Cyber Security

Lecture 3

Amina Tufail
Malware
• A Malware (malicious software) is
software that intentionally designed to
cause damage to computer systems.
• Malware has a malicious intent, acting
against the interest of the computer user.
• Malware does not include software that
causes unintentional harm due to some
deficiency, which is typically described as
software bug.

2
Malware
• Malware does the damage after it is
implanted or introduced in some way into
a target’s computer.
• One strategy for protecting against
malware is to prevent the malware
software from gaining access to the target
computer.
• Antivirus, firewalls, IPS and other
strategies are used to help protect against
the introduction of malware.

3
Malware
• Viruses, worms, Trojan horses, bombs,
spyware, adware, ransomware, scareware
are subgroups of malware.

4
What malware can do?
• Steal personal or business information
• Delete, damage files and data
• Financial fraud
• Use your computer as relay

5
Viruses
• A type of malware program that can infect
other programs by modifying them.
• A computer virus can replicate itself and
spread from one computer to another
through a carrier.

6
6
Viruses
• A virus needs a host file

• Requires user interaction

—Like opening a file
—User Propagated Infected
File
• Different types of viruses
—Program viruses
—Boot viruses Virus
as
—Macro viruses payload
Viruses
• 4 phases:
—Dormant phase: It is idle, waiting for some
event
—Triggering phase: activated to perform some
intended actions
—Execution phase: execute the payload
—Propagation phase: Copy itself into other
programs

8
Worms
• More dangerous than virus
• A malicious piece of code that spreads itself from
computer to computer by exploiting
vulnerabilities.
—A worm needs no host file
—Self propagation: spreads without user
interaction
• Worm is designed to replicate itself and disperse
throughout the user’s network.
• Example: Morris worm, blaster worm
Worms
• 2nd generation of worms automatically search for
vulnerable computers and infect them
—Whole Internet can be infected in less than 20
minutes
• Two types, can spread via
—Email attachments
—LAN or Internet
Email Worm
• Email worm goes into a user’s
contact/address book and chooses every
user in that contact list.
• It then copies itself and puts itself into an
attachment; then the user will open the
attachment and the process will start over
again!
• Example: I LOVE YOU WORM

11
Internet Worms
• A internet worm is designed to be
conspicuous to the user.
• The worms scans the computer for open
internet ports that the worm can
download itself into the computer.
• Once inside the computer the worms
scans the internet to infect more
computers.

12
Trojans
• Also called as Trojan Horse is a program or
software designed to look like a useful or
legitimate file.
• A program with hidden functionalities that
are
not specified in the program
documentation.
• Once the program is installed and opened it
steals information or deletes data.
• Trojan horses compared to other types of
malware is that it usually runs only once and
then is done functioning.
• Programs with hidden malicious
functionalities
•
Adware
• Adware is a type of malware designed to
display advertisements in the user’s
software.
• They can be designed to be harmless. But
could be use to steel user likeliness to
gathers information on what the user
searches the World Wide Web for.
• With this gathered information it displays
ads corresponding to information
collected.

14
Adware

15
Spyware
• Spyware is like adware it spies on the
user to see what information it can collect
off the user’s computer to display pop
ads on the user’s computer.
• Spyware unlike adware likes to use
memory from programs running in the
background of the computer to keep close
watch on the user.
• This most often clogs up the computer
causing the program or computer to slow
down.
16
Malicious Scripts
• Malicious scripts written in JavaScript, VBScript, ActiveX,
Flash, etc

• Can be hidden in e-mails or websites

— Flash banners and included JavaScript files
— Cross Site Script (XSS)
— Cookie steal
Backdoors & Rootkits
• A secret entry point into a system that allows someone
aware of the trap door to gain access without going
through the usual security access procedures

• Backdoors
— Usually left by programmers for debugging and testing
purposes, intentionally or unintentionally

• Rootkits
— Usually installed by an attacker after having gained
root/administrator access
— Modifies the entire system and avoids detection
Logical Bombs
• Malicious code programmed to be activated on a
specific date, time or circumstances

• Action could be everything from formatting hard drive to

display a silly message on the user’s screen

• Often combined with a virus/worm (e.g, Chernobyl virus)

Ransomware
• Ransomware is a type of malicious software that threatens
to publish the victim's data or temporarily block access to
data or system, unless a ransom is paid.
• Vistm’s data is encrypted. System is unavailable to access
unless money is paid to attacker
• Financial payment is mostly done through bit-coin
currency.
• Ransomware attacks are typically carried out using a
Trojan acting legitimate file that the user is tricked into
downloading or opening when it arrives as an email
attachment.
• Ransomware ―WannaCry worm‖ traveled automatically
between computers without user interaction.

20
Ransomware
• CryptoLocker was particularly successful, procuring an
estimated US $3 million before it was taken down by
authorities.
• CryptoWall was estimated by the (FBI) to have accrued
over US $18m by June 2015
• Russian ransomware

To unlock you need to send an SMS with the

text 4121800286 to the number 3649.
Enter the resulting code: Any attempt to
reinstall the system may lead to loss of
important information and computer damage

21
Scare-ware
• Type of malware which uses social engineering to cause
shock, anxiety or the perception of a threat in order to
manipulate users into buying unwanted software.
• The "scareware" label can also apply to any application or
virus which pranks users with intent to cause anxiety or
panic.
• This class of program tries to increase its perceived value
by bombarding the user with constant warning
messages that do not increase its effectiveness in any
way like cleaning, scanning software.
• Example of scareware is Smart Fortress. This site scares
people into thinking they have lots of viruses on their
computer and asks them to buy the professional service

22
Keyloggers
• A keylogger, sometimes called a keystroke logger is a type
of surveillance software used to monitor and record each
keystroke typed on a specific computer's keyboard.
• Keylogger software is also available for use on smart
phones, such as Apple's iPhone and Android
devices.
• A hardware-based keylogger are part of the computer
cabling is a small device that serves as a connector
between the computer keyboard and the computer.,
making it relatively easy for someone who wants to
monitor a user's behavior to hide such a device.

23
Blended Threats
• Advanced malicious software that combines the
characteristics of viruses, worms, trojans and malicious
scripts are sometimes
called ―Blended Threats‖
— It’s hard to know where to draw the line

• Exploits one or many vulnerabilities in

programs or operating system

*
How can we protect ourselves
• Use an antivirus program and keep it up
to date!
—Yes they only protect from know malicious
code out there, but it’s still something!
• Keep your Operating System up to
date!
—Windows is one of the most hacked OS on the
market.
—The updates are mostly focused on security
patches
• Keep your Application System up to
date!
—The updates are mostly focused on security 25
Antivirus Programs
• Antivirus programs are designed to detect
malware trying to enter the user’s
system.
• There are several ways a antivirus
program can track malware entering the
computer.
• Antivirus can use:
—Signature based detection
—Heuristics
—Cloud Antivirus

26
Impossibility

It is not possible to build a perfect

virus/malware detector
(Cohen)

27
Become An Informed User!
• Become aware of what you are doing on
the internet!
—Don’t click on pop up ads!

—Keep up to date on current issues happening

on the web!

28
Data exposure at Pegasus Airlines
due to employee negligence

29
•
Leak of Cash App’s customer data
by a disgruntled employee

30
•
Questions ?