Cyber Security

BCC-401
L-13
Dr. Urvashi Chugh
Associate Professor
IT Department
Keyloggers and Spywares
• Keystroke logging, often called keylogging, is the practice of noting (or
logging) the keys struck on a keyboard, typically in a covert manner so
that the person using the keyboard is unaware that such actions are
being monitored.
• Keystroke logger or keylogger is quicker and easier way of capturing
the passwords and monitoring the victims’ IT savvy behavior. It can be
classified as software keylogger and hardware keylogger.
Software Keyloggers
• Software keyloggers are software programs installed on the computer systems
which usually are located between the OS and the keyboard hardware, and
every keystroke is recorded.
• Software keyloggers are installed on a computer system by Trojans or viruses
without the knowledge of the user.
• Cybercriminals always install such tools on the insecure computer systems
available in public places (i.e., cybercafés, etc) and can obtain the required
information about the victim very easily.
• A keylogger usually consists of two files that get installed in the same
directory: a dynamic link library (DLL) file and an EXEcutable (EXE) file that
installs the DLL file and triggers it to work. DLL does all the recording of
keystrokes
Hardware Keyloggers
• Hardware keyloggers are small hardware devices.
• These are connected to the PC and/or to the keyboard and save every
keystroke into a file or in the memory of the hardware device.
• Cybercriminals install such devices on ATM machines to capture ATM
Cards’ PINs.
• Each keypress on the keyboard of the ATM gets registered by these
keyloggers.
• These keyloggers look like an integrated part of such systems; hence,
bank customers are unaware of their presence.
Malwares
• Malware, short for malicious software, is a software designed to infiltrate a
computer system without the owner’s informed consent.Malware can be
classified as follows:
• 1. Viruses and worms:
• 2. Trojan Horses:
• 3. Rootkits:
• 4. Backdoors:
• 5. Spyware:
• 6. Botnets:
• 7. Keystroke loggers:
Viruses and worms
• Computer virus is a program that can “infect” legitimate programs by
modifying them to include a possibly “evolved” copy of itself.
• Viruses spread themselves, without the knowledge or permission of
the users, to potentially large numbers of programs on many machines.
• A computer virus passes from computer to computer in a similar
manner as a biological virus passes from person to person.
• Viruses may also contain malicious instructions that may cause damage
or annoyance; the combination of possibly Malicious Code with the
ability to spread is what makes viruses a considerable concern.
• Malware includes computer viruses, worms, Trojans, most Rootkits,
Spyware, dishonest Adware, crimeware and other malicious and
unwanted software as well as true viruses.
• Viruses are sometimes confused with computer worms and Trojan
Horses, which are technically different. 
• A worm spreads itself automatically to other computers through
networks by exploiting security vulnerabilities, whereas a Trojan is a
code/program that appears to be harmless but hides malicious
functions.
Figure: Virus Spread Through Internet
Figure: Virus Spread Through stand alone
System
Types of Viruses
• 1. Boot sector viruses: It infects the storage media on which OS is stored (e.g., hard drives) and
which is used to start the computer system.
• 2. Program viruses: These viruses become active when the program file (usually with extensions .bin,
.com,.exe, .ovl, .drv) is excuted
• 3. Multipartite viruses: It is a hybrid of a boot sector and program viruses. It infects program files
along with the boot record when the infected program is active.
• 4. Stealth viruses: It hides itself and so detecting this type of virus is very difficult. It can hiding itself
such a way that antivirus software also cannot detect it. Example for Stealth virus is “Brain Virus”.
• 5. Polymorphic viruses: It acts like a “chameleon” that changes its virus signature (i.e., binary
pattern) every time it spreads through the system (i.e., multiplies and infects a new file). Hence, it is
always difficult to detect polymorphic virus with the help of an antivirus program.
• 6. Macro viruses: Many applications, such as Microsoft Word and Microsoft Excel, support MACROs
(i.e., macrolanguages). These macros are programmed as a macro embedded in a document. Once
macrovirus gets onto a victim’s computer then every document he/she produces will become
infected.
Trojan Horses
• Trojan Horse is a program in which malicious or harmful code is contained
inside apparently harmless programming or data in such a way that it can get
control and cause harm, for example, ruining the file allocation table on the
hard disk.
• Like Spyware and Adware, Trojans can get into the system in a number of
ways, including from a web browser, via E-Mail.
• On the surface, Trojans appear benign and harmless, but once the infected
code is executed, Trojans kick in and perform malicious functions to harm the
computer system without the user’s knowledge.
• For example, waterfalls.scr is a waterfall screen saver as originally claimed by
the author; however, it can be associated with malware and become a Trojan to
unload hidden programs and allow unauthorized access to the user’s PC
Some typical examples of threats by Trojans
are as follows

• 1. They erase, overwrite or corrupt data on a computer.

• 2. They help to spread other malware such as viruses (by a dropper
Trojan).
• 3. They deactivate or interfere with antivirus and firewall programs.
• 4. They allow remote access to your computer (by a remote access
Trojan).
• 5. They upload and download files without your knowledge.
• 6. They gather E-Mail addresses and use them for Spam.
• 7. They log keystrokes to steal information such as passwords and
credit card numbers.
• 8. They copy fake links to false websites, display porno sites, play
sounds/videos and display images.
• 9. They slow down, restart or shutdown the system.
• 10. They reinstall themselves after being disabled.
• 11. They disable the task manager.
• 12. They disable the control panel
Backdoors
• A backdoor is a means of access to a computer program that bypasses security
mechanisms. A programmer may sometimes install a backdoor so that the
program can be accessed for troubleshooting or other purposes.
• However, attackers often use backdoors that they detect or install themselves as
part of an exploit.
• In some cases, a worm is designed to take advantage of a backdoor created by an
earlier attack.
• A backdoor works in background and hides from the user.
• It is very similar to a virus and, therefore, is quite difficult to detect and
completely disable.
• A backdoor is one of the most dangerous parasite, as it allows a malicious person
to perform any possible action on a compromised system
• 1. It allows an attacker to create, delete, rename, copy or edit any file,
execute various commands; change any system settings; alter the
Windows registry; run, control and terminate applications; install
arbitrary software and parasites.
• 2. It allows an attacker to control computer hardware devices, modify
related settings,shutdown or restart a computer without asking for
user permission.
• 3. It steals sensitive personal information, valuable documents,
passwords, login names, ID details; logs user activity and tracks web
browsing habits
• Following are a few examples of backdoor Trojans:
• 1. Back Orifice
• 2. Bifrost:
• 3. SAP backdoors
• 4. Onapsis Bizploit:
Follow the following steps to protect your
systems from Trojan Horses and backdoors:
• 1. Stay away from suspect websites/weblinks:
• 2. Surf on the Web cautiously:
• 3. Install antivirus/Trojan remover software: