execution, first install the Trojan in the background and then run the wrapping application in the foreground.
• Combine multiple programs into one single file.
• Attackers might disguise a greeting as a malicious Trojan installation.

Command Shell Trojans

• Give remote control of a command shell on a victim's machine.
• The Trojan server is installed on the victim's machine, opening a port for the attacker to connect.
• The attacker's client machine is used to launch a command shell on the victim's machine.

Remote Access Trojans (RATs)

• Acts like a remote desktop access, granting hackers complete GUI access to the target system.
• The Trojan infects a computer (e.g., server.exe) and connects to Port 80, establishing a reverse connection with the attacker.
• The attacker gains complete control over the infected machine.

Botnet Trojans

• Infects a large number of computers to create a network of bots controlled by a C&C (Command and Control) center.
• Launching various cyber-attacks such as denial-of-service, spamming, click fraud, and financial information theft.

Evading Anti-Virus Techniques

• Breaking the Trojan file into multiple pieces and zipping them as a single file.
• Writing custom Trojans and embedding them into applications.
• Changing Trojan syntax (e.g., converting EXE to VB script, changing extensions).
• Modifying Trojan content using a hex editor and changing checksums.
• Never using Trojans downloaded from the web.

Introduction to Viruses

• Self-replicating programs that copy themselves by attaching to programs, boot sectors, or documents.
• Often transmitted via file downloads, infected flash drives, and email attachments.
• Characteristics include infecting other programs, altering data, corrupting files, transforming themselves, encrypting themselves, and self-replicating.

Stages of Virus Life Cycle

• Design: Developing virus code using programming languages or construction kits.
• Replication: Virus replicates for a time in the target system before spreading.
• Launch: Virus is activated when the user performs certain actions.
• Detection: Antivirus software detecting the virus.
• Incorporation: Antivirus software incorporating defenses against the virus.
• Elimination: Users install antivirus updates to remove the virus threat.

Why People Create Computer Viruses

• Inflict damage to competitors.
• Achieve financial benefits.
• Conduct research projects.
• Play pranks
• Vandalism
• Cyberterrorism
• Distribute political messages

How a Computer Gets Infected by Viruses

• Accepting files and downloads without checking the source.
• Opening infected email attachments.
• Installing pirated software.
• Not updating or installing new versions of plug-ins.
• Not running the latest antivirus application.

Encryption Viruses

• Viruses that use simple encryption to encipher the code.
• Each infected file is encrypted using a different key.
• Antivirus scanners cannot detect them using signature detection methods.

Computer Worms

• Self-replicating malicious programs that spread across networks without human interaction.
• Most spread to consume resources, some carry a payload to damage the system.
• Attackers use worm payloads to create backdoors on infected computers, forming botnets for further attacks.

How a Worm Differs from a Virus

• Worms replicate on their own and use memory to spread; viruses cannot attach to other programs.
• Worms utilize network features for propagation, while viruses don't spread automatically across a network.

Anti-Virus Sensor Systems

• Computer software that detects and analyzes malicious code.
• Detects various threats, including viruses, worms, and Trojans.
• Commonly used with sheep dip computers.

How to Detect Trojans

• Scanning for suspicious open ports.
• Scanning for suspicious startup programs.
• Scanning for suspicious running processes.
• Scanning for suspicious files and folders.
• Scanning for suspicious registry entries.
• Scanning for suspicious network activities.
• Scanning for suspicious device drivers.
• Scanning for suspicious Windows services.
• Running a Trojan scanner.

Trojan Countermeasures

• Avoid opening unknown email attachments.
• Install security updates for operating systems and applications.
• Block unnecessary network ports.
• Avoid accepting programs via instant messaging.
• Harden default configuration settings.
• Monitor network traffic for anomalies.
• Scan CDs and DVDs with antivirus software.
• Restrict permissions for applications and prevent malicious applications' installation.
• Avoid typing commands and pre-fabricated programmes.
• Ensure file integrity.
• Download and run software only from trusted sources.
• Run host-based antivirus, firewall, intrusion detection software.

Backdoor Countermeasures

• Utilize commercial antivirus products for automatic backdoor detection and removal.
• Educate users to avoid downloading applications from untrusted sources and phishing links.
• Utilize anti-virus tools to detect and remove backdoors.

Virus and Worms Countermeasures

• Install reliable anti-virus software to detect and remove viruses and worms.
• Implement an anti-virus policy for safe computing.
• Regularly update anti-virus software.
• Maintain data backups.
• Carefully inspect any software or files before execution.
• Use a current antivirus version when verifying if a file isn't malicious from an unknown source.
• Employ pop-up blockers and firewalls to prevent malicious program execution.
• Scan DVDs and CDs before opening.
• Be cautious with emails and instant messages.

Anti-Virus Tools

• Provides a list of various anti-virus tools with associated URLs.

Description

This quiz covers various malware threats, their entry points, and common distribution techniques. Understand how different types of malware such as Trojans, viruses, and ransomware operate, and explore ways they can infiltrate systems through social engineering and malvertising. Test your knowledge on keeping systems secure against these threats.