Chapter 1 - 03 - Define Malware and its Types - 08_ocred.pdf

Full Transcript

SRR AYOEISECUrity Technician Information Security Threats and Vulnerabilities Exam 212-82 Types of Trojans Remote Access Trojans 2 Backdoor Trojans 3 Botnet Trojans 4 Rootkit Trojans 5 E-Banking Trojans 6 Service Protocol Trojans Mobile Trojans loT Trojans Security Software Disabler Trojans Destructive Trojans Point-of-Sale Trojans DDoS Attack Trojans Defacement Trojans Command Copyright 3. © by EC- computer, such as transf erring, modifying, or cor rupting software, and rebooting the machine, without user detect ion. Botnet Trojans: Today, most ‘ MCH. files, Shell Trojans All Rights Reserved. Reproduction installing is Strictly Prohibited. malicious major information security attacks involve botnets. Attackers (also known as “bot herders”) use botnet Tro jans to infect a large number of Module 01 Page 42 Certified Cybersecurity Tech nician Copyright © by EC-C ouncil All Rights Reserved. Reproduction ic Strir Certified Cybersecurity Technician Information Security Threats and Vulnerabilities 4. Exam 212-82 Rootkit Trojans: As the name indicates, “rootkit” consists of two terms, i.e., “root” and “kit.” “Root” is a UNIX/Linux term that is the equivalent of “administrator” in Windows. The word access to backdoors detected control of “kit” denotes programs that allow someone to obtain root-/admin-level the computer by executing the programs in the kit. Rootkits are potent that specifically attack the root or OS. Unlike backdoors, rootkits cannot be by observing services, system task lists, or registries. Rootkits provide full the victim OS to the attacker. E-Banking Trojans: E-banking Trojans are extremely dangerous and have emerged as a significant threat to online banking. They intercept the victim's account information before the system can encrypt it and send it to the attacker's command-and-control center. Installation of these Trojans takes place on the victim’s computer when he or she clicks a malicious email attachment or a malicious advertisement. Attackers program these Trojans to steal minimum and maximum monetary amounts, so that they do not withdraw all the money in the account, thereby avoiding suspicion. Point-of-Sale Trojans: As the name indicates, point-of-sale (POS) Trojans are a type of financial fraudulent malware that target POS and payment equipment such as credit card/debit card readers. Attackers use POS Trojans to compromise such POS equipment and grab sensitive information regarding credit cards, such as credit card number, holder name, and CVV number. Defacement Trojans: Defacement Trojans, once spread over the system, can destroy or change the entire content of a database. However, they are more dangerous when attackers target websites, as they physically change the underlying HTML format, resulting in the modification of content. In addition, significant losses may be incurred due to the defacement of e-business targets by Trojans. Service Protocol Trojans: These Trojans can take advantage of vulnerable service protocols such as VNC, HTTP/HTTPS, and ICMP, to attack the victim’s machine. Mobile Trojans: Mobile Trojans are malicious software that target mobile phones. Mobile Trojan attacks are increasing rapidly due to the global proliferation of mobile phones. The attacker tricks the victim into installing the malicious application. When the victim downloads the malicious app, the Trojan performs various attacks such as banking credential stealing, social networking credential stealing, data encryption, and device locking. 10. loT Trojans: Internet of things (loT) refers to the inter-networking of physical devices, buildings, and other items embedded with electronics. IoT Trojans are malicious programs that attack loT networks. These Trojans leverage a botnet to attack other machines outside the loT network. 11. Security Software Disabler Trojans: Security software disabler Trojans stop the working of security programs such as firewalls, and IDS, either by disabling them or killing the processes. These are entry Trojans, which allow an attacker to perform the next level of attack on the target system. Module 01 Page 43 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 12. Destructive Trojans: The sole purpose of a destructive Trojan is to delete files on a target system. Antivirus software may not detect destructive Trojans. Once a destructive Trojan infects a computer system, it randomly deletes files, folders, and registry entries as well as local and network drives, often resulting in OS failure. 13. DDoS Attack Trojans: These Trojans are intended to perform DDoS attacks on target machines, networks, or web addresses. They make the victim a zombie that listens for commands sent from a DDoS Server on the Internet. There will be numerous infected systems standing by for a command from the server, and when the server sends the command to all or a group of the infected systems, since all the systems perform the command simultaneously, a considerable amount of legitimate requests flood the target and cause the service to stop responding. 14. Command Shell Trojans: A command shell Trojan provides remote control of a command shell on a victim’s machine. A Trojan server is installed on the victim's machine, which opens a port, allowing the attacker to connect. The client is installed on the attacker's machine, which is used to launch a command shell on the victim’s machine. Netcat, DNS Messenger, GCat are some of the latest command shell Trojans. Module 01 Page 44 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.