LESSON 3-4: Reviewer: Information Assurance and Security

1. Malicious Software and Activity

● Definition: Malicious software (malware) refers to any software designed to
harm, exploit, or otherwise compromise computer systems, networks, or data.
● Types of Malware:
○ Viruses: Malicious code that attaches itself to legitimate programs and
spreads when the host program is executed.
■ Examples: CryptoLocker, Sasser & Netsky, ILOVEYOU, Anna
Kournikova, MyDoom, Slammer, StormWorm, Stuxnet.
○ Worms: Self-contained programs that propagate from one host to
another without user intervention.
■ Types: Internet Worms, Instant Messaging Worms, Email
Worms, File Sharing Worms, IRC Worms.
○ Trojan Horses: Programs that masquerade as useful software but hide
malicious intent.
■ Types: Joke Trojan, Destructive Trojan, Remote Access Trojan.
○ Spyware: Software that collects user information without consent.
■ Types: Adware, Browser Hijacker, Keyboard Logger, Commercial
Spyware, Modem Hijacker.
○ Adware: Software that triggers pop-up ads and banners.
■ Examples: Fireball, Gator, Appearch, DeskAd, Dollar Revenue.
○ Logic Bombs: Programs that execute malicious functions when certain
conditions are met.
○ Botnets: Networks of infected computers controlled by a bot-herder.
■ Types: Bot Master, Zombies, Spamming through Botnet.
○ Denial of Service (DoS) Attacks: Attacks that make a machine or
network resource unavailable.
■ Types: Standard DoS, Distributed DoS (DDoS), SYN Flood, Smurf
Attack.
○ Phishing: Tricking users into providing logon information on fake
websites.
■ Examples: Save a Friend Scam, Wire Transfer Scam, Nigerian
Scams, SMS Phishing.
○ Keystroke Loggers: Capture keystrokes and forward them to attackers.
■ Types: Hardware Keylogger, Software Keylogger.
○ Hoaxes and Myths: False warnings about non-existent threats, often
spread via chain emails.
○ Home Page Hijacking: Changing a browser’s homepage to point to an
attacker’s site.
○ Web Page Defacement: Unauthorized alteration of a website’s content.

2. Evidence of Malicious Code Activities

● Signs of Infection:
○ Deteriorating workstation or server responsiveness.
○ Unexpected disk activity or sluggishness of applications.
○ Unexplained freezing of applications or error messages.
○ Sudden antivirus alarm activity.
 ○ Disk error messages or decreased available disk space.
○ Disappearing applications or icons.

3. History of Malicious Code Threats

● 1970s: Early academic research on self-distributing code (worms).
● 1980s: Emergence of boot sector and file infector viruses.
● 1990s: Introduction of LAN viruses, email worms (e.g., Melissa, Loveletter),
and polymorphic viruses.
● 2000s: Rapid replication of internet worms, emergence of botnets, and
advanced malware like W32/Nimda and Klez.

4. Threats to Business Organizations

● External Threats:
○ Isolated incidents to complex, structured attacks by organized groups.
● Internal Threats:
○ Improper security policies and unsafe user practices.
○ Vulnerabilities from untrusted disk media, unauthorized software, and
uncontrolled email attachments.
● Common Vulnerabilities:
○ Unauthorized access, privilege escalation, data theft, and accidental
release of malicious code.

5. Anatomy of a Cyber Attack

● Phases:
○ Reconnaissance: Gathering information about the target.
○ Attack: Gaining access to the network.
○ Expansion: Attacking multiple systems.
○ Obfuscation: Hiding tracks to avoid detection.
● Motivations:
○ Financial gain, fame, political beliefs, or revenge.
● Types of Attacks:
○ Unstructured, Structured, Direct, Indirect.

6. Attack Prevention Tools and Techniques

● Firewalls: Filter traffic to prevent malicious packets from entering or leaving a
network.
● Antivirus Software: Detects and removes viruses, worms, Trojans, spyware,
etc.
● Antispyware: Prevents unwanted spyware installations.
● Strong Passwords: Use of complex passwords to deter hackers.
● Application Defenses: Protecting applications from vulnerabilities.
● Operating System Defenses: Securing the OS against attacks.
● Network Infrastructure Defenses: Protecting network devices and traffic.
● Safe Recovery Techniques: Practices for recovering from attacks.

7. Incident Detection Tools and Techniques

● Intrusion Detection Systems (IDS): Early warning systems for malicious
activity.
 ● Antivirus Scanning: Regular scanning for malware.
● Content Monitors: Analyzing network traffic for suspicious activity.
● Honeypots and Honeynets: Decoy systems to attract and study attackers.

8. Social Engineering
● Definition: Manipulating individuals into divulging confidential information.
● Examples: Phishing, pretexting, baiting, and tailgating.

9. Hackers, Crackers, and Perpetrators

● Hackers: Individuals who exploit systems for various reasons (ethical or
malicious).
● Crackers: Malicious hackers who break into systems for personal gain.
● Perpetrators: Individuals or groups responsible for cyber attacks.

10. SPAM
● Definition: Unsolicited commercial email.
● Threats:
○ Consumes bandwidth and CPU time.
○ Diverts IT resources from critical tasks.
○ Potential carrier of malicious code.
○ Techniques to mask the real source of spam.

11. Malware Distribution

● Methods: Spyware, Adware, Backdoor viruses, etc.
● Examples: FinSpy, CoolWebSearch, Internet Optimizer.

12. Active Content Vulnerabilities

● Definition: Components on websites that interact with users.
● Threats: Mobile code that runs on various platforms, potentially introducing
vulnerabilities.

13. False Information and Disinformation

● Hoaxes: False warnings about non-existent threats.
● Disinformation: Deliberate spread of false information to mislead.

14. Web Page Defacement

● Definition: Unauthorized alteration of a website’s content.
● Example: Hacked By R-404 HaXDr.

15. Internal Threats from Employees

● Types of Inside Attackers:
○ Opportunists, Calculated attackers, Emotional attackers, Terrorists.
● Common Vulnerabilities:
○ Exchange of untrusted disk media, installation of unauthorized
software, unmonitored downloads, and uncontrolled email
attachments.

16. Breaches in Organizations

 ● Examples:
○ Unauthorized access to systems.
○ Theft, destruction, or dissemination of data.
○ Use of corporate resources to initiate attacks.
○ Accidental or intentional release of malicious code.

17. Cybercrime Statistics

● Top Countries for Cybercrime:
○ United States (23%), China (9%), Germany (6%), Britain (5%), Brazil (4%),
etc.

18. Phases of Attacks

● Reconnaissance and Probing: Gathering information and scanning for
vulnerabilities.
● Gaining Access: Exploiting vulnerabilities to enter the network.
● Maintaining Access: Ensuring continued access to the system.
● Covering Tracks: Hiding evidence of the attack.

19. Conclusion
● Importance of Understanding Threats: To develop effective
countermeasures.
● Implementing Best Practices: Firewalls, antivirus, strong passwords, and
intrusion detection systems are essential for defense.