Malware Threats and Entry Methods

Questions and Answers

What is a common technique used to trick users into clicking on malicious links?

• Malvertising
• Social Engineered Click-jacking (correct)
• Drive-by Downloads
• Spearphishing Sites

Which of the following is NOT considered a type of malware?

• Trojan Horse
• Firewall (correct)
• Spyware
• Worm

What can Trojans do to a victim's computer?

• Encrypt files for recovery
• Improve system performance
• Create backup copies of files
• Replace or delete critical operating system files (correct)

Which of these is a way malware can enter a computer system?

Through legitimate shrink-wrapped software (B)

What is Blackhat Search Engine Optimization (SEO) primarily used for?

Boosting visibility of malware-laden pages (D)

What is the purpose of a wrapper in the context of Trojans?

To disguise a Trojan by binding it with an innocent application. (B)

Which component is installed on the victim's machine for Command Shell Trojans?

Trojan server (C)

What type of Trojan allows a hacker to have complete GUI access to a victim's machine?

Remote Access Trojan (A)

What is a key step in creating a Botnet Trojan?

Creating a network of bots across a large area. (D)

Which technique is used to evade anti-virus detection in Trojans?

Breaking the Trojan into multiple pieces and zipping them. (B)

What is the first stage of a virus's life cycle?

Design (A)

Which of the following actions can lead to a computer getting infected by a virus?

Accepting unsolicited file downloads (C)

What is a common characteristic of viruses?

Self-replication (A)

What purpose does encryption serve in encryption viruses?

To evade detection by antivirus software (D)

Which reason commonly motivates individuals to create computer viruses?

Financial gain (B)

What is a key difference between viruses and computer worms?

Viruses require user interaction to spread, whereas worms replicate independently. (B)

Which stage involves developers creating defensive measures against a virus?

Incorporation (A)

What can be a consequence of computer worms carrying a payload?

Installation of backdoors in infected systems (D)

What action should be avoided to minimize the risk of virus infection?

Opening email attachments from unknown sources (C)

A wrapper binds a Trojan executable with an innocent looking application, making it appear safe to users.

True (A)

Evasive techniques for Trojans include combining the Trojan file with legitimate software without any modification.

False (B)

Command shell Trojans provide the attacker complete graphical user interface access to the victim's machine.

False (B)

Botnet Trojans are designed to infect numerous computers and create a controlled network of bots.

True (A)

Remote Access Trojans do not require any initial infection on the victim's machine to provide access.

False (B)

Malware can give full control of computer systems to the malware creator.

True (A)

Trojan Horses can only infect systems through downloading files from untrusted sites.

False (B)

Blackhat SEO is a technique to improve the ranking of malware pages in search results.

True (A)

Drive-by downloads happen when a user clicks on a link to install malware.

False (B)

Compromised legitimate websites can host embedded malware that spreads to unsuspecting visitors.

True (A)

A virus is a self-replicating program that can spread by attaching itself to other programs.

True (A)

Computer worms require human interaction to spread across network connections.

False (B)

Encryption viruses use a single key to encrypt their code for all infected files.

False (B)

The stage of virus life that involves it being activated by user actions is known as Launch.

True (A)

Opening infected email attachments can result in a computer becoming infected by viruses.

True (A)

Trojans are typically safe to download if they are from the web.

False (B)

The first stage of a virus's life cycle involves replication.

False (B)

A virus can corrupt files and programs as part of its characteristics.

True (A)

People create computer viruses solely for research purposes.

False (B)

Antivirus software can directly detect encryption viruses using signature detection methods.

False (B)

Which malware type is specifically designed to give hackers backdoor access to a system?

Trojan Horse (B)

What method involves exploiting browser flaws to install malware without user consent?

Drive-by Downloads (A)

Which of the following describes blackhat search engine optimization?

Ranking malware pages highly in search results (C)

Which technique involves tricking users into interacting with seemingly innocent webpages to distribute malware?

Social Engineered Click-jacking (A)

What is the primary threat posed by a rootkit?

It disguises itself to hide other malicious activities (B)

What is the primary function of a dropper in the context of Trojan techniques?

To install the Trojan software on the victim's machine. (A)

What is a common characteristic of Botnet Trojans?

They infect many computers over a large geographical area for coordinated control. (D)

Which of the following is NOT a step in the process of creating a Trojan wrapper?

Elevating system permissions to complete installation. (A)

What tactic is often employed by attackers to evade anti-virus detection of Trojans?

Compiling the Trojan with legitimate applications and changing its syntax. (C)

What is the purpose of a Reverse Connecting Trojan installed on a victim's computer?

To enable attackers to gain remote access through a reverse connection. (D)

What is one common method for a computer to get infected by a virus?

Opening infected email attachments (C)

Which stage of a virus's life cycle involves the virus spreading itself within the system?

Replication (C)

What best describes a computer worm?

Self-replicates without human interaction (D)

What is a primary characteristic of viruses?

Can transform themselves (A)

What is a common motivation behind creating computer viruses?

Financial gain (D)

Which method can be employed to avoid detection by antivirus software?

Conceal the malware as a system update (A)

What happens during the elimination stage of a virus's life cycle?

Users install antivirus updates to remove threats (A)

What technology is generally ineffective against encryption viruses?

Signature detection methods (D)

What is one likely consequence of a computer worm carrying a payload?

Installing backdoors on infected computers (A)

What is an effect of using Trojans downloaded from the internet?

They may carry malicious software (B)

A computer worm can spread across networks without human interaction.

True (A)

Trojans are a type of virus that requires human action to be activated.

True (A)

Viruses can only infect documents but not executable programs.

False (B)

Encryption viruses use the same key for all infected files.

False (B)

Antivirus software can identify all types of viruses effectively.

False (B)

People create computer viruses solely for financial benefits.

False (B)

The detection stage of a virus's life cycle is when antivirus software identifies the threat.

True (A)

File downloads are a common way for viruses to spread.

True (A)

Computer worms often carry a payload that can damage the host system.

True (A)

Changing the checksum of a Trojan can help in evading detection by antivirus software.

True (A)

Malware can damage computer systems and provide control to the malware creator.

True (A)

Drive-by downloads require a user to click on a link to install malware.

False (B)

Compromised legitimate websites can distribute malware to unsuspecting visitors.

True (A)

A Trojan Horse can replicate itself without any user interaction.

False (B)

Blackhat SEO is a technique used to rank legitimate websites higher in search results.

False (B)

A wrapper combines a Trojan executable with an innocent looking application to deceive users.

True (A)

Command shell Trojans provide complete GUI access to the victim's machine.

False (B)

Botnet Trojans are designed to control a large network of infected computers.

True (A)

Evasive techniques for Trojans always involve significant modifications to the Trojan file.

False (B)

Remote Access Trojans do not require initial infection on the victim's machine.

False (B)

A dropper installs a Trojan by binding it with an application that appears harmless to the user.

True (A)

Remote Access Trojans provide attackers with limited functionality and minimal access to the victim's system.

False (B)

Botnet Trojans are created to infect only a small number of systems for personal use.

False (B)

Changing the Trojan's syntax to an innocent file type, such as .DOC.EXE, is a known evasion technique.

True (A)

The primary purpose of command shell Trojans is to install benign applications on the victim's machine.

False (B)

Trojans can only infect systems through downloading files from untrusted sites.

False (B)

Drive-by downloads occur when a user clicks on a link to install malware.

False (B)

Blackhat SEO is a technique used to rank malware pages highly in search results.

True (A)

Computer worms are designed to spread across network connections without human interaction.

True (A)

Viruses can only attach themselves to documents and cannot infect programs.

False (B)

A virus can be activated by the user's actions, such as running an infected program.

True (A)

Trojans can easily be detected by any antivirus program if they are downloaded from trusted sites.

False (B)

Encryption viruses use multiple keys to encrypt their code for different infected files.

True (A)

The incorporation stage of a virus's life cycle is when it starts replicating in the target system.

False (B)

Vandalism is one of the reasons people may create computer viruses.

True (A)

Opening a file received through email can lead to a computer getting infected by a virus.

True (A)

Once a Trojan infects a machine, it cannot extract data or give hackers control of the system.

False (B)

The design stage of a virus's life cycle involves creating virus code.

True (A)

Malware can impair or disable computer systems and can also afford complete access to them.

True (A)

Drive-by downloads occur when users click on links that automatically install malware.

False (B)

Trojan Horses can only infect systems through downloading files from trustworthy sites.

False (B)

Blackhat search engine optimization is a tactic to make legitimate sites rank higher in search results.

False (B)

Compromised legitimate websites may host malware that can spread to visitors without their knowledge.

True (A)

A wrapper can only bind a Trojan executable with applications that are .EXE in format.

False (B)

Evasive techniques for Trojans aim to manipulate users into believing the Trojan is a legitimate application without any modification to the Trojan file itself.

False (B)

Remote Access Trojans allow hackers to gain complete control over the GUI interface of the victim's machine after establishing a reverse connection.

True (A)

Botnet Trojans are designed solely for personal attacks against single users and do not involve network creation.

False (B)

Command shell Trojans provide access to only a graphical interface of the victim's machine.

False (B)

Encryption viruses use a different key for each infected file to encipher their code.

True (A)

The 'Launch' stage of a virus's life cycle occurs when the virus self-replicates.

False (B)

People create computer viruses only for damage and vandalism.

False (B)

Trojans can inflict damage to systems but are generally not self-replicating.

True (A)

Compromised legitimate websites can host embedded malware that does not spread to visitors.

False (B)

The incorporation stage of a virus's life cycle involves identifying it as a threat.

False (B)

A key characteristic of a virus is its ability to transform itself.

True (A)

A wrapper combines a Trojan executable with an innocent application to make it appear safe.

True (A)

What is a primary function of malware like Trojans aside from theft?

To generate fake traffic for denial of service attacks. (D)

Which method represents a way that malware can be introduced through legitimate sources?

Using removable devices without scanning them. (A)

Which of the following techniques is intended to disguise malicious activity online?

Social Engineering click-jacking. (B)

What is a significant risk associated with compromised legitimate websites?

They can host embedded malware targeting visitors. (B)

In the context of Trojans, what is the purpose of a dropper?

To install malicious code on the target system. (C)

What is the primary purpose of a dropper in Trojan techniques?

To install malware on a victim's computer without user awareness (B)

Which technique involves modifying the Trojan's code to avoid detection by anti-virus software?

All of the above (D)

What characteristic distinguishes Botnet Trojans from other types of Trojans?

They are designed to spread to a large number of systems (C)

What key function does a Reverse Connecting Trojan serve?

To create a command shell on the victim's machine for remote access (C)

In the context of wrappers, what is a significant feature that helps disguise Trojans?

They bind the Trojan to visually appealing applications (B)

What is a primary characteristic of computer worms compared to viruses?

They replicate independently across network connections. (B)

In what stage of a virus's life cycle does antivirus software developers create defenses?

Incorporation (A)

What tactic do encryption viruses use to evade antivirus scanners?

They are designed to encrypt code with a unique key for each infected file. (C)

Which of the following motivations is least common for individuals creating computer viruses?

Enhancing software performance (D)

How do users commonly expose their computers to viruses?

By accepting and downloading files from unknown sources. (A)

What is one of the primary functions of a payload in computer worms?

To deliver and activate other malware components. (B)

Which stage of a virus's life cycle involves it being activated by user actions?

Launch (B)

What commonly motivates cyber terrorists to create computer viruses?

Vandalism and disruption (D)

Which technique is commonly employed by malware to avoid detection by antivirus software?

Embedding malicious code within encrypted files. (B)

Flashcards

Malware

Malicious software designed to damage or disable computer systems, or give attackers partial or full control, often for theft or fraud.

Trojan Horse

A type of malware that disguises itself as legitimate software to trick users into installing it, giving attackers unauthorized access.

Malware Distribution Techniques

Methods used by attackers to spread malware, including exploiting software flaws, social engineering, and malicious websites.

Malvertising

A technique where malicious code is embedded within legitimate online ads to spread malware.

Trojan Attack Methods

Actions a Trojan can perform on a victim's system, like deleting files, creating backdoors, stealing data, or participating in denial-of-service attacks.

Dropper

A malicious program designed to install other malware on a victim's computer.

Wrapper

A program that combines a malicious Trojan with a harmless application to disguise its true nature.

Command Shell Trojan

Malware that provides remote access to a command shell on a victim's computer, allowing attackers to execute commands.

Remote Access Trojan (RAT)

Malware that allows attackers to gain complete graphical user interface (GUI) control of a victim's computer.

Botnet Trojan

Malware that infects multiple computers to create a network of bots controlled by a central server, used for harmful activities.

Computer Virus

A self-replicating program that attaches itself to other programs or files, altering data and spreading infection.

Virus Replication

The process of a virus making copies of itself within a target system and then distributing those copies to other computer systems.

Virus Launch

The activation of a virus when a user performs a specific action, like running an infected program or opening an infected attachment.

Encryption Virus

A virus that encrypts files with unique keys. Antivirus programs might not detect these viruses using standard methods.

Computer Worm

A self-replicating program that spreads across networks without user interaction, often consuming resources or carrying malicious payloads.

Worm Payload

The malicious code carried by a computer worm, such as installing backdoors, and creating a botnet.

Virus Detection

The process of identifying a computer virus or malicious software that is infecting a system.

Virus Incorporation

The process of antivirus software developers creating new defenses against identified virus threats.

Virus Elimination

The process of eliminating a virus from a system through user actions like installing antivirus updates or taking other corrective measures.

Virus Infection Methods

Ways a computer becomes infected by viruses, including downloading files, opening infected attachments, using pirated software, and updating software.

Blackhat SEO

Using unethical tactics to rank malicious websites high in search results, making them more likely to be clicked by unsuspecting users.

Social Engineered Click-jacking

Tricking users into clicking on malicious links disguised as innocent-looking content, leading to malware infection.

Spearphishing Sites

Websites designed to mimic legitimate institutions, like banks, to steal login credentials.

Drive-by Downloads

Exploiting browser vulnerabilities to automatically download malware without user interaction, just by visiting a website.

What does a wrapper do?

A wrapper binds a Trojan executable with a harmless .EXE application (like games or office programs). It installs the Trojan in the background and then runs the harmless app in the foreground, all in one file.

How does a Command Shell Trojan work?

This Trojan gives an attacker remote control over a command shell on your computer. It installs a Trojan server on your machine, opening a port for the attacker to connect through their client.

How does a Remote Access Trojan work?

This Trojan allows the attacker to see and control your computer screen just like they are sitting in front of it. It secretly connects to the attacker's computer, giving them full access.

What is a Botnet?

A Botnet is a network of computers infected with Botnet Trojans. This network is controlled by a central server, and can be used to launch attacks like denial-of-service, spamming, and stealing financial information.

How can attackers evade antivirus?

Attackers can evade antivirus by breaking their Trojan into pieces, embedding it in other applications, changing its code, or hiding it as a different file type.

Virus

A program that replicates itself by attaching to other programs, boot sectors, or documents, and spreads through downloads, infected disks, and email attachments.

Virus Characteristics

Infects other programs, alters data, transforms itself, corrupts files, encrypts itself, and replicates.

Virus Design

The creation of virus code using programming languages or specialized tools.

Botnet

A network of infected computers controlled by a central server. Hackers can use it to launch attacks, send spam, or steal data.

Virus Stages

A virus progresses through stages: design, replication, launch, detection, incorporation, and elimination.

What is a wrapper in malware?

A wrapper tricks users by combining a malicious Trojan with a harmless application like a game or office program. It installs the Trojan secretly while the user runs the harmless app.

What does a Remote Access Trojan do?

This Trojan allows the attacker to control your computer screen like they are sitting right in front of it. It secretly connects to the attacker's computer, giving them full access to your desktop.

What does a virus do during replication?

A virus replicates itself for a period of time within the target system and then spreads to other systems.

How does a computer get infected by a virus?

A computer can get infected by a virus through various means: downloading infected files, opening infected email attachments, installing pirated software, not updating software, and not running antivirus software.

What is an Encryption Virus?

This type of virus uses encryption to hide its code, making it difficult for antivirus software to detect.

What is a Computer Worm?

A malicious program that replicates and spreads across a network without human interaction.

What is a Worm Payload?

The malicious code carried by a worm, often used to install backdoors, create botnets, or steal data.

What are the reasons people create viruses?

Viruses can be created for various reasons, including causing damage to competitors, financial gain, research projects, pranks, vandalism, cyber terrorism, and distributing political messages.

How can a Botnet be used?

Botnets can be used by attackers to launch various attacks including denial-of-service, spamming, or stealing data.

Virus Transmission

Viruses are typically spread through file downloads, infected removable media, email attachments, and network connections.

How to Avoid Virus Infection

Protect your computer by avoiding suspicious downloads, opening attachments from unknown sources, installing pirated software, and keeping your software and antivirus updated.

Why Do People Create Viruses?

Motivations for creating viruses include causing damage to competitors, financial gain, research projects, pranks, vandalism, cyber terrorism, or delivering political messages.

Trojan Horse Malware

A type of malware that disguises itself as legitimate software to trick users into installing it, giving attackers unauthorized access to their systems.

What is a wrapper?

A wrapper combines a Trojan executable with a harmless application (like a game) to disguise its true purpose. The Trojan installs secretly while the harmless application runs in the foreground.

What does a Command Shell Trojan do?

This Trojan gives an attacker remote control over your computer's command shell. It installs a Trojan server on your computer, opening a port for the attacker to access using their client.

What is a Remote Access Trojan (RAT)?

This Trojan allows an attacker to see and control your computer screen as if they were sitting in front of it. It establishes a secret connection to the attacker's computer, giving them full access.

Virus Transmission Methods

Viruses spread through file downloads, infected disks/flash drives, and email attachments.

Why People Create Viruses

People create viruses for various reasons, including causing damage to competitors, financial gain, research projects, pranks, vandalism, cyber terrorism, and distributing political messages.

Study Notes

Malware Threats

• Malware is malicious software designed to damage or disable computer systems, giving the creator control for theft or fraud.
• Examples of malware include Trojan Horses, viruses, backdoors, worms, rootkits, spyware, ransomware, botnets, adware, and crypters.

Different Ways Malware Enters a System

• Instant messaging applications (like IRC)
• Browser and email software bugs
• Removable devices
• Attachments
• Legitimate software (potentially compromised)
• NetBIOS (file sharing)
• Fake programs
• Untrusted sites and freeware
• Downloading files, games, and screensavers

Common Attack Techniques

• Blackhat SEO: Ranking malware pages highly in search results
• Clickjacking: Tricking users into clicking on innocent-looking webpages
• Malvertising: Embedding malware in ads on legitimate sites
• Spearphishing: Mimicking legitimate institutions to steal login credentials
• Compromised legitimate websites: Hosting embedded malware that spreads to unsuspecting visitors
• Drive-by downloads: Exploiting flaws in browser software to install malware with a simple visit

How Hackers Use Trojans

• Deleting or replacing critical OS files
• Disabling firewalls and anti-virus software
• Generating fake traffic to create DOS attacks
• Recording data (screenshots, audio, video) from the victim's PC
• Using the victim's PC for spamming and blasting emails
• Downloading malicious files (spyware, adware)
• Creating backdoors for remote access
• Infecting the victim's PC as a proxy server for attacks
• Using victim's PC in botnets for DDoS attacks
• Stealing information (passwords, security codes, credit cards) using keyloggers

How to Infect Systems Using a Trojan

• Creating a new Trojan packet using a Trojan Horse Construction Kit
• Creating a dropper (part of a Trojan packet that installs malicious code on the target system)
• Example of a Dropper: Installation path: c\windows\system32\svchosts.exe, Autostart: HKLM\Software\Mic.....\run\Iexplorer.exe, client address: client.attacker.com, dropzone: dropzone.attacker.com, genuine application file name: chess.exe, wrapper data: executable file, wrapper
• Create a wrapper to install Trojan and propagate it.
• Execute the dropper.
• Execute the damage routine.

Wrappers

• Bind a Trojan executable to an innocent-looking application (like a game or office app)
• The wrapper installs the Trojan in the background, and runs the application in the foreground, when the user runs the wrapped EXE
• The programs are often combined into a single file.
• Attackers might disguise a Trojan as a greeting (like a birthday cake animation)

Command Shell Trojans

• Give remote control of a command shell on the victim's machine.
• The Trojan server is installed on the victim's machine, opening a communication port for attackers
• The attacker's client machine launches the shell.
• CLI examples: C:\>nc <ip> <port> C:\> nc -L -p <port>

Remote Access Trojans (RATs)

• This Trojan works like a remote desktop, giving the attacker complete GUI access to the victim's system.
• The attacker gains 100% access to the target system (complete access).
• An example: Infect the victim's computer with server.exe, the Trojan connects to port 80 to the attacker (establishing a reverse connection) giving the attacker complete control.

Botnet Trojans

• Infects a large number of computers (across a geographical area) to create a network of bots controlled by a central server.
• Used to launch various attacks, such as denial-of-service attacks, spamming, click fraud, and financial information theft.

Evading Anti-Virus Techniques

• Splitting the Trojan file into multiple parts and zipping them.
• Writing your own Trojan and embedding it into an application.
• Changing the Trojan's syntax (e.g., converting EXE to VB script, changing extensions).
• Modifying the content using a hex editor, altering the checksum, or encrypting.
• Avoiding using Trojans downloaded from the web (as they can be easily detected).

Introduction to Viruses

• A virus is a self-replicating program.
• It attaches itself to other programs, boot sectors, or documents.
• Virus transmissions commonly occur through downloads, infected disks/flash drives and email attachments.
• Virus characteristics include infecting other programs, altering data, corrupting files/programs, self-replication, and encryption.

Stages of Virus Life

• Virus design and code development
• Virus replication within the target system
• Virus launch (activation) triggered by users or programs
• Virus detection by antivirus software
• Antivirus software incorporation of defenses against viruses.
• Virus elimination by users

Reasons for Creating Computer Viruses

• Inflicting damage to competitors
• Financial benefits
• Research projects
• Play pranks
• Vandalism
• Cyber terrorism
• Distributing political messages

How Computers Get Infected by Viruses

• Accepting files/downloads without proper source checking
• Opening infected email attachments
• Installing pirated software
• Not updating or installing new software versions
• Not running the latest anti-virus application

Encryption Viruses

• Encrypt the code.
• Encrypt each infected file using a unique encryption key.
• Antivirus programs can't use signature detection to find these types of viruses.

Computer Worms

• Malicious programs that replicate, execute, and spread across network connections.
• Most worms' goal is to replicate and spread.
• Some worms carry payloads to damage the host system, like installing backdoors to turn the host into a bot (zombie).

Differences Between Worms and Viruses

• Worms replicate on their own, spread through the network, and don't need to attach to other programs.
• Viruses replicate themselves and attach to other programs to spread faster.

Anti-Virus Sensor Systems

• Software that detects and analyzes malicious code.
• Usually used with other tools to monitor network traffic, suspicious files, etc.

How to Detect Trojans

• Scanning for suspicious open ports
• Scanning for suspicious startup programs
• Scanning for suspicious running processes
• Scanning for suspicious files and folders
• Scanning for suspicious registry entries
• Scanning for suspicious network activities
• Scanning for suspicious device drivers installed on the computer
• Scanning for suspicious Windows services
• Running specific Trojan scanner programs

Trojan Countermeasures

• Avoid opening email attachments from unknown senders
• Install patches and security updates
• Block unnecessary ports and use a firewall
• Harden default configuration settings and disable unused functionality.
• Monitor internal network traffic
• Scan CDs and DVDs with antivirus software.
• Restrict permissions in the desktop environment.
• Avoid blindly executing programs
• Manage local workstation file integrity using tools like checksums, audits, and port scanners
• Avoid downloading or executing from untrusted sources.
• Use host-based antivirus, firewall and intrusion detection software

Backdoor Countermeasures

• Commercial antivirus programs automatically scan and detect backdoors.
• Educate users on not installing programs from untrustworthy sources.
• Use anti-virus tools (like McAfee, Norton) to find and remove backdoors.

Virus and Worm Countermeasures

• Install anti-virus programs that scan for and remove threats.
• Carefully consider and follow instructions during internet downloads.
• Avoid opening attachments from unknown senders.
• Create anti-virus policies.
• Maintain current anti-virus programs.
• Regularly back up data.
• Do thorough scanning of disks/programs before use.
• Use pop-up blockers and internet firewalls.

Anti-virus Tools

• Provides a list of anti-virus tools and their websites

Description

This quiz explores various types of malware and the different ways they can infiltrate computer systems. It also covers common attack techniques used by cybercriminals to exploit vulnerabilities. Test your knowledge on how to recognize and prevent malware threats.