Malware Threats and Entry Methods

Questions and Answers

What is a common technique used to trick users into clicking on malicious links?

Malvertising

Social Engineered Click-jacking (correct)

Drive-by Downloads

Spearphishing Sites

Which of the following is NOT considered a type of malware?

Trojan Horse

Firewall (correct)

Spyware

Worm

What can Trojans do to a victim's computer?

Encrypt files for recovery

Improve system performance

Create backup copies of files

Replace or delete critical operating system files (correct)

Which of these is a way malware can enter a computer system?

Through legitimate shrink-wrapped software

What is Blackhat Search Engine Optimization (SEO) primarily used for?

Boosting visibility of malware-laden pages

What is the purpose of a wrapper in the context of Trojans?

To disguise a Trojan by binding it with an innocent application.

Which component is installed on the victim's machine for Command Shell Trojans?

Trojan server

What type of Trojan allows a hacker to have complete GUI access to a victim's machine?

Remote Access Trojan

What is a key step in creating a Botnet Trojan?

Creating a network of bots across a large area.

Which technique is used to evade anti-virus detection in Trojans?

Breaking the Trojan into multiple pieces and zipping them.

What is the first stage of a virus's life cycle?

Design

Which of the following actions can lead to a computer getting infected by a virus?

Accepting unsolicited file downloads

What is a common characteristic of viruses?

Self-replication

What purpose does encryption serve in encryption viruses?

To evade detection by antivirus software

Which reason commonly motivates individuals to create computer viruses?

Financial gain

What is a key difference between viruses and computer worms?

Viruses require user interaction to spread, whereas worms replicate independently.

Which stage involves developers creating defensive measures against a virus?

Incorporation

What can be a consequence of computer worms carrying a payload?

Installation of backdoors in infected systems

What action should be avoided to minimize the risk of virus infection?

Opening email attachments from unknown sources

A wrapper binds a Trojan executable with an innocent looking application, making it appear safe to users.

True

Evasive techniques for Trojans include combining the Trojan file with legitimate software without any modification.

False

Command shell Trojans provide the attacker complete graphical user interface access to the victim's machine.

False

Botnet Trojans are designed to infect numerous computers and create a controlled network of bots.

True

Remote Access Trojans do not require any initial infection on the victim's machine to provide access.

False

Malware can give full control of computer systems to the malware creator.

True

Trojan Horses can only infect systems through downloading files from untrusted sites.

False

Blackhat SEO is a technique to improve the ranking of malware pages in search results.

True

Drive-by downloads happen when a user clicks on a link to install malware.

False

Compromised legitimate websites can host embedded malware that spreads to unsuspecting visitors.

True

A virus is a self-replicating program that can spread by attaching itself to other programs.

True

Computer worms require human interaction to spread across network connections.

False

Encryption viruses use a single key to encrypt their code for all infected files.

False

The stage of virus life that involves it being activated by user actions is known as Launch.

True

Opening infected email attachments can result in a computer becoming infected by viruses.

True

Trojans are typically safe to download if they are from the web.

False

The first stage of a virus's life cycle involves replication.

False

A virus can corrupt files and programs as part of its characteristics.

True

People create computer viruses solely for research purposes.

False

Antivirus software can directly detect encryption viruses using signature detection methods.

False

Which malware type is specifically designed to give hackers backdoor access to a system?

Trojan Horse

What method involves exploiting browser flaws to install malware without user consent?

Drive-by Downloads

Which of the following describes blackhat search engine optimization?

Ranking malware pages highly in search results

Which technique involves tricking users into interacting with seemingly innocent webpages to distribute malware?

Social Engineered Click-jacking

What is the primary threat posed by a rootkit?

It disguises itself to hide other malicious activities

What is the primary function of a dropper in the context of Trojan techniques?

To install the Trojan software on the victim's machine.

What is a common characteristic of Botnet Trojans?

They infect many computers over a large geographical area for coordinated control.

Which of the following is NOT a step in the process of creating a Trojan wrapper?

Elevating system permissions to complete installation.

What tactic is often employed by attackers to evade anti-virus detection of Trojans?

Compiling the Trojan with legitimate applications and changing its syntax.

What is the purpose of a Reverse Connecting Trojan installed on a victim's computer?

To enable attackers to gain remote access through a reverse connection.

What is one common method for a computer to get infected by a virus?

Opening infected email attachments

Which stage of a virus's life cycle involves the virus spreading itself within the system?

Replication

What best describes a computer worm?

Self-replicates without human interaction

What is a primary characteristic of viruses?

Can transform themselves

What is a common motivation behind creating computer viruses?

Financial gain

Which method can be employed to avoid detection by antivirus software?

Conceal the malware as a system update

What happens during the elimination stage of a virus's life cycle?

Users install antivirus updates to remove threats

What technology is generally ineffective against encryption viruses?

Signature detection methods

What is one likely consequence of a computer worm carrying a payload?

Installing backdoors on infected computers

What is an effect of using Trojans downloaded from the internet?

They may carry malicious software

A computer worm can spread across networks without human interaction.

True

Trojans are a type of virus that requires human action to be activated.

True

Viruses can only infect documents but not executable programs.

False

Encryption viruses use the same key for all infected files.

False

Antivirus software can identify all types of viruses effectively.

False

People create computer viruses solely for financial benefits.

False

The detection stage of a virus's life cycle is when antivirus software identifies the threat.

True

File downloads are a common way for viruses to spread.

True

Computer worms often carry a payload that can damage the host system.

True

Changing the checksum of a Trojan can help in evading detection by antivirus software.

True

Malware can damage computer systems and provide control to the malware creator.

True

Drive-by downloads require a user to click on a link to install malware.

False

Compromised legitimate websites can distribute malware to unsuspecting visitors.

True

A Trojan Horse can replicate itself without any user interaction.

False

Blackhat SEO is a technique used to rank legitimate websites higher in search results.

False

A wrapper combines a Trojan executable with an innocent looking application to deceive users.

True

Command shell Trojans provide complete GUI access to the victim's machine.

False

Botnet Trojans are designed to control a large network of infected computers.

True

Evasive techniques for Trojans always involve significant modifications to the Trojan file.

False

Remote Access Trojans do not require initial infection on the victim's machine.

False

A dropper installs a Trojan by binding it with an application that appears harmless to the user.

True

Remote Access Trojans provide attackers with limited functionality and minimal access to the victim's system.

False

Botnet Trojans are created to infect only a small number of systems for personal use.

False

Changing the Trojan's syntax to an innocent file type, such as .DOC.EXE, is a known evasion technique.

True

The primary purpose of command shell Trojans is to install benign applications on the victim's machine.

False

Trojans can only infect systems through downloading files from untrusted sites.

False

Drive-by downloads occur when a user clicks on a link to install malware.

False

Blackhat SEO is a technique used to rank malware pages highly in search results.

True

Computer worms are designed to spread across network connections without human interaction.

True

Viruses can only attach themselves to documents and cannot infect programs.

False

A virus can be activated by the user's actions, such as running an infected program.

True

Trojans can easily be detected by any antivirus program if they are downloaded from trusted sites.

False

Encryption viruses use multiple keys to encrypt their code for different infected files.

True

The incorporation stage of a virus's life cycle is when it starts replicating in the target system.

False

Vandalism is one of the reasons people may create computer viruses.

True

Opening a file received through email can lead to a computer getting infected by a virus.

True

Once a Trojan infects a machine, it cannot extract data or give hackers control of the system.

False

The design stage of a virus's life cycle involves creating virus code.

True

Malware can impair or disable computer systems and can also afford complete access to them.

True

Drive-by downloads occur when users click on links that automatically install malware.

False

Trojan Horses can only infect systems through downloading files from trustworthy sites.

False

Blackhat search engine optimization is a tactic to make legitimate sites rank higher in search results.

False

Compromised legitimate websites may host malware that can spread to visitors without their knowledge.

True

A wrapper can only bind a Trojan executable with applications that are .EXE in format.

False

Evasive techniques for Trojans aim to manipulate users into believing the Trojan is a legitimate application without any modification to the Trojan file itself.

False

Remote Access Trojans allow hackers to gain complete control over the GUI interface of the victim's machine after establishing a reverse connection.

True

Botnet Trojans are designed solely for personal attacks against single users and do not involve network creation.

False

Command shell Trojans provide access to only a graphical interface of the victim's machine.

False

Encryption viruses use a different key for each infected file to encipher their code.

True

The 'Launch' stage of a virus's life cycle occurs when the virus self-replicates.

False

People create computer viruses only for damage and vandalism.

False

Trojans can inflict damage to systems but are generally not self-replicating.

True

Compromised legitimate websites can host embedded malware that does not spread to visitors.

False

The incorporation stage of a virus's life cycle involves identifying it as a threat.

False

A key characteristic of a virus is its ability to transform itself.

True

A wrapper combines a Trojan executable with an innocent application to make it appear safe.

True

What is a primary function of malware like Trojans aside from theft?

To generate fake traffic for denial of service attacks.

Which method represents a way that malware can be introduced through legitimate sources?

Using removable devices without scanning them.

Which of the following techniques is intended to disguise malicious activity online?

Social Engineering click-jacking.

What is a significant risk associated with compromised legitimate websites?

They can host embedded malware targeting visitors.

In the context of Trojans, what is the purpose of a dropper?

To install malicious code on the target system.

What is the primary purpose of a dropper in Trojan techniques?

To install malware on a victim's computer without user awareness

Which technique involves modifying the Trojan's code to avoid detection by anti-virus software?

All of the above

What characteristic distinguishes Botnet Trojans from other types of Trojans?

They are designed to spread to a large number of systems

What key function does a Reverse Connecting Trojan serve?

To create a command shell on the victim's machine for remote access

In the context of wrappers, what is a significant feature that helps disguise Trojans?

They bind the Trojan to visually appealing applications

What is a primary characteristic of computer worms compared to viruses?

They replicate independently across network connections.

In what stage of a virus's life cycle does antivirus software developers create defenses?

Incorporation

What tactic do encryption viruses use to evade antivirus scanners?

They are designed to encrypt code with a unique key for each infected file.

Which of the following motivations is least common for individuals creating computer viruses?

Enhancing software performance

How do users commonly expose their computers to viruses?

By accepting and downloading files from unknown sources.

What is one of the primary functions of a payload in computer worms?

To deliver and activate other malware components.

Which stage of a virus's life cycle involves it being activated by user actions?

Launch

What commonly motivates cyber terrorists to create computer viruses?

Vandalism and disruption

Which technique is commonly employed by malware to avoid detection by antivirus software?

Embedding malicious code within encrypted files.

Study Notes

Malware Threats

• Malware is malicious software designed to damage or disable computer systems, giving the creator control for theft or fraud.
• Examples of malware include Trojan Horses, viruses, backdoors, worms, rootkits, spyware, ransomware, botnets, adware, and crypters.

Different Ways Malware Enters a System

• Instant messaging applications (like IRC)
• Browser and email software bugs
• Removable devices
• Attachments
• Legitimate software (potentially compromised)
• NetBIOS (file sharing)
• Fake programs
• Untrusted sites and freeware
• Downloading files, games, and screensavers

Common Attack Techniques

• Blackhat SEO: Ranking malware pages highly in search results
• Clickjacking: Tricking users into clicking on innocent-looking webpages
• Malvertising: Embedding malware in ads on legitimate sites
• Spearphishing: Mimicking legitimate institutions to steal login credentials
• Compromised legitimate websites: Hosting embedded malware that spreads to unsuspecting visitors
• Drive-by downloads: Exploiting flaws in browser software to install malware with a simple visit

How Hackers Use Trojans

• Deleting or replacing critical OS files
• Disabling firewalls and anti-virus software
• Generating fake traffic to create DOS attacks
• Recording data (screenshots, audio, video) from the victim's PC
• Using the victim's PC for spamming and blasting emails
• Downloading malicious files (spyware, adware)
• Creating backdoors for remote access
• Infecting the victim's PC as a proxy server for attacks
• Using victim's PC in botnets for DDoS attacks
• Stealing information (passwords, security codes, credit cards) using keyloggers

How to Infect Systems Using a Trojan

• Creating a new Trojan packet using a Trojan Horse Construction Kit
• Creating a dropper (part of a Trojan packet that installs malicious code on the target system)
• Example of a Dropper: Installation path: c\windows\system32\svchosts.exe, Autostart: HKLM\Software\Mic.....\run\Iexplorer.exe, client address: client.attacker.com, dropzone: dropzone.attacker.com, genuine application file name: chess.exe, wrapper data: executable file, wrapper
• Create a wrapper to install Trojan and propagate it.
• Execute the dropper.
• Execute the damage routine.

Wrappers

• Bind a Trojan executable to an innocent-looking application (like a game or office app)
• The wrapper installs the Trojan in the background, and runs the application in the foreground, when the user runs the wrapped EXE
• The programs are often combined into a single file.
• Attackers might disguise a Trojan as a greeting (like a birthday cake animation)

Command Shell Trojans

• Give remote control of a command shell on the victim's machine.
• The Trojan server is installed on the victim's machine, opening a communication port for attackers
• The attacker's client machine launches the shell.
• CLI examples: C:\>nc <ip> <port> C:\> nc -L -p <port>

Remote Access Trojans (RATs)

• This Trojan works like a remote desktop, giving the attacker complete GUI access to the victim's system.
• The attacker gains 100% access to the target system (complete access).
• An example: Infect the victim's computer with server.exe, the Trojan connects to port 80 to the attacker (establishing a reverse connection) giving the attacker complete control.

Botnet Trojans

• Infects a large number of computers (across a geographical area) to create a network of bots controlled by a central server.
• Used to launch various attacks, such as denial-of-service attacks, spamming, click fraud, and financial information theft.

Evading Anti-Virus Techniques

• Splitting the Trojan file into multiple parts and zipping them.
• Writing your own Trojan and embedding it into an application.
• Changing the Trojan's syntax (e.g., converting EXE to VB script, changing extensions).
• Modifying the content using a hex editor, altering the checksum, or encrypting.
• Avoiding using Trojans downloaded from the web (as they can be easily detected).

Introduction to Viruses

• A virus is a self-replicating program.
• It attaches itself to other programs, boot sectors, or documents.
• Virus transmissions commonly occur through downloads, infected disks/flash drives and email attachments.
• Virus characteristics include infecting other programs, altering data, corrupting files/programs, self-replication, and encryption.

Stages of Virus Life

• Virus design and code development
• Virus replication within the target system
• Virus launch (activation) triggered by users or programs
• Virus detection by antivirus software
• Antivirus software incorporation of defenses against viruses.
• Virus elimination by users

Reasons for Creating Computer Viruses

• Inflicting damage to competitors
• Financial benefits
• Research projects
• Play pranks
• Vandalism
• Cyber terrorism
• Distributing political messages

How Computers Get Infected by Viruses

• Accepting files/downloads without proper source checking
• Opening infected email attachments
• Installing pirated software
• Not updating or installing new software versions
• Not running the latest anti-virus application

Encryption Viruses

• Encrypt the code.
• Encrypt each infected file using a unique encryption key.
• Antivirus programs can't use signature detection to find these types of viruses.

Computer Worms

• Malicious programs that replicate, execute, and spread across network connections.
• Most worms' goal is to replicate and spread.
• Some worms carry payloads to damage the host system, like installing backdoors to turn the host into a bot (zombie).

Differences Between Worms and Viruses

• Worms replicate on their own, spread through the network, and don't need to attach to other programs.
• Viruses replicate themselves and attach to other programs to spread faster.

Anti-Virus Sensor Systems

• Software that detects and analyzes malicious code.
• Usually used with other tools to monitor network traffic, suspicious files, etc.

How to Detect Trojans

• Scanning for suspicious open ports
• Scanning for suspicious startup programs
• Scanning for suspicious running processes
• Scanning for suspicious files and folders
• Scanning for suspicious registry entries
• Scanning for suspicious network activities
• Scanning for suspicious device drivers installed on the computer
• Scanning for suspicious Windows services
• Running specific Trojan scanner programs

Trojan Countermeasures

• Avoid opening email attachments from unknown senders
• Install patches and security updates
• Block unnecessary ports and use a firewall
• Harden default configuration settings and disable unused functionality.
• Monitor internal network traffic
• Scan CDs and DVDs with antivirus software.
• Restrict permissions in the desktop environment.
• Avoid blindly executing programs
• Manage local workstation file integrity using tools like checksums, audits, and port scanners
• Avoid downloading or executing from untrusted sources.
• Use host-based antivirus, firewall and intrusion detection software

Backdoor Countermeasures

• Commercial antivirus programs automatically scan and detect backdoors.
• Educate users on not installing programs from untrustworthy sources.
• Use anti-virus tools (like McAfee, Norton) to find and remove backdoors.

Virus and Worm Countermeasures

• Install anti-virus programs that scan for and remove threats.
• Carefully consider and follow instructions during internet downloads.
• Avoid opening attachments from unknown senders.
• Create anti-virus policies.
• Maintain current anti-virus programs.
• Regularly back up data.
• Do thorough scanning of disks/programs before use.
• Use pop-up blockers and internet firewalls.

Anti-virus Tools

• Provides a list of anti-virus tools and their websites

Description

This quiz explores various types of malware and the different ways they can infiltrate computer systems. It also covers common attack techniques used by cybercriminals to exploit vulnerabilities. Test your knowledge on how to recognize and prevent malware threats.