Unit 2 Malicious Software

Malware is malicious software and refers to any software that is designed to

cause harm to computer systems, networks, or users. Malware can take many
forms. Individuals and organizations need to be aware of the different types of
malware and take steps to protect their systems, such as using antivirus software,
keeping software and systems up-to-date, and being cautious when opening
email attachments or downloading software from the internet.

What is Malware?

Malware is software that gets into the system without user consent to steal the
user’s private and confidential data, including bank details and passwords. They
also generate annoying pop-up ads and change system settings. Malware includes
computer viruses, worms, Trojan horses, ransomware, spyware, and other
malicious programs. Individuals and organizations need to be aware of the
different types of malware and take steps to protect their systems, such as using
antivirus software, keeping software and systems up-to-date, and being cautious
when opening email attachments or downloading software from the internet.

What Does Malware Do?

Malware is designed to harm and exploit your computer or network. It can steal
sensitive information like passwords and credit card numbers, disrupt your
system’s operations, and even allow attackers to gain unauthorized access to your
device. Some types of malware, such as ransomware, encrypt your files and
demand payment to unlock them, while spyware monitors your activities and
sends the information back to the attacker. Additionally, malware can spread to
other devices on the same network, making it a significant threat. Protecting your
devices with up-to-date antivirus software and being cautious about your open
links and attachments can help mitigate these risks.

Types of Malware

 Viruses – A Virus is a malicious executable code attached to another

executable file. The virus spreads when an infected file is passed from
 system to system. Viruses can be harmless or they can modify or delete
data. Opening a file can trigger a virus. Once a program virus is active, it will
infect other programs on the computer.
 Worms – Worms replicate themselves on the system, attaching themselves
to different files and looking for pathways between computers, such as
computer network that shares common file storage areas. Worms usually
slow down networks. A virus needs a host program to run but worms can
run by themselves. After a worm affects a host, it is able to spread very
quickly over the network.
 Trojan horse – A Trojan horse is malware that carries out malicious
operations under the appearance of a desired operation such as playing an
online game. A Trojan horse varies from a virus because the Trojan binds
itself to non-executable files, such as image files, and audio files.
 Ransomware – Ransomware grasps a computer system or the data it
contains until the victim makes a payment. Ransomware encrypts data in
the computer with a key that is unknown to the user. The user has to pay a
ransom (price) to the criminals to retrieve data. Once the amount is paid
the victim can resume using his/her system.
 Adware – It displays unwanted ads and pop-ups on the computer. It comes
along with software downloads and packages. It generates revenue for the
software distributer by displaying ads.
 Spyware – Its purpose is to steal private information from a computer
system for a third party. Spyware collects information and sends it to the
hacker.
 Logic Bombs – A logic bomb is a malicious program that uses a trigger to
activate the malicious code. The logic bomb remains non-functioning until
that trigger event happens. Once triggered, a logic bomb implements a
malicious code that causes harm to a computer. Cybersecurity specialists
recently discovered logic bombs that attack and destroy the hardware
components in a workstation or server including the cooling fans, hard
drives, and power supplies. The logic bomb overdrives these devices until
they overheat or fail.
 Rootkits – A rootkit modifies the OS to make a backdoor. Attackers then
use the backdoor to access the computer distantly. Most rootkits take
advantage of software vulnerabilities to modify system files.
 Backdoors – A backdoor bypasses the usual authentication used to access a
system. The purpose of the backdoor is to grant cyber criminals future
access to the system even if the organization fixes the original vulnerability
used to attack the system.
 Keyloggers – Keylogger records everything the user types on his/her
computer system to obtain passwords and other sensitive information and
send them to the source of the keylogging program.
Viruses

A computer virus is a type of malware that attaches itself to a program or file. A

virus can replicate and spread across an infected system and it often propagates
to other systems, much like a biological virus spreads from host to host. Once a
virus has infected a system, it can attach to other programs or documents, modify
or destroy them, or control how the computer or other devices behave.

Viruses require human intervention to spread. Attackers will intentionally place

the virus in harm's way and then leave it up to end-users to carry out the actions
necessary to infect their own systems. For example, cybercriminals might set up
malicious websites or conduct email campaigns that attach viruses to their
messages.

Once the traps are set, users can easily infect their own systems by opening email
attachments, downloading executable files, visiting websites or clicking on web
advertisements (malvertising). If any such sources are hiding a virus, the user's
computer will often become infected. Viruses can also spread through infected
removable storage devices, such as USB flash drives.
Computer Virus Life Cycle

The life cycle of a virus consists of four phases (inspired by biologists’

classification of real-life viruses).

 Phase 1 – Dormant Phase: The dormant phase is the period

during which a virus remains hidden in your system.
 Phase 2 – Propagation Phase: In the propagation phase, the virus
copies itself in files, programs, and other parts of your computer
that continue replicating.
 Phase 3 – Triggering Phase: A specific event generally triggers or
activates a virus in the triggering phase. An example would be
clicking an icon or opening an application.
 Phase 4 – Execution Phase: The virus releases its payload, the
malicious code that harms the computer during the execution
phase.
Types of Viruses

File Virus:
This type of virus infects the system by appending itself to the end of a file. It
changes the start of a program so that the control jumps to its code. After the
execution of its code, the control returns back to the main program. Its execution
is not even noticed. It is also called a Parasitic virus because it leaves no file intact
but also leaves the host functional.
Boot sector Virus:
It infects the boot sector of the system, executing every time system is booted
and before the operating system is loaded. It infects other bootable media like
floppy disks. These are also known as memory viruses as they do not infect the
file systems.

Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that make
up virus code). So in order to avoid detection by antivirus a polymorphic virus
changes each time it is installed. The functionality of the virus remains the same
but its signature is changed.
Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in encrypted form.
It carries a decryption algorithm along with it. So the virus first decrypts and then
executes.

Stealth Virus:
It is a hidden computer virus, which specifically attacks operating system
processes. It usually hides itself in partitions, files or boot sectors and is capable of
going unnoticed during antivirus or anti-malware scans, i.e., it can avoid detection
intentionally.
Macro Virus:
Macro viruses are embedded in files, collectively with Microsoft Word or Excel
files. They use the macro language in those files to infect and propagate to other
documents even as opened.
Multipartite Virus:
This type of virus is able to infect multiple parts of a system including the boot
sector, memory, and files. This makes it difficult to detect and contain.
Armored Virus:
An armored virus is coded to make it difficult for antivirus to unravel and
understand. It uses a variety of techniques to do so like fooling antivirus to
believe that it lies somewhere else than its real location or using compression to
complicate its code.
Directory Virus:
This virus is also called called File System Virus or Cluster Virus. It infects the
directory of the computer by modifying the path that is indicating the location of
a file.
Companion Virus:
This kind of virus usually use the similar file name and create a different extension
of it. For example, if there’s a file “Hello.exe”, the virus will create another file
named “Hello.com” and will hide in the new file.
Symptoms of a Computer Virus:

There are many warning signs or symptoms which show that a computer is
infected with a virus, some of which are as follows:

 Slow computer performance: The machine may work slowly, e.g., it will
take more time to open or shut down the computer or while opening a file,
document, computer application, etc. The operating system and internet
speed may get slow.
 Frequent pop-ups: A virus may cause unusual frequent pop-ups on your
window.
 Hard Drive issue: The hard drive may exhibit unusual high activity even
when it is not in use. It may cause unwanted changes to your hard drive
and may freeze or crash this device.
 Frequent crashes: One may experience frequent sudden system crashes
while playing games, watching videos, or doing some other work using the
infected system. A blue screen appears when it crashes.
 Unknown programs: Unwanted programs may open or start automatically
when you start your computer. You can see these programs in your
computer's list of active applications. Sometimes, the window shuts down
unexpectedly without any reason.
 Unusual activities: Your machine may perform differently, such as you may
not be able to log into your accounts, to delete the corrupt files, and Blue
 Screen of Death (BSOD) may appear frequently, and more. Furthermore,
the hardware, software, or OS may start malfunctioning leading to crashing
the system abruptly.
 Impaired security solutions: Sometimes, security measures taken by you,
such as antivirus may not work smoothly due to virus attack on your
computer.
 Network issue: Sometimes, you experience high network activity even if
you are not connected to the internet and vice versa.
 Unnecessary advertisement: We often see advertisements while browsing,
but if you see them even when you are not browsing, it may indicate a virus
on your computer.
 Display problems: You may experience different colors in your display if
your computer is affected by a virus.
 Affected Applications: Some viruses are developed to affect specific
applications. Consequently, some applications may not work on your
computer if it is infected.
 Blocked by Antivirus Sites: An antivirus site may deny access to a computer
that is infected by a virus.
 Dialog Boxes: Many dialog boxes keep appearing suddenly on your screen.
 Printer Issues: A printer attached to an infected computer may print
documents without getting any command or in an inappropriate manner.
 Changed Homepage: Your home page may get changed without any effort
from your side. For example, you may see a new toolbar on your screen,
and you may be redirected to a different web address instead of the page
visited by you initially.
 Strange messages: One may see strange messages on a computer screen
such as error messages.

Certain behaviors might indicate your computer has been infected:

 The computer takes a long time to start up or performance is slow or

unpredictable.
 The computer frequently crashes or generates error messages.
 The computer and its applications behave erratically, such as not
responding to clicks or opening files on its own.
  If the computer has a hard disk drive (HDD), it constantly spins or makes
noise.
 Email messages are corrupted or mass emails are being sent from your
account.
 Pop-up messages or adware constantly interrupt the user.
 The computer's available storage is unexpectedly reduced.
 Files and other data on the computer have gone missing.
Virus Countermeasures
Countermeasures often refer to a set of techniques and strategies designed to
prevent, detect and respond to threats to computer systems. These measures
protect systems from unauthorized access, data theft and other malicious acts
that undermine the integrity, confidentiality and availability of data.
The following Points are to be considered as counter-measures:
 Install Anti-virus/Malware Software.
 Keep Your Anti-Virus Software Up to date.
 Run Regularly Schedules Scans with Your Anti-Virus Software.
 Keep Your Operating System Current.
 Secure Your Network.
 Think Before You Click.

There are Various Anti-viruses are as follows:

1. Norton Antivirus: Norton is a trusted cyber security solution providing
comprehensive protection against malware, ransomware, and online
threats. It offers advanced threat detection, real-time updates, and
features like web browsing protection and email scanning. With strong
malware detection and user-friendly interface, Norton Antivirus is a
popular choice for securing devices.
2. Bitdefender Antivirus Plus: Bitdefender Antivirus Plus is a powerful
cybersecurity solution known for its advanced malware detection and
minimal system impact. It offers robust protection against malware and
ransomware, along with features like web browsing protection and privacy
tools. With its reliable performance and comprehensive security features,
Bitdefender Antivirus Plus is highly regarded in the industry.
 3. Kaspersky Anti-Virus: Kaspersky Anti-Virus is a highly respected
cybersecurity solution that offers excellent malware protection through
advanced scanning algorithms and real-time updates. It provides features
such as anti-phishing protection, secure browsing, and vulnerability checks.
Kaspersky Anti-Virus is known for its reliability, effectiveness, and ability to
keep systems safe from emerging threats.

4. McAfee Total Protection: McAfee offers a comprehensive suite of security

features including antivirus, firewall protection, identity theft protection,
and safe web browsing. It provides real-time threat detection and offers a
user-friendly interface.
5. Avast Antivirus: Avast is a popular choice with its reliable malware
detection, email scanning, and web protection features. It offers a range of
additional features such as password management and network security
scanning.
6. AVG Antivirus: AVG offers solid malware protection and email scanning. It
features an easy-to-use interface and provides regular updates to keep
your system protected against emerging threats.
7. Avira Antivirus: Avira provides powerful malware detection and real-time
protection. It offers features like web protection, privacy tools, and a
secure VPN for enhanced online security.
8. Trend Micro Antivirus+ Security: Trend Micro offers strong malware
protection and email scanning. It provides web browsing protection, blocks
malicious websites, and offers a user-friendly experience.
9. ESET NOD32 Antivirus: ESET NOD32 is known for its efficient malware
detection, low system impact, and fast scanning. It provides regular
updates to protect against the latest threats and offers a simple yet
effective antivirus solution.
10. Malwarebytes: Malwarebytes focuses on malware removal and provides
real-time protection against malware and ransomware threats. It offers a
lightweight and intuitive interface, with features like scheduled scanning
and web protection.
Distributes Deniel of Service Attaks

DoS attacks are attempts to interrupt a website or network’s operations by

overwhelming it with traffic. The attacker achieves this by sending an enormous
amount of requests to the target server, which causes it to slow down or even
crash, making it inaccessible to legitimate users. In this article, we will learn about
what is a DoS attack, the types of DoS attacks, the Prevention of DoS attacks, and
how it impacts our business.

What is a Denial of Service (DoS) Attack?

Denial of service (DOS) is a network security attack, in which, the hacker makes
the system or data unavailable to someone who needs it. Hacker tries to make a
network, system, or machine unavailable by flooding it with fake requests or
traffic. This prevents real users from accessing it, causing anything from
slowdowns to complete shutdowns.

Types of DoS Attacks

1. Volume-Based Attacks: Volume-based attacks flood a network with too much

data, overpowering its bandwidth and making the network unusable. Examples
include UDP floods and ICMP floods. In a UDP flood, attackers send many UDP
packets to random ports on a server, making the server busy trying to handle all
these requests, which slows down or stops legitimate traffic.

2. Protocol Attacks: Protocol attacks exploit weaknesses in network protocols to

use up server resources. Examples are SYN floods and the Ping of Death. In a SYN
flood, attackers send many SYN requests to a server but don’t complete the
handshake, leaving the server stuck with half-open connections. The Ping of
Death involves sending oversized packets to crash or disrupt the target server.

3. Application Layer Attacks: Application layer attacks target specific applications

or services, causing them to crash or become very slow. Examples include HTTP
floods and Slowloris. In an HTTP flood, attackers send many HTTP requests to a
web server, consuming its resources. Slowloris keeps many connections to the
server open by sending incomplete HTTP requests, preventing the server from
handling new, legitimate requests.

4. Distributed Denial-of-Service (DDoS) Attacks: DDoS attacks use multiple

systems, often compromised computers (botnets), to attack a single target.
Examples are amplification attacks and botnet-based attacks. In an amplification
attack, attackers use services like DNS to send a small query that generates a large
response, flooding the victim with data. Botnets coordinate many infected
computers to send attack traffic from multiple sources, making it hard to defend
against.

5. Resource Exhaustion: This is when the hacker repeatedly requests access to a

resource and eventually overloads the web application. The application slows
down and finally crashes. In this case, the user is unable to get access to the
webpage.

6. Reflective Attacks: Reflective attacks involve sending requests to third-party

servers with the victim’s IP address. The servers unknowingly send responses to
the victim, overwhelming it. Examples are DNS reflection and NTP reflection. In a
DNS reflection attack, attackers send requests to a DNS server with the victim’s IP
address, causing the DNS server to flood the victim with responses. NTP reflection
works similarly but uses Network Time Protocol servers to amplify the attack.

How Do DoS Attacks Impact Businesses and Users?

DoS attacks can have severe consequences for businesses and users alike. Here
are some impacts of DoS attacks:

 Loss of Revenue: DoS attacks can cause businesses to lose significant

amounts of revenue as customers are unable to access their website or
service.
 Damage to Reputation: DoS attacks can damage a company’s reputation
and erode the trust of its customers.
 Financial Losses: The cost of mitigating a DoS attack can be significant, and
businesses may also have to pay for lost revenue, legal fees and damages.
 Disruption of Critical Services: DoS attacks can disrupt critical services,
such as healthcare and emergency services, which can have life-threatening
consequences.
 Loss of Data: Data destruction attacks can cause businesses to lose critical
data, leading to financial losses and damage to the company’s reputation.
Preventing DoS Attacks

There are several measures businesses can take to prevent DoS attacks, including:

 Implementing DDoS protection solutions that can detect and mitigate DoS
attacks in real time.
 Ensuring their website and network infrastructure is up-to-date with the
latest security patches.
 Using strong authentication mechanisms, such as multi-factor
authentication, to prevent unauthorized access to the network.
 Monitoring network traffic to detect unusual patterns and take immediate
action to prevent potential attacks.