Week-6.pdf

REVIEW MALICIOUS SOFTWARE State your experience where your computer/device got infected with a virus and what did you do? MALICIOUS SOFTWARE The term 'Malicious Software' is the origin of the word 'Malware,' and the meaning remains the same. MALICIOUS CODE Malicious Software refers to any malicious program that causes harm to a computer system or network. Malicious Malware Software attacks a computer or network in the form of viruses, worms, trojans, spyware, adware or rootkits MALICIOUS SOFTWARE ATTACK An attacker inserts malicious code into a user's system to disrupt or disable the operating system or any other application and destroy the important information stored. TYPES OF MALICIOUS SOFTWARE COMPUTER VIRUS A computer virus is malicious software that self-replicates and attaches itself to other files/programs. It can execute secretly when the host program/file is activated. COMPUTER VIRUS (TWO TYPES) Non-resident Virus Resident Virus NON-RESIDENT VIRUS Non-resident viruses are any viruses that do not live in the computer’s memory. A non-resident virus is capable of infecting executable files when programs are not running. NON-RESIDENT VIRUS After they reach the host, they immediately start searching for other hosts that could be infected; once found they infect these targets and finally transfer control to the application program which they infected. RESIDENT VIRUS A resident virus — or memory-resident virus — works by latching itself onto the computer’s memory, thus granting it the freedom to attack any file or application on the device (including the anti-virus software). RESIDENT VIRUS Resident viruses can come from corrupted drives or disks, or from suspicious links or downloads. WORMS A computer worm is a self-replicating computer virus. It uses a network to send copies of itself to other nodes and do so without any user intervention. WORMS DO NOT Delete system's files, modify existing files, install Trojan horses, record or transmit decrypted passwords, capture super user privileges. I LOVE YOU VIRUS COMMON NAME: LOVE LETTER TYPE: COMPUTER WORM OPERATING SYSTEM: MICROSOFT AFFECTED: WINDOWS WRITTEN IN: VBSCRIPT I LOVE YOU VIRUS I LOVE YOU VIRUS ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after 6 May 2000 local time in the Philippines when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR- YOU.txt.vbs". WHO WAS RESPONSIBLE FOR CREATING AND DISTRIBUTING IT? Young Filipino computer programmer named Onel de Guzman WORMS Jerusalem, the first known computer worm, was discovered in 1987. MORRIS WORM was launched in 1988 by Robert Morris, an American student who wanted to discover how big the internet really was. MORRIS WORM To do this, he launched a few dozen lines of code, but he didn’t know that the code was riddled with bugs that would cause a variety of problems on affected hosts. The result was thousands of overloaded computers running on UNIX and a financial damage ranging between $10 million and $100 million. STORM WORM An email worm launched in 2007. Victims would receive emails with a fake news report about an unprecedented storm wave that had already killed hundreds of people across Europe. STORM WORM More than 1.2 billion of these emails were sent over the course of ten years in order to create a botnet that would target popular websites. Experts believe that there are still at least a million infected computers whose owners don’t know that they are part of a botnet. SQL SLAMMER unique, it didn’t utilize any of the traditional distribution methods. SQL SLAMMER It generated many random IP addresses and sent itself out to them, hoping they weren’t protected by antivirus software. Soon after it hit in 2003, over 75,000 infected computers were unknowingly involved in DDoS attacks on several major websites. RANSOMWARE Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. TROJAN HORSES a malicious program that is designed as authentic, real and genuine software. TROJAN HORSE PERCENTAGE WHAT TROJANS CAN DO? Erase or overwrite data on a computer Spread other viruses or install a backdoor. In this case the trojan horse is called a 'dropper.' Setting up networks of zombie computers to launch DDoS attacks or send Spam. WHAT TROJANS CAN DO? Logging keystrokes to steal information such as passwords and credit card numbers (known as a key logger) Phish for a bank or other account details, which can be used for criminal activities. Or simply to destroy data Mail the password file. HOW CAN YOU BE INFECTED? Websites: You can be infected by visiting a rogue website. Instant message: Many get infected through files sent through various messengers. E-mail: Attachments on e-mail messages may contain Trojans. Trojan horses via SMTP. HOW CAN YOU BE INFECTED? The Trojan horse is typically a Windows executable program file and must have an executable file extension such as.exe,.com,.scr,.bat, or.pif. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. How does it get in? Downloading a file Installing a program Opening an attachment Opening bogus Web pages Copying a file from someone else ADWARE Adware is not exactly malicious but they do breach the privacy of the users for malicious purpose. ADWARE They display ads (a pop-up window appears) on the computer’s desktop or inside individual programs. ADWARE Adware can get onto people’s mobile or cell phones through apps in popular categories like entertainment and gaming. SIGNS THAT YOU MAY BE INFECTED WITH UNWANTED ADWARE INCLUDE: Computer adware infection signs An unexpected change in your web browser home page Web pages that you visit are not displaying correctly Being overwhelmed with pop- up ads — sometimes even if not browsing the internet SIGNS THAT YOU MAY BE INFECTED WITH UNWANTED ADWARE INCLUDE: Computer adware infection signs Slow device performance Device crashing Reduced internet speeds Redirected internet searches Random appearance of a new toolbar or browser add-on SIGNS THAT YOU MAY BE INFECTED WITH UNWANTED ADWARE INCLUDE: Mobile adware infection signs Your phone is slow Apps take longer to load Your battery drains quickly Your phone has apps you don’t remember downloading SIGNS THAT YOU MAY BE INFECTED WITH UNWANTED ADWARE INCLUDE: Mobile adware infection signs There is unexplained data usage and higher-than- expected phone bills There are numerous ad pop-ups HOW TO REMOVE ADWARE? Create a backup of the data Download or update your security software Uninstall programs that are not in use Use an adware and cleanup application to run a scan SPYWARE Spyware is a type of malware that perform certain tasks including watching and tracking user actions and collecting personal data. SPYWARE Spyware programs generally install themselves on the user's computer and provide profit to the third party by collecting data of the user without his awareness. Moreover, spyware steals passwords and personal information of the users by running in background in the system. SPYWARE TYPES SPYWARE TYPES SPYWARE TYPES SPYWARE TYPES SPYWARE TYPES SPYWARE TYPES ROOTKIT A rootkit is a malicious software that alters the regular functionality of an OS on a computer in a stealthy manner. WHY ARE ROOTKITS SO DANGEROUS? They’re sneaky: rootkit infections can spread through deceptive threat vectors like corrupt downloads, spam emails, and exploit kits. They’re stealthy: Unlike other types of malware, a deeply concealed rootkit will not display many symptoms. WHY ARE ROOTKITS SO DANGEROUS? They’re capable: A few experts call rootkits the Swiss Army Knives of malware because they have multiple capabilities. TYPES OF ROOTKITS Bootloader rootkit When you turn on a computer, its bootloader loads the operating system. A bootloader rootkit infiltrates this mechanism, infecting your computer with the malware before the operating system is ready to use. TYPES OF ROOTKITS Firmware rootkit All devices, from mobile phones to washing machines, can have firmware. A firmware rootkit is challenging to find because it hides in firmware, where cybersecurity tools usually don’t look for malware. TYPES OF ROOTKITS Kernel Rootkit A kernel rootkit can be catastrophic because it attacks a core component of your computer and gives a threat actor significant control over a system. Application rootkit may modify your regular files with rootkit code, giving the rootkit’s author access to your machine every time you run the infected files. TYPES OF ROOTKITS Memory rootkit reside on your computer's RAM and can slow down your machine while performing malicious tasks. You can usually clear a memory rootkit by restarting your computer, as a simple restart clears your machine’s memory of all processes. HOW ARE ROOTKITS DETECTED AND REMOVED? #1 System crashes: A rootkit that infects your computer's bootloader, hard drive, BIOS, or applications may cause system crashing software conflicts. HOW ARE ROOTKITS DETECTED AND REMOVED? #2 Software Malfunctions: Are you noticing slowdowns, mysterious settings changes, or web browser malfunctions? A rootkit can be responsible for such issues. HOW ARE ROOTKITS DETECTED AND REMOVED? #3 Antivirus crash: Should your antivirus deactivate without cause, try an anti-rootkit scan to search for malware. Afterwards, reinstall your cybersecurity software. https://www.techtarget.com/searchsecurity/definition/ worm https://softwarelab.org/what-is-a-computer-worm/ https://www.malwarebytes.com/computer-worm https://www.spiceworks.com/it-security/security- general/articles/what-is-adware/ https://www.kaspersky.com/resource- center/threats/adware REFERENCES https://www.spiceworks.com/it-security/security- general/articles/what-is-adware/ https://www.geeksforgeeks.org/difference-between- adware-and-spyware/ https://softwarelab.org/what-is-spyware/ https://sectigostore.com/blog/spyware-examples-4- real-life-examples-that-shook-2021/ https://gridinsoft.com/spyware https://www.malwarebytes.com/rootkit https://www.fortinet.com/resources/cyberglossary/root kit

Document Details

Related

Full Transcript

Upgrade to continue