Foot printing:

Footprinting means gathering information about a target system which can

be used to execute a successful cyber attack. To get this information, a
hacker might use various methods with variant tools. This information is the
first road for the hacker to crack a system. There are two types of footprinting
as following below. 
1. Active Footprinting: 
Active footprinting means to perform footprinting by getting in direct
touch with the target machine.
2. Passive Footprinting: 
Passive foot printing means collecting information of a system
located at a remote distance from the attacker.
What kind of information can be gathered from Footprinting? 
 Operating system of the target machine.
 Firewall.
 IP address.
 Network map.
 Security configurations of the target machine.
 Email id, password.
 Server configurations.
 URLs.
 VPN.
Sources – 
1. Social Media: 
Most people has the tendency to release most of their information
online. Hackers use this sensitive information in a big deal. They
may create a fake account for looking real to be added as friend or
to follow someone’s account for grabbing their information. 
 
2. JOB websites: 
Organizations share some confidential data in many JOB websites
like monsterindia.com. For example, a company posted on a
website : “Job Opening for lighttpd 2.0 Server Administrator”. From
this information can be gathered that an organization uses lighttpd
web server of version 2.0 . 
 
3. Google: 
Search engines such as Google have the ability to perform more
powerful searches than one can think and one had gone through. It
can be used by hackers and attackers to do something that has
been termed Google hacking. Basic search techniques combined
with advanced operators can do a great damage. Server operators
exist like “inurl:”,”allinurl:”,”filetype:”, etc. 

1|Page
 For example, devices connected to the Internet can be found. A
search string such as inurl:”ViewerFrame?Mode=” will find public
web cameras. “The “link:” search operator that Google used to
have, has been turned off by now (2017)”. 

Google can be used to uncover many pieces of sensitive

information that shouldn’t be revealed. A term even exists for the
people who blindly post this information on the internet, they are
called “Google Dorks”. 
 
4. Social Engineering: 
There are various techniques that fall in this category. A few of
them are: 
 Eavesdropping – Attacker tries to record personal
conversation of the target victim with someone that’s being
held over communication mediums like Telephone.
 Shoulder Surfing – In this technique Attacker tries to
catch the personal information like Email id, password,
etc; of the victim by looking over the victim’s shoulder
while the same is entering(typing/writing) his/her personal
details for some work. 
 
5. Archive.org: 
Archived version refers to the older version of the website which
existed in a time before and many features of the website has been
changed. archive.org is a website that collects snapshots of all the
website at a regular interval of time. This site can be used to get
some information that does not exist now but existed before on the
site. 
 
6. An Organization’s Website: 
Its the best place to begin for an attacker. If an attacker wants to
look for open source information, which is information freely
provided to clients, customers, or the general public then simply the
best option is: “ORGANISATION’s WEBSITE”. 
 
7. Using Neo Trace: 
NeoTrace is a powerful tool for getting path information. The
graphical display displays the route between you and the remote
site, including all intermediate nodes and their information.
NeoTrace is a well-known GUI route tracer program. Along with a
graphical route, it also displays information on each node such as

2|Page
 IP address, contact information, and location. 
 
8. Who is: 
This is a website which serves a good purpose for Hackers.
Through this website information about the domain name, email-id,
domain owner, etc; a website can be traced. Basically, this serves a
way for Website Footprinting.
Advantages: 
 Footprinting allows Hackers to gather the basic security
configurations of a target machine along with network route and
data flow.
 Once attacker finds the vulnerabilities he/she focuses towards a
specific area of the target machine.
 It allows the hacker to identify as to which attack is more handy to
hack the target system.
Counter Measures: 

 Avoid posting confidential data in social media websites.

 Avoid accepting unwanted friend requests on social media
platforms.

 Promotion of education on various hacking tricks.

 Usage of footprinting techniques for identifying and removing
sensitive information from social media platforms.

 Proper configuration of web servers to avoid loss of information

about system configuration.

 Scanning and its Tools

After making a list of attack-able IPs from Reconnaissance phase, we need
to work on phase 2 of Ethical hacking i.e., Scanning. Process of scanning is
divided into 3 parts.
1. Determine if system is on and working.
2. Finding ports on which applications are running.
3. Scanning target system for vulnerabilities.
Ping and Ping Sweeps :
Simplest way to check if a system is alive is to ping that system’s IP address.
A ping is a special form of packet called ICMP packet. On pinging a device
IP, an ICMP echo request message is sent to target, and target system send
an Echo reply packet in response of echo request message.
Echo reply message tells other valuable information other than telling
whether system is alive. It also tells round trip time of packets i.e, time taken
by ping message to reach back to us from target system. It also provides

3|Page
information about packet loss which can be helpful in determining reliability
of network.
A ping sweep is a method of pinging a list of IP automatically. Pinging a large
list of IPs can be time-consuming and problematic. Tool for Ping sweep is
Fping. Fping can be invoked by following command.
Fping -a -g 172.16.10.1 172.16.10.20
 The “-a” switch is used to show a list of only alive IP in our output.
 “-g” switch is used to specify a range of IP.
 In above command range of IP is 172.16.10.1 to 172.16.10.20.
Port Scanning :

In a Computer, there are a total of 65, 536 (0-65, 535) ports. Depending
upon nature of communication and application using a port, it can be either
UDP or TCP. Scanning system for checking which ports are alive and which
ports are used by different applications gave us a better idea about target
system.
Port Scanning is done by a tool called Nmap. Nmap is written by Gordon
“Fyodor” Lyon. It is available in both GUI and command-line interface.
Command :
nmap -sT/U -p 172.16.10.5
 “-s” is used to specify connection type.
 -sT means TCP and -sU means UDP connection.
 “-p” means to scan all ports of target IP.
Vulnerability Scanning :
Vulnerability is a weakness in software or system configuration that can be
exploited. Missing patches may result in the vulnerability of software.
Software vendors regularly provide patches for known issues. Some
Vulnerability leads to remote code execution which is a holy grail of hacking.
One of the tools for vulnerability scanning is Nessus. It can be downloaded
from website nessus.org. It contains thousands of plugins for vulnerability
scanning. A plugin is a small block of code send to target system IP for
purpose of vulnerability scanning.

Spoofing definition
Spoofing is the act of disguising a communication from an unknown source as being
from a known, trusted source. Spoofing can apply to emails, phone calls, and
websites, or can be more technical, such as a computer spoofing an IP address,
Address Resolution Protocol (ARP), or Domain Name System (DNS) server.

4|Page
Spoofing can be used to gain access to a target’s personal information, spread
malware through infected links or attachments, bypass network access controls, or
redistribute traffic to conduct a denial-of-service attack. Spoofing is often the way a
bad actor gains access in order to execute a larger cyber attack such as
an advanced persistent threat or a man-in-the-middle attack.

Successful attacks on organizations can lead to infected computer systems and

networks, data breaches, and/or loss of revenue—all liable to affect the
organization’s public reputation. In addition, spoofing that leads to the rerouting of
internet traffic can overwhelm networks or lead customers/clients to malicious sites
aimed at stealing information or distributing malware.

How spoofing works

Spoofing can be applied to a number of communication methods and employ various
levels of technical know-how. Spoofing can be used carry out phishing attacks,
which are scams to gain sensitive information from individuals or organizations. The
following different examples of spoofing attack methods gives more detail on how
different attacks work. 

Types of spoofing
Email Spoofing

Email spoofing occurs when an attacker uses an email message to trick a recipient
into thinking it came from a known and/or trusted source. These emails may include
links to malicious websites or attachments infected with malware, or they may
use social engineering to convince the recipient to freely disclose sensitive
information.

Sender information is easy to spoof and can be done in one of two ways:

 Mimicking a trusted email address or domain by using alternate letters or

numbers to appear only slightly different than the original
 Disguising the ‘From’ field to be the exact email address of a known and/or
trusted source

Caller ID Spoofing

With caller ID spoofing, attackers can make it appear as if their phone calls are
coming from a specific number—either one that is known and/or trusted to the
recipient, or one that indicates a specific geographic location. Attackers can then use
social engineering—often posing as someone from a bank or customer support—to
convince their targets to, over the phone, provide sensitive information such as
passwords, account information, social security numbers, and more.

Website Spoofing

Website spoofing refers to when a website is designed to mimic an existing site

known and/or trusted by the user. Attackers use these sites to gain login and other
personal information from users.

5|Page
IP Spoofing

Attackers may use IP (Internet Protocol) spoofing to disguise a computer IP address,

thereby hiding the identity of the sender or impersonating another computer system.
One purpose of IP address spoofing is to gain access to a networks that authenticate
users based on IP addresses.

More often, however, attackers will spoof a target’s IP address in a denial-of-service

attack to overwhelm the victim with traffic. The attacker will send packets to multiple
network recipients, and when packet recipients transmit a response, they will be
routed to the target’s spoofed IP address.

ARP Spoofing

Address Resolution Protocol (ARP) is a protocol that resolves IP addresses to Media

Access Control (MAC) addresses for transmitting data. ARP spoofing is used to link
an attacker’s MAC to a legitimate network IP address so the attacker can receive
data meant for the owner associated with that IP address. ARP spoofing is
commonly used to steal or modify data but can also be used in denial-of-service and
man-in-the-middle attacks or in session hijacking.

DNS Server Spoofing

DNS (Domain Name System) servers resolve URLs and email addresses to
corresponding IP addresses. DNS spoofing allows attackers to divert traffic to a
different IP address, leading victims to sites that spread malware.

How to protect against spoofing attacks

The primary way to protect against spoofing is to be vigilant for the signs of a spoof,
whether by email, web, or phone.

Do, when examining a communication to determine legitimacy, keep an eye out for:

 Poor spelling
 Incorrect/inconsistent grammar
 Unusual sentence structure or turns of phrase
These errors are often indicators that the communications are not from who they
claim to be.

Other things to watch out for include:

 The email sender address: sometimes addresses will be spoofed by changing one or
two letters in either the local-part (before the @ symbol) or domain name.
 The URL of a webpage: similar to email addresses, the spelling can be slightly
changed to trick a visitor not looking closely.  
Don’t click on unfamiliar links or download unfamiliar/unexpected attachments. If you
receive this in your email, send a reply to ask for confirmation. If an email address is
spoofed exactly, the reply will go to the actual person with the email address—not
the person spoofing it.

6|Page
Don’t take phone calls at face value; be wary of the information the caller is
requesting. Google the phone number presented on the caller ID to see if it’s
associated with scams. Even if the number looks legitimate, hang up and call the
number yourself, as caller ID numbers can be spoofed.

Spoofing can sometimes be easy to spot, but not always—more and more, malicious
actors are carrying out sophisticated spoofing attacks that require vigilance on the
part of the user. Being aware of different spoofing methods and their signs can help
you avoid being a victim.

Introduction to Keyloggers
Key loggers also known as keystroke loggers, may be defined as the
recording of the key pressed on a system and saved it to a file, and the that
file is accessed by the person using this malware. Key logger can be
software or can be hardware.
Working:
Mainly key-loggers are used to steal password or confidential details such as
bank information etc. First key-logger was invented in 1970’s and was a
hardware key logger and first software key-logger was developed in 1983.
Software key-loggers  :
Software key-loggers are the computer programs which are
developed to steal password from the victims computer.
However key loggers are used in IT organizations to
troubleshoot technical problems with computers and business
networks. Also Microsoft windows 10 also has key-logger
installed in it.
Applications of a Software-based Keylogger :

1. It is used to record keystrokes entered by the user.

2. It can be used to take any snapshots of any website that the user
visits.
3. It can also be used by the family member to monitor activities.
4. It can also be used for malicious purposes to steal any confidential
information of the user.
Can mobiles also get infected with the keylogger?
1. There is not a chance for the mobile to get infected if it is hardware
keyloggers. 
2. This is because mobile devices have a virtual keypad. 
3. This virtual keypad prevents the hardware keylogger to get access
to the data that is being typed. 
4. There is a chance that mobile devices can get infected with
software keyloggers. 

7|Page
 5. Now if the keylogger infects the mobile device, there is a chance of
the information getting stolen. 

6. The information that will be stolen are:-  emails, login pages, and
more.
Advantage of a Software-based Keylogger :
1. It can be installed on a system when the victim opens the
attachment sent in an email.
2. It gives the advantage of taking snapshots, recording videos, and
more.
3. They are not physically detectable.
Disadvantage of a Software-based Keylogger :
1. It sometimes gets detected by Anti-spyware.
Detect Software-based Keylogger :
1. The user should have an anti-virus system. It should enable the
user to detect any software keylogger.
2. The user should look at all the files that have been installed. If any
files look suspicious, the user should immediately remove that file.
Prevention of the Software-based Keylogger :
1. The user should perform the two-step authentication.
2. Users should use some encryption software. This encryption
software encrypts the word typed from the keyboard.

Hardware Key-loggers :
These are not dependent on any software as these are hardware key-
loggers. keyboard hardware is a circuit which is attached in a keyboard itself
that whenever the key of that keyboard pressed it gets recorded.

What is the reason to consider keylogger as a threat?

This software is very much dangerous for the user. With the help of the
Keylogger, a hacker can get to know the information that the user is typing
through their keyboard. It benefits the hacker to get to know the information
like account number, passwords, and confidential information for the user.  
Example of keylogger
In popular games like Grand Theft Auto 5, a keylogger was found to be
embedded in the game pod.
Introduction to Hardware Keylogger
It is a device that is used for recording the keystrokes. It starts its
applications when it is been plugged in. Now the information gets stored in
the device. So to retrieve the data hackers/attackers have to physically

8|Page
access that.  Now there might be an option to retrieve the data from the
hardware keylogger remotely. 
The operation of the hardware keylogger differs from the software keylogger.
There might be a chance of the software keylogger get detected, but the
hardware keylogger is undetectable. The hardware keylogger is undetectable
as it can appear as an external device that is attached to the computer. It is
not detectable by the anti-virus, and it is hard to be detectable. It allows the
attacker to get to know the confidential details and more details from the
victim.
Case study
 There was a case of collecting data about other employees in the
year 2015.  It was a German left-wing newspaper, where one found
a USB stick hardware keylogger.
 Now schools have become commonplace for using the hardware
keylogger. Their students use this Hardware Keylogger to increase
their grades.
 They are also used by the attacker to steal confidential data which
they can use to steal money from banks.
Hardware Keylogger key concepts 

 It is a physical device that is used for capturing keystrokes.

 For Hardware Keylogger one must have physical access.
 It can detect and can store the actual keystrokes entered by the
user/victim.
 Advantages of Hardware keylogger 
 It is undetectable.
 It is not detectable by the anti-virus.
 They are installed in the back of the computer which people often
miss out on.
The disadvantage of Hardware keylogger
 It can acts as a disadvantage if it is found by someone.
 They are physically detectable
Detect Hardware keylogger
 Detection of the Hardware Keylogger is tough. It is because nobody
pays attention if the hardware keylogger has been plugged into the
computer at its backside.
Prevent Hardware Keylogger
 One should have a computer case. The computer case will prevent
the access of the hardware keylogger.
 One should disable the extra USB ports which are not required.
Only those ports will be active which is required for use.

9|Page
  User/Victim should implement the two-factor authorization step. It
will prevent the attacker/hacker to get access to your account.
Difference between hardware keylogger and software keylogger
Hardware Keylogger:– This is a device that is used to record keystrokes. It
is attached to the computer, and it starts its applications when it is plugged
in. Now the information gets stored in the device. So to retrieve the data
hackers/attacker have to physically access that.  In short, we can say that
the Hardware Keylogger is much tough to detect than the software
keylogger.
Software Keylogger :- This is something that is installed on the hard drive.
This type of software is also called spy software. Now the software keylogger
can also be used by parents to monitor their kids, and it is also used for other
activities. This software keylogger may be better, but it is sometimes
detectable and can also be removed by the anti-virus.

1. USB keylogger –
There are USB connector key-loggers which has to be connected to
a computer and steals the data. Also some circuits are built into a
keyboard so no external wire i used or shows on the keyboard.
2. Smartphone sensors –
Some cool android tricks are also used as key loggers such as android
accelerometer sensor which when placed near to the keyboard can
sense the vibrations and the graph then used to convert it to
sentences, this technique accuracy is about 80%.
Now a days crackers are using keystroke logging Trojan, it is a
malware which is sent to a victims computer to steal the data and
login details.
So key-loggers are the software malware or a hardware which is used to
steal , or snatch our login details, credentials , bank information and many
more.
Some keylogger application used in 2020 are:
1. Kidlogger
2. Best Free Keylogger
3. Windows Keylogger
4. Refog Personal Monitor
5. All In One Keylogger

Prevention from key-loggers  :

These are following below-
1. Anti-Key-logger –
As the name suggest these are the software which are anti /
against key loggers and main task is to detect key-logger from a
computer system.

10 | P a g e
 2. Anti-Virus –
Many anti-virus software also detect key loggers and delete them
from the computer system. These are software anti-software so
these can not get rid from the hardware key-loggers.
3. Automatic form filler –
This technique can be used by the user to not fill forms on regular
bases instead use automatic form filler which will give a shield
against key-loggers as keys will not be pressed .
4. One-Time-Passwords –
Using OTP’s as password may be safe as every time we login we
have to use a new password.
5. Patterns or mouse-recognition –
On android devices used pattern as a password of applications and
on PC use mouse recognition, mouse program uses mouse
gestures instead of stylus.

What is Sniffing?
Sniffing is the technique of continuously monitoring and recording all data
packets that transit via a network. Network or system administrators employ
sniffers to monitor and troubleshoot network traffic. Hackers use sniffers to
capture data packets containing sensitive data such as passwords and account
information. Attackers install sniffers as hardware or software in the system.

Types of Sniffing Attacks

Let us discuss the different types of Sniffing attacks.

Active Sniffing

Active Sniffing is sniffing in the switch. It is a network device that connects two
points. This switch monitors the MAC addresses on each port, which ensures
that data is passed only to the appropriate destination. To sniff the traffic
between targets, sniffers must actively inject traffic into the LAN. There are
several ways to accomplish this.

Passive Sniffing

The process of Sniffing through the hub is called passive Sniffing. All machines
on an un-bridged or non-switched network segment will be able to see any
traffic passing through it. They operate on the data link layer of the network. A

11 | P a g e
hacker transmits a network packet across the LAN, where it reaches every
machine connected to it. Attackers can passively capture data by sending
sniffers.

Active Sniffing involves infesting the switch content address memory (CAM) table
with address resolution protocols (ARPs). Consequently, the attacker sniffs data
from the switch by redirecting legitimate traffic to other ports. There are several
active Sniffing techniques, including Spoofing, DHCP, and DNS poisoning. 

Since we have understood Sniffing in detail, let us have a look at Spoofing.

What is Spoofing?

Using a spoof to represent a communication coming from a known and trusted

source is Spoofing. It can be as simple as email Spoofing, phone Spoofing,
website Spoofing, or more technical such as a computer Spoofing an IP address,
ARP, or DNS server.

The purpose of a Spoofing attack is to gain access to sensitive data or

information by posing as a trustworthy source. Spamming can be done through
websites, emails, phone calls, texts, IP addresses, and servers. 

Different Types of Spoofing Attacks

The different types of Spoofing attacks are listed here –

Caller ID Spoofing 

Spoofing takes place when the caller ID is changed by using false information. To
hide their identity, phone scammers use Caller ID Spoofing to make it impossible
to block a number. In some cases, scammers will use your area code to disguise
the call as being local. 

Scammers often use Voice over Internet Protocol (VoIP) to spoof caller ID by
creating fake phone numbers and names. Scammers will attempt to get vital
information from the call recipient, once they answer the phone.

12 | P a g e
Email Spoofing

Scammers use fake sender addresses to harm your computer, steal your
information, or infect your computer with malware through email Spoofing.
Such emails look like they came from a friend or co-worker. This is so that you
can be fooled into thinking that the emails are legit. 

Using alternative numbers or letters to look slightly different from the original
will get you this result, or disguising the “from” field to become an address that
belongs to someone in your contact list.

Website Spoofing 

Scammers use legitimate fonts, colors, and logos to make a dangerous website
appear to be a secure one. Scammers replicate a trusted website so that users
visit a phishing or malicious site. Most of these copied sites look authentic at first
glance due to the similar website addresses. Nevertheless, their primary
purpose is to gather visitor information.

DNS Server Spoofing 

DNS Spoofing, also known as cache poisoning, is the process of rerouting traffic
to a different IP address. Malicious websites will be redirected to this page.
Scammers do this by replacing the DNS server’s IP addresses with their own. 

Enroll in our  Cyber Security course  to learn more about this domain and get
certified from experts!

GPS Spoofing 

A GPS Spoofing attack occurs when fake signals resemble real signals and are
broadcast to fool GPS receivers. Essentially, scammers pretend to be in one
place, while, in reality, being in another place. 

Scammers use this type of attack to interfere with GPS signals of ships, buildings,
or aircrafts such as to drive them to wrong addresses. Apps that rely on the
location data from a smartphone are potentially vulnerable to this type of attack.

13 | P a g e
ARP Spoofing 

ARP Spoofing is to manipulate and steal data as well as hijack sessions. As a

result, spammers will connect their media access control to the IP address to
access the data belonging to the owner of that address.

Man-in-the-Middle (MitM) attack

MitM attacks occur when scammers hack a Wi-Fi network or create an identical

counterfeit network to intercept web traffic between two parties. This allows
scammers to reroute credit card numbers or login information to themselves.

Text Message Spoofing

The practice of Spoofing texts occurs when scammers use another person’s
phone number to send a text message. Scammers use alpha-numeric sender IDs
to mask their identity, and they normally link to phishing or malware downloads.
Make sure that you are familiar with mobile security tips, if you fear your data is
being compromised.

Extension Spoofing 

Extension Spoofing is used by scammers to mask malware extension folders.

These hacker files are often renamed as filename.txt.exe, and have malware
hidden inside. The malicious program that runs when a file appears to be a text
document is a text document.

Our blog on  Cyber Security Interview Questions  will help you if you are
preparing for Cyber Security Interview questions. 

Now, let us understand the difference between Sniffing and Spoofing.

Difference Between Sniffing and Spoofing

Sniffing takes place when an attacker collects data packets that pass over a
network by utilizing packet sniffers and data traffic in the network.

14 | P a g e
In contrast to Sniffing, Spoofing happens when an attacker steals a user’s rights
and uses them to acquire legitimate user access to a system to execute attacks
against network hosts, steal data, distribute malware, or evade access controls.

Spoofing is when an attacker creates TCP/IP using another person’s IP address. A

sniffer software is placed between two interactive endpoints in packet Sniffing,
where the attacker pretends to be one end of the connection to the target and
snoops on data sent between the two points.

Comparing IP Sniffing and IP Spoofing

To understand what is IP Sniffing and IP Spoofing, it is first necessary to

understand what these terms mean. The attacker manipulates authorized
readers to acquire valuable information by falsifying them, so as to scan legal
tags. Attackers who spoof a system appear to be authorized and official
operators. 

Spoofing attacks are duplicating factors because the system’s authorized users
perform the same action. As opposed to counterfeiting or Sniffing, Spoofing
methods are distinct from these other types of attacks. First, let us define packet
Sniffing and packet Spoofing before learning their differences:

The technique of gathering, collecting, and logging some or all packets transiting
across a computer network is known as packet Sniffing. Every packet, or a
determined selection of packets, can be gathered in this manner for subsequent
analysis. As a network administrator, you may utilize the acquired data for
several tasks including bandwidth and traffic monitoring.

Hackers use the IP Spoofing technique to disguise their locations when they
send or request data online. By impersonating an IP address, a computer can be
misled into believing that information being sent to it is from an officially
authorized source, and malicious content can be sent through.  

A packet sniffer is a software or method for capturing network packets without

changing them in any manner.

In simple terms, packet Sniffing is listening in on other people’s communications.

Packet Spoofing is the dynamic presentation of fake network traffic that
impersonates someone else.

15 | P a g e
Packet Sniffing is a passive attack since attackers cannot mutilate the system in
any way. In packet Spoofing, stackers inject malicious software into the victim’s
system.

Attackers get access to the device or system that directs traffic in the packet and
carry out packet Spoofing attacks by sending packets with false source
addresses, i.e., changing routing tables.

Encryption is a common technique that is used to fight against Sniffing, while

digital signatures are the most effective means to combat Spoofing.

Protection Against Sniffing and Spoofing

The development of technology brings more and more new cyber threats, so
staying informed about the protection measures is imperative to be able to
combat and defend against illegal hackers. We have listed a few points that you
can follow to keep your devices safe from hackers.

Sniffing

 Set up a strong antivirus on your device

 Secure your data with a VPN
 Avoid visiting unencrypted websites
 Avoid using public Wi-Fi
 Do not use unencrypted messaging apps

Spoofing

 Implement packet filtering with deep packet inspection

 Verify the authenticity of users and systems
 Use Spoofing detection software
 Implement encrypted and authenticated protocols

 
Conclusion

It is high time you start protecting your devices and save yourselves from
malicious attacks. If you think cyber security could be a career for you, then
enroll for the Cyber Security course from our Intellipaat website. 

What Is Malware?
Malware is intrusive software that is designed to damage and destroy
computers and computer systems. Malware is a contraction for “malicious

16 | P a g e
software.” Examples of common malware includes viruses, worms, Trojan
viruses, spyware, adware, and ransomware.
How do I protect my network against malware?
Typically, businesses focus on preventative tools to stop breaches. By securing the perimeter,
businesses assume they are safe. Some advanced malware, however, will eventually make
their way into your network. As a result, it is crucial to deploy technologies that continually
monitor and detect malware that has evaded perimeter defenses. Sufficient advanced malware
protection requires multiple layers of safeguards along with high-level network visibility and
intelligence.
How do I detect and respond to malware?
Malware will inevitably penetrate your network. You must have defenses that provide
significant visibility and breach detection. In order to remove malware, you must be able to
identify malicious actors quickly. This requires constant network scanning. Once the threat is
identified, you must remove the malware from your network. Today's antivirus products are
not enough to protect against advanced cyber threats. Learn how to update your antivirus
strategy.
Types of malware
Virus
Viruses are a subgroup of malware. A virus is malicious software attached to a document or
file that supports macros to execute its code and spread from host to host. Once downloaded,
the virus will lay dormant until the file is opened and in use. Viruses are designed to disrupt a
system’s ability to operate. As a result, viruses can cause significant operational issues and
data loss.

Worms
Worms are a malicious software that rapidly replicates and spreads to any device within the
network. Unlike viruses, worms do not need host programs to disseminate. A worm infects a
device via a downloaded file or a network connection before it multiplies and disperses at an
exponential rate. Like viruses, worms can severely disrupt the operations of a device and
cause data loss.

Trojan virus
Trojan viruses are disguised as helpful software programs. But once the user downloads it,
the Trojan virus can gain access to sensitive data and then modify, block, or delete the data.
This can be extremely harmful to the performance of the device. Unlike normal viruses and
worms, Trojan viruses are not designed to self-replicate.

Spyware
Spyware is malicious software that runs secretly on a computer and reports back to a remote
user. Rather than simply disrupting a device’s operations, spyware targets sensitive
information and can grant remote access to predators. Spyware is often used to steal financial
or personal information. A specific type of spyware is a keylogger, which records your
keystrokes to reveal passwords and personal information.

17 | P a g e
Adware
Adware is malicious software used to collect data on your computer usage and provide
appropriate advertisements to you. While adware is not always dangerous, in some cases
adware can cause issues for your system. Adware can redirect your browser to unsafe sites,
and it can even contain Trojan horses and spyware. Additionally, significant levels of adware
can slow down your system noticeably. Because not all adware is malicious, it is important to
have protection that constantly and intelligently scans these programs.

Ransomware
Ransomware is malicious software that gains access to sensitive information within a system,
encrypts that information so that the user cannot access it, and then demands a financial
payout for the data to be released. Ransomware is commonly part of a phishing scam. By
clicking a disguised link, the user downloads the ransomware. The attacker proceeds to
encrypt specific information that can only be opened by a mathematical key they know.
When the attacker receives payment, the data is unlocked.

Fileless malware
Fileless malware is a type of memory-resident malware. As the term suggests, it is malware
that operates from a victim’s computer’s memory, not from files on the hard drive. Because
there are no files to scan, it is harder to detect than traditional malware. It also makes
forensics more difficult because the malware disappears when the victim computer is
rebooted. In late 2017, the Cisco Talos threat intelligence team posted an example of fileless
malware that they called DNSMessenger.

18 | P a g e