Josielyn L.

Taro
CpE 701

Pre-Final Task Performance 1

Part I.
 Adware
1. Appearch – is an adware program that acts as a browser hijacker. Usually bundled with
other free software, it inserts so many ads into the browser that it makes surfing next-to-
impossible (www.softwarelab.org).
2. DollarRevenue – is one of the first major adware programs to affect millions of computers
worldwide. It would install a browser toolbar on the affected computer to track the internet
searches performed on the computer. On top of that, the program would also show
deceptive ads, both on-page and in the form of pop-up windows (www.softwarelab.org).
 Spyware
1. CoolWebSearch - This program would take advantage of the security vulnerabilities in
Internet Explorer to hijack the browser, change the settings, and send browsing data to its
author (www.softwarelab.org).
2. Keyloggers - are spyware programs that record the keystrokes typed on a keyboard
connected to an infected computer. While hardware-based keyloggers record each
keystroke in real time, software-based keystroke loggers collect periodic screenshots of the
currently active windows. This, in turn, allows them to record passwords (if they are not
encrypted on-screen), credit card details, search histories, email and social media
messages, as well as browser histories (www.softwarelab.org).
 Ransomware
1. Cryptolocker - is known for encrypting the user’s files and requires a payment later to open
it. Comodo creates a shadow version of the hard drive to immediately protect the important
files from cryptolocker. It tricks the malware that it has infected the files, when in fact it has
only encrypted the shadow version (comodo.com).
2. Jigsaw - is another one of those ransomware examples that’s already rendered useless by
Comodo AdvancEd Endpoint Protection. Jigsaw is capable of encrypting and deleting files.
It encrypts the files first and deletes it after an hour if the user fails to pay the ransom
(comodo.com)
  Trojan Horse
1. Backdoor - It gives malicious users remote access over the infected computer. They can do
whatever they want such as sending, receiving, launching and deleting files, displaying data
and rebooting the endpoint (comodo.com).
2. Tiny Banker - which allowed attackers to steal sensitive financial information. Researchers
in the Center for Strategic and International Studies Security Group identified 'Tinba' in 2012
after two dozen major U.S. banks were infected (comodo.com).
 Rootkit
1. ZeroAccess - kernel mode rootkit that went on to infect more than 2 million computers
around the world. Rather than directly affecting the functionality of the infected computer,
this rootkit silently downloads and installs malware on the infected machine and makes it
part of a worldwide botnet used by hackers to carry out cyber-attacks. Despite a few serious
attempts to destroy it, ZeroAccess remains active to this day (softwarelab.org).
2. Flame - a rootkit that was primarily used for cyber espionage in the Middle East. Affecting
the whole of the computer’s operating system, Flame has the ability to monitor network
traffic, capture screenshots and audio from the computer, and even log keyboard activity.
Although the culprits are still unknown, research revealed that 80 servers across three
continents were used to access the infected computers (softwarelab.org).
Part II.
a. The title of the article is “Malware slingers step up efforts to target gamers on Discord”.
b. The writer of the article is John Leyden.
c. The article was published on February 10, 2021.
d. The article was found on this link: https://portswigger.net/daily-swig/malware-slingers-step-
up-efforts-to-target-gamers-on-discord
e. This kind of attack is possible to prevent by using preventive measures in the side of the
gamers and avoiding unknown files which might be a form of malware. There are no ways to
prevent malware attacks but there are reliable ways to detect and block attacks, thus
protecting your systems from being infected by malicious software. First is to install anti-
virus and anti-spyware software. Use secure authentication methods by requiring strong
passwords. Keep software updated to safeguard your system from malware. A hacker only
needs an open door to infiltrate your business. Limit the number of possible entryways by
restricting application privileges on your devices. Allow only the application features and
functions that are absolutely necessary to get work done.
f. The impact of the attack to the environment of Discord is extensive. Multiple categories
of malware are being served through the CDN service, from ransomware to information
 stealers and crypto-miners. Zscaler said it has caught more than 100 unique malicious
samples from Discord in zscaler cloud over the last two months alone. The attack usually
starts with spam emails in which prospective marks are lured with legitimate-looking
templates into downloading next-stage payloads. Malware-tainted files are disguised as
cracked software or gaming software in order to target gamers – an attractive target for
miscreants because they typically use high specification PCs. The tactic is not new and has
been observed in many other campaigns in the past using Discord as malware hosting
platform.
g. The company of discord, who was attacked, could not cope with the consequences as of
now, since their platform doesn’t have a report abuse button corresponding to shared file
but does have a web link to report abuse which is not so user friendly like other cloud
services.