FUNDAMENTALS OF I NFORMATI ON SECURI TY

VALUE ADDED COURSE

I I MSC I NFORMATI ON TECHNOLOGY

Unit - I I I
MALWARE :
Viruses , Worms and Troj ans, Topological worms , Internet Propagation Model for
Worms.

Malware :

software that is specifically designed to disrupt, damage, or gain unauthorized access

to a computer system.
Malware, or “malicious software,” is an umbrella term that describes any malicious
program or code that is harmful to systems.
Your screen is inundated with annoying ads. Unexpected pop-up ads are a typical sign
of a malware infection. They’re especially associated with a form of malware known
as adware.
What’s more, pop-ups usually come packaged with other hidden malware threats. So if
you see something akin to “CONGRATULATI ONS, You’ve won a free psychic reading!”
in a pop-up, don’t click on it. Whatever free prize the ad promises, it will cost you
plenty.

TYPES OF MALWARE:
Here are the most common offenders in the rogues’ gallery of malware:
● Adware is unwanted software designed to throw advertisements up on your
screen, most often within a web browser. Typically, it uses an underhanded
method to either disguise itself as legitimate, or piggyback on another program
to trick you into installing it on your PC, tablet, or mobile device.
● Spyware is malware that secretly observes the computer user’s activities
without permission and reports it to the software’s author.
● A virus is malware that attaches to another program and, when executed—
usually inadvertently by the user—replicates itself by modif ying other computer
programs and infecting them with its own bits of code.
● Worms are a type of malware similar to viruses. Like viruses, worms are self -
replicating. The big difference is that worms can spread across systems on
their own, whereas viruses need some sort of action from a user in order to
initiate the infection.
● A Troj an, or Troj an horse, is one of the most dangerous malware types. It
usually represents itself as something useful in order to trick you. Once it’s on
your system, the attackers behind the Troj an gain unauthorized access to the
affected computer. From there, Troj ans can be used to steal financial
information or install other forms of malware, often ransomware.
● Ransomware is a form of malware that locks you out of your device and/or
 encrypts your files, then forces you to pay a ransom to regain access. Ransomware
has been called the cybercriminal’s weapon of choice because it demands a
quick, profitable payment in hard-to-trace cryptocurrency. The code behind
ransomware is easy to obtain through online criminal marketplaces and
defending against it is very difficult. While ransomware attacks on individual
consumers are down at the moment, attacks on businesses are up 365 percent
for 2019. As an example, the Ryuk ransomware specifically targets high-
profile organizations that are more likely to pay out large ransoms. For more,
check out the Malwarebytes Labs Ransomware Retrospective.
● Rootkit is a form of malware that provides the attacker with administrator
privileges on the infected system, also known as “root” access. Typically, it is
also designed to stay hidden from the user, other software on the system, and
the operating system itself .
● A keylogger is malware that records all the user’s keystrokes on the keyboard,
typically storing the gathered information and sending it to the attacker, who is
seeking sensitive information like usernames, passwords, or credit card details.
● Malicious cryptomining, also sometimes called drive-by mining
or cryptoj acking, is an increasingly prevalent malware usually installed by a
Troj an. It allows someone else to use your computer to mine cryptocurrency like
Bitcoin or Monero. So instead of letting you cash in on your own computer’s
horsepower, the cryptominers send the collected coins into their own account
and not yours. Essentially, a malicious cryptominer is stealing your resources to
make money.
● Exploits are a type of malware that takes advantage of bugs
and vulnerabilities in a system in order to give the attacker access to your
system. While there, the attacker might steal your data or drop some form of
malware. A zero-day exploit refers to a software vulnerability for which there
is currently no available defense or fix.

How to remove malware

Follow these three easy steps to remove malware from your device.
1. Download and install a good cybersecurity program. As it happens, Malwarebytes
has programs for every platform
2. Run a scan using your new program. Even if you don’t opt for Malwarebytes
Premium, the free version of Malwarebytes is still great at removing malware. The
free version, however, does not proactively stop threats from getting on your system in
the first place.
3. Change all your passwords. Now that you know you’re not being snooped on by some
form of malware, you need to reset your passwords—not only for your PC or mobile
device, but also your email, your social media accounts, your favorite shopping sites, and
your online banking and billing centers.
WORMS
A computer worm is a subset of the Troj an horse malware that can propagate or self -
replicate from one computer to another without human activation after breaching a
system. Typically, a worm spreads across a network through your Internet or LAN (Local
Area Network) connection. Naturally, you must be wondering what is a Troj an and how
does it relate to computer worms?
To keep it brief , a Troj an uses trickery and social engineering to deceive people into
running it. For example, a Troj an may pretend to be legitimate software. A worm is a
type of Troj an because it normally relies on social engineering to attack systems.

How does a computer worm spread?

● Phishing: Fraudulent emails that look authentic can carry worms in corrupt
attachments. Such emails may also invite users to click malicious links or visit
websites designed to infect users with worms.
● Spear-Phishing: Targeted phishing attempts can carry dangerous malware like
ransomware cryptoworms.
● Networks: Worms can self -replicate across networks via shared access.
● Security holes: Some worm variants can infiltrate a system by exploiting
software vulnerabilities.
● File sharing: P2P file networks can carry malware like worms.
● Social networks: Social platforms like MySpace have been affected by
certain types of worms.
● Instant messengers (I Ms): All types of malware, including worms, can spread
through text messages and I M platforms such as Internet Relay Chat (I RC).
● External devices: Worms can infect USB sticks and external hard drives.

What does a computer worm do?

Once a computer worm has breached your computer’s defenses it can perform several
malicious actions:
● Drop other malware like spyware or ransomware
● Consume bandwidth
● Delete files
● Overload networks
● Steal data
● Open a backdoor
● Deplete hard drive space

Computer worm vs. virus

Some people think that a computer worm and computer virus are the same things
because the two behave similarly. They may even use the terms like “worm computer
virus” or “worm virus malware.” The truth is that the two are comparable but different
threats.
The defining difference between a virus and a worm is that viruses rely on human
action for activation and need a host system to replicate. In other words, a virus won’t
harm your system unless you run it. For example, a virus on a flash drive connected to
your computer won’t damage your system unless you activate it. And as mentioned
above, a worm doesn’t need a host system or user action to spread.

Computer worm examples

Over the years, there have been some particularly devastating worms. Some worms have
caused billions in damage. Here is a brief list of some infamous ones:
● Morris Worm: Also known as the Internet worm, this was one of the first
computer worms to spread via the Internet and earn notoriety in the media.
● Bagle: Also known as Beagle, Mitglieder, and Lodeight, this mass-mailing worm
had many variants.
● Blaster: Also known as MSBlast, Lovesan, and Lovsan, this worm attacked
computers running Windows XP and Windows 2000.
● Conficker: Also known as Downup, Downadup, and Kido, this worm exploited
flaws in Windows to infect millions of computers in over a hundred countries.
● I LOVEYOU: The I LOVEYOU worm infected tens of millions of computers
globally, resulting in billions of dollars in damage.
● Mydoom: This became the fastest-spreading email worm in 2004, sending j unk
email across computers.
● Ryuk: Although Ryuk wasn’t always a worm, it’s now worm-like ransomware.
● SQL Slammer: The SQL Slammer worm gained infamy for slowing down
Internet traffic with denial-of -service attacks on some Internet hosts.
● Storm Worm: This worm utilized social engineering with fake news of a
disastrous storm to drop botnets on compromised machines.
● Stuxnet: Some experts believe this sophisticated worm was developed for
years to launch a cyberattack.
TROJAN:
A Troj an (often referred to as a Troj an virus) is a type of malware that hides within
a legitimate file or program to gain access to your device. Because Troj an malware is
delivered inside a legitimate app or file, it’s very difficult to detect. Troj ans are used
to spy on victims, steal data, infect other programs, and inflict other harm.
Troj ans are typically sent by scammers or hackers who use social engineering tactics,
like the ones used in phishing attacks. Troj an horse malware appears as a harmless or
even helpful file, leading users to install the malware unwittingly on their computers or
phones.

Are Troj an viruses dangerous?

Yes, Troj an viruses are quite dangerous, and while they may not replicate or spread like
traditional viruses, the potential for causing harm is significant. Troj an malware is
particularly harmful because users unknowingly install it, which enables cybercriminals
to covertly exploit vulnerabilities and have the malware go unnoticed for a while.
Ultimately, cybercriminals use Troj ans to secretly infiltrate and compromise a user's
 system to execute various malicious actions, from data theft and financial fraud to
file destruction and unauthorized surveillance.

What is the difference between a virus and a Troj an?

Viruses and Troj ans are both types of malware. And even though Troj ans are often
called “Troj an viruses,” that name can be misleading. Troj ans and viruses differ most
in how they infect devices and spread.
Here's a brief comparison of the differences between a virus and a Troj an:

●Viruses: Viruses are self -replicating and spread from one system to another by
attaching themselves to legitimate files or programs. They can infect multiple files
and are designed to propagate, making it critical to know how to determine if your
computer has a virus.

●Troj ans: Unlike viruses, Troj ans do not replicate on their own. Instead, they rely on
deception to be manually installed by unsuspecting users. They often disguise
themselves as harmless or even beneficial applications. But once a Troj an is executed,
it can perform various nefarious actions without the user's knowledge.

What types of Troj an viruses exist, and how are they harmful?
Troj ans are incredibly dangerous due to the wide range of malicious tasks they can
perform once installed on a computer. Here are some common types of Troj an horse
malware:

●Backdoor Troj an: These Troj ans create a "backdoor" on the victim's computer, granting
attackers unauthorized access. This backdoor allows them to control the system, steal
data, and introduce more malware.

●Downloader Troj an: The primary purpose of a downloader Troj an is to download

additional content, such as more malware, onto the infected computer.

●Infostealer Troj an: As the name suggests, this type of Troj an steals sensitive data
from the victim's computer, like passwords, credit card information, or personal files.

●Remote Access Troj an (RAT): This Troj an gives the attacker complete control over the
victim's computer, effectively turning it into a tool for cybercriminals to exploit.

●Distributed Denial of Service (DDoS) Attack Troj ans: These Troj ans perform DDoS
attacks, flooding a network with traffic to overwhelm and crash it.

The harm that Troj ans can cause extends beyond j ust individual computers.
Cybercriminals can use Troj ans to create a botnet, which is a network of infected
computers that a malicious actor can remotely control to spread malware or stage other
online attacks.
To help safeguard your device against malicious threats, Norton AntiVirus Plus offers
a comprehensive suite of security features, like advanced threat protection and a
smart firewall, designed to help protect your personal information and computer against
Troj ans, viruses, and other malware.
 How to get rid of the Troj an?

If you think your computer is infected with Troj an malware, it's crucial to remove it
right away. Follow the steps below to help get rid of a Troj an:

1.Disconnect your computer from the internet: Going “offline” helps to prevent the
malware from communicating with its command-and-control servers, limiting further
harm.

2.Install a reputable antivirus tool: A trusted tool such as Norton AntiVirus Plus will
help you detect and remove Troj ans to help keep your system safer.

3.Perform a full system scan: Use your antivirus tool to help detect and quarantine
malicious files.

4.Delete infected files: After your antivirus identifies and isolates malicious files, follow
the prompts to delete the files permanently.

5.Update your operating system and software: Keeping your devices and software up to
date can help protect against future malware infections. Cybercriminals often exploit
vulnerabilities in outdated software to launch attacks.

6.Download programs from trusted sources: Stick to official app stores and trusted
websites when shopping for applications. Learn how to identif y the signs you’re on
a malicious websites so you know how to avoid them next time.

7.Use a firewall: Many devices come with a built-in firewall. Ensure it's active to add
an extra layer of protection against unauthorized access.

Finally, do your homework on how to avoid viruses —knowing what to look out for will
help you keep your device free of harmful software in the future.

What do Troj an horses do?

Highly versatile forms of malware, Troj an horses can carry out various malicious
activities. Here are some common actions that Troj ans might perform:

●Breach data: Troj ans can steal sensitive data from your computer, such as login
credentials, credit card details, and personal files.

●Botnet recruitment: Some Troj an horses are designed to convert infected computers and
pull them into a botnet that cybercriminals can control remotely.

●Data destruction: Certain Troj ans may be programmed to delete files, corrupt data, or
even reformat entire hard drives.
●Espionage: Troj an horses can be used to monitor a user's activities, capture screenshots,
and record keystrokes to gather sensitive information covertly.

What are some Troj an horse virus examples?

Here are some examples of well-known Troj an malware:

●Zeus: The Zeus Troj an orchestrates sophisticated attacks to acquire crucial banking
credentials and extract sensitive financial data. Its precision has made it a popular
choice for cybercriminals, leaving a wake of compromised financial systems since
peaking in the early 2010s.

●Emotet: Emotet started as a banking Troj an but was quickly adapted to help execute
different kinds of cyberattacks. It can spread various types of malware,
including ransomware, and is highly unpredictable and difficult to detect.

●Petya/NotPetya: As a type of encryption malware, Petya explicitly targets Microsoft

Windows systems by infecting the master boot record. That move causes a process to
begin that encrypts the file system table of the hard drive, preventing Windows from
starting up.

●DarkComet: Designed as a helpful tool for remote computer management, DarkComet

has been hij acked by hackers and become a harmful program used to launch
cyberattacks. This tool allows cybercriminals to steal sensitive data and money by
secretly gaining unauthorized access and controlling computers without a user’s
knowledge or permission.

●CryptoLocker: As a type of ransomware, CryptoLocker encrypts files on a victim's

computer, making them inaccessible. The hacker then demands a ransom payment
from the victim to unlock the files and return them.

MODEL QUESTI ONS

1. There Are _________ Types Of Computer Virus.

a) 5
b) 7
c) 10
d) 12

2. Which Of The Following Is Not a Type Of Virus?

a) Boot Sector
b) Polymorphic
c) Multipartite
d) Troj ans

3. A Computer ________ Is a Malicious Code Which Self -Replicates By Copying Itself

To Other Programs.
a) Program
b) Virus
c) Application
d) Worm

4. Which Of Them Is Not An Ideal Way Of Spreading The Virus?

a) Infected Website
b) Emails
c) Official Antivirus Cds
d) Usbs

5. In Which Year Apple Ii Virus Came Into Existence?

a) 1979
b) 1980
c) 1981
d) 1982

6. In Mid-1981, The 1st Virus For Apple Computers With The Name _________ Came
Into Existence.
a) Apple i
b) Apple Ii
c) Apple Iii
d) Apple Virus

7. The Virus Hides Itself From Getting Detected By ______ Different Ways.
a) 2
b) 3
c) 4
d) 5

8. _______________ Infects The Master Boot Record And It Is Challenging And a

Complex Task To Remove This Virus.
a) Boot Sector Virus
b) Polymorphic
c) Multipartite
d) Troj ans

9. ________________ Gets Installed & Stays Hidden In Your Computer’s Memory. It

Stays Involved To The Specific Type Of Files Which It Infects.
a) Boot Sector Virus
b) Direct Action Virus
c) Polymorphic Virus
d) Multipartite Virus
10. Direct Action Virus Is Also Known As ___________
a) Non-Resident Virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus

11. ______________ Infects The Executables As Well As The Boot Sectors.

a) Non-Resident Virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
12. Which Option Below Contains a Key Word Or Words Used To Describe a Primary
Characteristic Of a Troj an Horse?
a) Fast Execution
b) Disguised
c)Open Source
d) Obvious Display

13. A Compute Is a ------- Type Of Malware That Propagates By Inserting a Copy

Itself Into And Becoming Part Of Another Program.
aVirus
bSpyware
c)Application
d) Program
14. A Keylogger Is
a) Troj an
b) Spyware
c) Worm
d) Logic Bomb

15.One Who Gains Unauthorized Access, Destroy Vital Data Denies Leigitimate User’s
Service Or Causes Problems For Their Target Is Called
a)White Hacker
b)Cracker
c)Programmer
d)Data Base Administrator

16. Propagation Within Building Is Not Influenced By _________

a) Layout Of The Building
b) Construction Materials
c) Building Type
d) Trees Outside The Building

17. What Is Hard Partition?

a) Partition As Part Of The Building
 b) Partition That Can Be Moved
c) Partition Not Touching Ceiling
d) Partition Between Different Floors

18. Losses Between The Floors Of The Building Can Be Determined Using ________
a) Internal Dimensions
b) Material Used To Create Antenna
c) External Dimension
d) Line Of Sight Path

19. Technique Of Drawing a Single Ray Between The Transmitter And Receiver Is
Called ______
a) Secondary Ray Tracing
b) Primary Ray Tracing
c) Line Of Sight
d) Straight Line Tracing

20. ________ Is a Process Of Converting Plain Text Into Cipher Text.

a) Authentication
b) Decryption
c) Encryption
d) Compression

21. _________ Configuration Describes a Desktop In An Office.

a) Mobile And Wired
b) Fixed And Wired
c) Fixed And Wireless
d) Mobile And Wireless

22. _______ Reduces The Cell Size To Increase Capacity.

a) Intelligent Cell Approach
b) Microcell Approach
c) Top Down Approach
d) Bottom Up Approach

23. ________ Configuration Describes a Desktop In An Office.

a) Mobile And Wired
b) Fixed And Wired
c) Fixed And Wireless
d) Mobile And Wireles
24. Pur poseOf Computer Vir uses?
a)Theft Of Per sonal Infor mation

b)ReplicatingAnd Spr eadingToOther Files

c)Denial Of Ser viceAttacks

d)Unauthor ized Access Toa System

25. Malwar eThat Encr ypts Files And Demands Payment?

a) Spywar e
b) Ransomwar e

c) Adwar e

d)Rootkit