CSDF

1. Difference Between Virus, Worms, Trojans

1. Virus:
 A computer virus is a self-replicating program that attaches itself to
legitimate files or programs.
 It requires a host file to infect and spread. When the infected host file is
executed, the virus code is activated.
 Viruses can spread through infected files, typically by users sharing
infected files via email, removable storage devices, or downloads.
 Viruses can cause various types of damage, such as data corruption, file
deletion, or system instability.
 They often have the ability to replicate and infect other files on the
same system.
2. Worm:
 A computer worm is a self-contained, self-replicating program that
does not need a host file to propagate.
 Worms spread independently by exploiting vulnerabilities in network
services or software, allowing them to move from one computer to
another over a network.
 Worms can replicate and spread rapidly, causing network congestion
and potentially harming the infected systems.
 They can be designed to carry a payload, which may include other
malware, such as viruses or Trojans.
 Worms can have a wide-ranging impact on the internet and connected
networks.
3. Trojan (or Trojan Horse):
 A Trojan, short for Trojan Horse, is a type of malware that disguises
itself as a legitimate or benign program to trick users into running it.
 Unlike viruses and worms, Trojans do not replicate themselves but rely
on social engineering to spread.
 Trojans can be used to perform a variety of malicious actions, such as
stealing data, spying on users, providing remote access to a system, or
installing additional malware.
 They often need to be manually executed by a user, who may be
unaware of their malicious nature.
 Trojans can be delivered through various means, including email
attachments, software downloads, or disguised as useful utilities.
2. Explain in detail Cyber Stalking
Cyberstalking is stalking or harassment carried out over the internet. It might
target individuals, groups, or even organizations and can take different forms
including slander, defamation and threats. Motives may be to control or
intimidate the victim or to gather information for use in other crimes, like
identity theft or offline stalking
it is stalking or harassment that takes place via online channels such as social
media, forums or email. It is typically planned and sustained over a period of
time.
For example, if you’ve received a few negative comments on Facebook and
Instagram, it may upset or annoy you, but this isn’t cyberstalking yet. For some
people, such as semi-celebrities looking for attention, negative comments are
actually welcomed.

How to avoid cyberstalking

1) KEEP A LOW PROFILE
2) UPDATE YOUR SOFTWARE
3) HIDE YOUR IP ADDRES
4) MAINTAIN GOOD DIGITAL HYGIENE
5) AVOID DISCLOSING SENSITIVE INFORMATIO
What to do in case you are being cyberstalked ?
Block the person, Report to the platform involved ,Call the police
3. Cyber Crime and Information Security

 Cybersecurity is concerned with protecting electronic devices and

mobile devices against attacks in cyberspace. Information security (Info
Sec) is concerned with protecting the confidentiality, integrity, and
availability of information.
 Cybersecurity deals with the prevention of ransomware attacks and
spyware injections and social media compromise. An example of an
information security controls are intrusion detection systems and
firewalls.
 The job of an information security officer is to understand and identify
what confidential information is critical or could be the target of a
physical or cyber attack.
 It's becoming increasingly common for the majority of business data and
sensitive information to be sitting on a cloud provider like an AWS S3
bucket, laptop or somewhere else on the Internet.
 But a decade ago the majority of sensitive information was sitting in an
office filing cabinet. This is where information security professionals
originate from, physically securing data from unauthorized access by
implementing access controls.
 Cybersecurity can also be described as a process of preventing
cyberattacks by assuming a hacker's mindset. While information
security focus on protecting data from threats.
 Cyber security and information security are fundamental to information
risk management.
 And while cyber security professionals are largely concerned with
securing electronic data from cyber threats and data breaches, there
are still forms of physical security in their job description.
4. In detail Social Engineering
Social engineering is the term used for a broad range of malicious activities
accomplished through human interactions. It uses psychological manipulation
to trick users into making security mistakes or giving away sensitive
information.
Social engineering attacks happen in one or more steps. A perpetrator first
investigates the intended victim to gather necessary background information,
such as potential points of entry and weak security protocols, needed to
proceed with the attack. Then, the attacker moves to gain the victim’s trust and
provide stimuli for subsequent actions that break security practices, such as
revealing sensitive information or granting access to critical resources.

Social engineering attacks may be divided into two categories

1. Computer based social engineering.
Computer based social engineering attacks may include the below.
Email attachments
Fake websites
Pop-up windows
On-line Scams : Emails sent by scammers may have attachments that include
malicious code inside the attachment. Those attachments may include
Keyloggers to capture users passwords,Viruses, Trojans, or worms.
Worm attacks : Attackers will trick users to click on a link or download a file
then click on it, the executable file is a worm and will propagate from computer
to computer copying itself.
A well known example is the “LoveLetter” worm that comes as an attachment
in an email. The email requests the user to open an attachment in an email.
When the users opens the attachment the worm copies itself to all the contacts
in the users address book. This worm overloaded a huge number of email
servers in the year 2000.
2. Human-Based Attacks:
Impersonation: Acting like someone else to get access to the information.
They may act as a legitimate user and request for information or they pose as a
higher authority and may ask for sensitive information or they pose as a
technical support person and try to gather sensitive and confidential details.
Other types are Human-based attacks are:
Tailgating: When an authorised person enters into a restricted area, the
unauthorized person also enters the restricted AREA without the employee’s
knowledge.
Piggybacking: Here the attacker may pose as an employee and ask the
authorized employee to allow him to enter along with him. He may give fake
reasons like he forgot his smart badge, etc.
Dumpster Diving: Any confidential or sensitive document should be properly
shredded before disposed into the dustbin. If not, an attacker may just look
into the dustbin to access the confidential information.
5. Relevance of OSI 7 layer in cyber-Forensics

The OSI 7 Layer Model is useful from computer forensics perspective

because it addresses the network protocols and network communication
processes
Step 1: Foot Printing
Foot printing includes a combination of tools and techniques used to create a
full profile of the organization’s security posture. These include its domain
names, IP addresses and network Blocks
Step 2: Scanning and Probing
The hacker will typically send a ping echo request packet to a series of target IP
addresses.As a result of this exploratory move by the hacker, the machines
assigned to one of these IP address will send out echo response thereby
confirming that there is a live machine associated with that address. Similarly, a
TCP scan sends a TCP synchronization request to a series of ports and to the
machines that provide the associated service to respond.
Step 3: Gaining Access
The hacker’s ultimate goal is to gain access to your system so that he/she can
perform some malicious action, such as stealing credit card information,
downloading confidential files or manipulating critical data.
Step 4: Privilege
When a hacker gains access to the system, he will only have the privileges
granted to the user or account that is running the process that has been
exploited.
Step 5: Exploit
Gaining root access gives the hacker full control on the network. Every hacker
seems to have his/her own reasons for hacking. Some hackers do it for fun or a
challenge, some do it for financial gain and others do it to “get even”
Step 6: Retracting
There are many reasons that drive cybercriminals to hacking.
Step 7: Installing Backdoors
Finally, most hackers will try creating provisions for entry into the
network/hacked system for later use. this, they will do by installing a backdoor
to allow them access in the future.
6. Explain keylogger
Keystroke logging, often referred to as keylogging or keyboard capturing, is the
action of recording (or logging) the keys struck on a keyboard, typically in a
covert manner so that the person using the keyboard is unaware that their
actions are being monitored.

➢ It has uses in the study of human–computer interaction.

➢ There are numerous keylogging methods, ranging from hardware and

software-based approaches to acoustic analysis.
1. Software-based keyloggers
Software-based keyloggers use the target computer’s operating system in
various ways,
including: imitating a virtual machine, acting as the keyboard driver (kernel-
based), using the
application programming interface to watch keyboard strokes (API-based),
recording
information submitted on web-based forms (Form Grabber based) or capturing
network traffic
associated with HTTP POST events to steal passwords (Packet analyzers).
Usually consists of
two files DLL and EXE
2. Hardware keyloggers
Installing a hardware circuit between the keyboard and the computer that logs
keyboard stroke
activity (keyboard hardware). Target- ATMs
3. Acoustic keylogging
Acoustic keylogging monitors the sound created by each individual keystroke
and uses the
subtly different acoustic signature that each key emits to analyze and
determine what the target
computer’s user is typing.
7.Explain in detail Cyber Crime & ITA act 2000
Cyber criminals prefer cybercafes to carry out their activities.

A recent survey conducted in one of the metropolitan cities in India reveals the
following facts :
o 1.Pirated software are installed in all the computers.
o 2.Antivirus was not updated with latest patch.
o 3.Several cybercafes has installed “Deep Freeze” to protect
computer which helps cyber criminals.
Botnet is a term used for collection of software robots, or Bots, that run
autonomously and automatically. The term is often associated with malicious
software but can also refer to the network of computers using distributed
computing software.
In simple terms, a Bot is simply an automated computer program. One can gain
the control of your computer by infecting them with a virus or other Malicious
Code that gives the access. Your computer system maybe a part of a Botnet
even though it appears to be operating normally. Botnets are often used to
conduct a range of activities, from distributing Spam and viruses to
conducting denial-of-service (DoS) attacks.
A Botnet (also called as zombie network) is a network of computers infected
with a malicious program that allows cybercriminals to control the infected
machines remotely without the users' knowledge. "Zombie networks" have
become of income for entire groups of cybercriminals.

The invariably low cost of maintaining a Botnet and the ever diminishing
degree of knowledge require to manage one are conducive to the growth in
popularity and, consequently, the number of Botnets.

The offences included in the I.T. Act 2000 are as follows −

 Tampering with the computer source documents.
 Hacking with computer system.
 Publishing of information which is obscene in electronic form.
 Power of Controller to give directions.
Offences Under The It Act 2000

 Section 65. Tampering with computer source documents

 Whoever knowingly or intentionally conceals, destroys or alters or

intentionally or knowingly causes another to conceal, destroy or alter
 any computer source code used for a computer, computer program,
computer system or computer network, when the computer source
code is required to be kept or maintained by law for the being time in
force, shall be punishable with imprisonment up to three year, or with
fine which may extend up to two lakh rupees, or with both.
 Explanation − For the purpose of this section “computer source code”
means the listing of programs, computer commands, design and layout
and program analysis of computer resource in any form.