Mary Grace D.

Matias
Computer Engineering Department
College of Engineering
• Differentiate between computer security and
protection
• Explain the security requirements triad
• Identify and classify computer security threats and
attacks
• Identify the types of computer malwares
• Name the worst computer malwares in history
 Security
Deals with external threats.
Involves mechanisms such as
setting or changing protection
information of a resource and
checking whether that resource is
accessible by a user.
Protection
Deals with internal threats.
Involves mechanisms such as
adding, deleting users, verifying
whether a specific user is
authorized, using anti-malware
software, etc.
Protection and security requires
that computer resources such as
CPU, software, and memory are
protected against unauthorized
access, viruses, worms etc.
This can be done by ensuring
integrity, confidentiality and
availability in the operating
system.
• Integrity

Guarding against improper information modification or destruction,

including ensuring information nonrepudiation and authenticity. When
unauthorized modification and destruction of data occurs, integrity is lost.

• Confidentiality

Preserving authorized restrictions on information access and disclosure. A

loss of confidentiality is the unauthorized information disclosure.
• Availability

Ensuring timely and reliable access to and use of information. When access
to or use of information is disrupted, availability is lost.
• Passive attacks attempt to learn or make use of the information from
the system but does not affect system resources. They are very difficult
to detect because they don’t involve alteration of data.

• Active attacks attempt to alter system resources or affect their

operation. They involve some alteration on the data stream or the
creation of a false stream.
• Unauthorized Disclosure – Threat to confidentiality. It is a circumstance
where an unauthorized entity gains access to data.

• Deception – Threat to either system integrity or data integrity. It is a

circumstance or event where an authorized entity receiving false data and
believing it to be true.

• Disruption – Threat to availability or system integrity. It is a circumstance

or event that prevents or interrupts the correct operation of system
services and functions.

• Usurpation – Threat to system integrity. It occurs when an unauthorized

entity gains access and controls some parts of a system.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
• combination of 2 terms- Malicious and Software
• defined as malicious software which gets installed into the system
when the user clicks a dangerous link or email.
• malware can block access to critical components of the network,
damage the system, and gather confidential information, among
others.
• Malware that tries to replicate itself into other executable code. When
the infected code is executed, the virus also executes.
Type Description
Boot Sector Virus Damages or controls the boot sector on the drive,
rendering the machine unusable.
Attackers usually spread this virus type using a
malicious USB device.
Web Scripting Virus Most browsers have defenses against malicious
web scripts, but older, unsupported browsers have
vulnerabilities that allow an attacker to run code on
the local device.
 Type Description
Browser Hijacker A virus that can change the settings on your browser
will hijack browser favorites, the home page URL,
your search preferences and redirect you to a
malicious site.
Resident Virus A virus that can access computer memory and sit
dormant until a payload is delivered is considered a
resident virus.

Direct Action Virus When a user executes a seemingly harmless file

attached with malicious code, direct action viruses
deliver a payload immediately.

Polymorphic Virus Malware authors can use polymorphic code to

change the program’s footprint to avoid detection.
 Type Description
File Infector Virus Injects malicious code into critical files that run
the operating system or important programs.
When the system boots or the program runs, the
virus is activated.
Multipartite Virus Fast-moving virus that uses file infectors or boot
infectors to attack the boot sector and
executable files simultaneously.
Macro Virus Macros in MS Office files can be used to
download additional malware or run malicious
code. Macro viruses deliver a payload when the
file is opened, and the macro runs.
• Self-contained and can run, copy, and send copies of itself all on its own
• Email worms exhaust storage space and spread very quickly across the
internet
Type Description
Internet Worms Target popular websites with insufficient security.
They can replicate themselves onto any
computer being used to access the website in
question.
Email Worms Distributed via compromised email attachments.
They usually have double extensions (for
example, .mp4.exe or .avi.exe)
 Type Description
Instant Messaging Like email worms, spreads by sending
Worms copies of itself in instant messaging apps.
File Sharing Worms Disguised as media files with dual
extension.
Spreads via file-sharing and peer-to-peer file
transfer channels.
• It lies dormant until a predefined condition is met. The program then triggers an
unauthorized act.

• It is disguised as a legitimate software but has a hidden code that performs

unwanted functions when invoked.

• Any mechanism that bypasses a normal access permission check.

• Software that can be shipped unchanged to a heterogenous collection of

platforms and execute with identical semantics.
• Program that installs other items on a machine that is under
attack.

• Malicious hacker tools used to break into new machines

remotely.

• Set of tools that generate new viruses automatically.

• Used to send large volumes of unwanted email.

• Used to attack networked computer systems with a large

volume of traffic to carry out a DoS attack.

• Captures keystrokes on a compromised system.

• Designed to conceal certain objects or activities in your system. Often their
main purpose is to prevent malicious programs being detected.

• Software application that performs automated tasks on command. Bad bots perform
malicious tasks that allow an attacker to remotely take control over an affected
computer. Infected machines are referred to as zombies.

• Software that collects information from a computer and transmits it to another

system.

• Advertising that is integrated into software. It can result in pop-up ads or

redirection of a browser to a commercial site.
• Mydoom • Zeus
• Sobig • Code Red
• Klez • Slammer
• ILOVEYOU • CryptoLocker
• WannaCry • Sasser
1. Mydoom
• sent copies of itself to email addresses from infected machines. At one point,
Mydoom was responsible for 25% of all emails sent.
• also roped the infected machines into a web of computers called a botnet
that performed DDoS attacks.

2. Sobig
• Cybercriminal program masqueraded as legitimate computer software
attached to emails.
• It disrupted ticketing at Air Canada and interfered with countless other
businesses.
3. Klez
• The Klez worm sent fake emails, spoofed recognized senders and, among other
things, attempted to deactivate other viruses.
• released in several variants. It infected files, copied itself, and spread throughout
each victim’s network. It hung around for years, with each version more
destructive than the last.
4. ILOVEYOU
• A bogus “love letter” that looked like a harmless text file.
• Sent copies of itself to every email address in the infected machine’s outlook
contact list.

5. WannaCry
• Ransomware
• Caused massive productivity losses as businesses, hospitals, and government
organizations that didn’t pay were forced to rebuild systems from scratch.
• Computers with out-of-date operating systems were hit especially hard.

6. Zeus
• an online theft tool that hit the web in 2007 used to transfer money to secret
bank accounts.
• The Zeus botnet was a group of programs that worked together to take over
machines for a remote “bot master.”
7. Code Red
• Attacked websites of infected computers and delivered a distributed denial
of service (DDoS) attack on the U.S. White House’s website.
• It displayed the words “Hacked by Chinese!” across infected web pages, and
it ran entirely in each machine’s memory.

8. SQL Slammer
• Generated a number of random IP addresses and sent itself out to them in
hopes that they weren’t protected by antivirus software.
• Used these victim machines to launch a DDoS attack on several internet
hosts, significantly slowing internet traffic.
9. CryptoLocker
• displayed a red ransom note informing users that “your important files
encryption produced on this computer.” A payment window accompanied
the note.
• The virus’ creators used a worm called the Gameover Zeus botnet to make
and send copies of the CryptoLocker virus.

10. Sasser
• attacked Windows 2000, Windows Server 2003 and Windows XP, and caused
computers to slow down, crash and reboot frequently
• Popup windows, including ads (adware) or links to malicious websites.
• Your web browser home page changes, and you did not change it.
• Outbound emails to your contact list or people on your contact list alert you to
strange messages sent by your account.
• The computer crashes often, runs out of memory with few active programs, or a
blue screen of death in Windows.
• Slow computer performance even when running few programs or the computer
was recently booted.
• Unknown programs start when the computer boots or when you open specific
programs.
• Passwords change without your knowledge or your interaction on the account.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
Cybercriminals send malicious message that seem to come from legitimate resources.
The user is tricked into clicking the malicious link in the message, leading to malware
installation or disclosure of sensitive information like credit card details and login
credentials.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
Occurs when cyber criminals place themselves between a two-party communication.
Once the attacker interprets the communication, they may filter and steal sensitive
data and return different responses to the user.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
• A DoS attack aims to shut down a machine or network, making it
inaccessible to its intended users. DoS attacks accomplish this by flooding
the target with traffic, or sending it information that triggers a crash.
• A DDoS attack is a DoS attack that uses multiple computers or machines to
flood a targeted resource.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
A Structured Query Language (SQL) injection attack occurs when cybercriminals
attempt to access the database by uploading malicious SQL scripts.
Once successful, the malicious actor can view, change, or delete data stored in the
SQL database.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
A zero-day attack takes place when hackers exploit the flaw before developers have a
chance to address it. Zero-day exploit is the method used to perform this attack.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
An advanced persistent threat occurs when a malicious actor gains unauthorized
access to a system or network and remains undetected for an extended time in order
to mine sensitive data.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
Ransomware is a type of malware attack in which the attacker locks or encrypts the
victim’s data and threatens to publish or blocks access to data unless a ransom is
paid.
 Malware Phishing MitM Attack

SQL Zero-day
DoS Attack
Injection Exploit

Advanced
Persistent Ransomware DNS Attack
Threats
A DNS attack is a cyberattack in which cybercriminals exploit vulnerabilities in the
Domain Name System (DNS). The attackers leverage the DNS vulnerabilities to
divert site visitors to malicious pages (DNS Hijacking) and exfiltrate data from
compromised systems (DNS Tunneling).