CYBER SECURITY

FUNDAMENTALS
Chapter 05: Types of Computer Malware
1

NOTE: These are sample slides for the book. Full permission has been granted for
use of these slides for educational purposes. Instructors can modify any portion as
required.
 Types of Computer Malware

Trojan
Introduction Viruses Rootkit Spyware
Horse

Scarewar Browser
Worms Adware
e Hijacker

2
 Introduction
◦ The malware is a computer software program maliciously developed to install on
the computers without any consent of the users.

◦ The main objective of malware programs is to either establish the access to the
targeted computers without any permission of the user or to install the program
to create annoyance for the users.

◦ The annoyance can include pranks ‫مقالب‬, data theft, data damage, computer
malfunction, service blockage, and spying on the users.

◦ In most of the cases, the malwares are installed on the targeted computers to
achieve different types of goals, which may include getting financial favor,
knowing the business strategies, sabotaging the governmental system, and many
others.
3
 Introduction

◦ Hackers normally consistently create different types of malicious software

program that are used via internet.

◦ All these programs are given certain names by the hackers.

◦ In certain cases, those programs are detected and named by the cyber
security companies.

◦ But all those programs fall under the major categories, which are very well
known in the field of computer security.

4
 Introduction
The main types of malware software programs are explained below:

◦ Viruses

◦ Trojan Horse

◦ Rootkit

◦ Spywares

◦ Worms

◦ Adware

◦ Scareware

◦ Browser Hijacker
5
 Viruses
◦ A computer virus is a malicious computer program, which is designed to alter the
computer functions, slow down the computer performance, and to damage the
valuable files on the computer drive.

◦ The virus are executable files when run on any machine by mistake or through
any trick, it will activate and will start altering the computer configurations and
the process, which are used for the smooth operation of the computers.

◦ The virus programs have the capability to copy into multiple files and thus,
overwhelm the computer processes and data storage.

6
 Viruses
◦The main sources of virus propagation include:

─ Copying on hard drive

─ Data copying through flash
─ Emails attachments
─ Short text messages
─ Scam websites
─ Scam social media links
─ Infected file downloading from internet
─ Visiting infected websites

7
 Viruses
◦ The viruses are just programs in the form of executable files. They
don’t activate without running those executable files on your
computers.

◦ If you got a virus program on your computer, but it has not been
executed on your computer, your computer is not infected as yet.

◦ As soon as you execute that file by either clicking or running some

legitimate programs on which, the virus files are attached, the virus
becomes active, and it will start doing its designed job.

8
 Viruses
◦The objectives of spreading a virus many include:

─ Amusement, fun and prank ‫تسلية‬

─ Altering computer functioning
─ Corrupting data files on computer
─ Stealing credentials
─ Sending spamming emails from your computer
─ Erasing valuable data
─ Damaging hard drives

9
 Viruses

◦ In the modern world, the creation of computer virus is motivated by

gaining some financial benefits on the internet.

◦ That may include stealing data and selling it to the third party, or even
using that data for malicious financial transactions.

10
 Viruses
The main symptoms of a virus infected computer may include the following:

─ Frequent appearance of pop ups and other annoyance

─ Changes in the home screen and other settings
─ Redirecting your online surfing to certain websites
─ Large scale incoming and outgoing emails
─ Slowing down of the performance of your computer
─ Running of unknown programs on your computer
─ Changes in your passwords, especially the admin passwords
─ System start crashing frequently
─ Restarting of your computer unexpectedly

11
 Viruses

◦ The solution to the menace ‫ تهديد‬of computer virus is use updated antivirus
software from well-known antivirus software companies.

◦ It is very important to note that antivirus programs should be regularly

updated to cope with increasing threat of computer viruses.

12
 Viruses
We can save our computers from the attack of nasty ‫مقرف‬viruses by
taking the following measures:

─ Avoid using unsecure websites

─ Don’t open fake websites that allure ‫إغراء‬you for some free incentives
─ Always keep your antivirus software up-dated
─ Always keep operating system of your computer updated
─ Turn on the security firewall settings
─ Always configure your browser for high level of security
─ Free and insecure plugins should not be installed on your browsers

13
 Viruses
─ Don’t use your credit cards on the websites that don’t comply ‫االمتث ال‬
with the Payment Card Industry Data Security Standard (PCI-DSS)
guidelines for secure transactions.
─ Never insert flash cards or other storage devices to your computer
without scanning and knowing about the type of data.
─ Never open emails and their attachments from unknown people.

By following the above mentioned rules of thumb, you can save your
computer from the effect of computer viruses.

14
Trojan Horse
◦ Trojan horse is also a malicious computer program that may look very
meek and harmless ‫ وديع وغير ضار‬, but it can pave ‫يمهد‬the way for a
bigger attack on your computer and valuable data.
◦ It collects the information about the user behavior, credentials and
other activities on the computer silently and sends them to its command
and control center from where the other malicious attacks can originate.
◦ Hackers use Trojan to open the backdoor on your computer to access
your computer and establish control on your machine.

15
 Trojan Horse
◦ The concept of the Trojan horse in the modern computer terminology
resembles 100% with the story of Trojan horse in the Greek mythology.

◦ According to the old mythology, Greek developed a wooden Trojan horse,

which would house many soldiers inside the wooden compartment of the
Trojan horse.

◦ The people of the Troy city would pull the Trojan to the city and the
soldiers hidden inside the Trojan horse would come out in the night and
would open the gates of the cities.

◦ They would call their fellow soldiers to come in and overrun the city to
conquer. 16
Trojan Horse
◦ The concept of Trojan horse in computer security is also same.

◦ A Trojan horse comes in through a social engineering tactics such as

emails, disguised‫ متنكرا‬links and other sources.

◦ They would sit on the computers and start spying, making changes in
credentials and doing other such malicious activities.

◦ The main objectives of Trojan horse are to spy on the user activities and
send back to its master control.

◦ Based on the information backdoor access on the computer is created to

get control over the computer for malicious activities.
17
 Trojan Horse

◦ The Trojan horses cannot replicate ‫استنساخ‬ as the virus or computer

worms can do.

◦ They are silent spies working silently on your computers to accomplish

their malicious acts for which the Trojan horses are designed and
propagated.

18
 Trojan Horse
◦Generally recognized activities of a Trojan horse on an infected
computer include:

─ Collecting data and sending to command and control center

─ Copying the files and credential information
─ Blocking of the data
─ Altering the useful data
─ Reducing the performance of computer
─ Deleting some useful data files

19
 Trojan Horse
◦ There are numerous types of Trojan horses used in the modern
cybercrimes.

◦ A few very important ones are mentioned below:

─ Trojan Spy ─ Trojan Fake AV
─ Trojan Mail Finder ─ Trojan Game Theft
─ Trojan Proxy ─ Trojan Backdoor
─ Trojan Clicker ─ Trojan DDoS
─ Trojan Ransom
─ Trojan SMS
─ Trojan Dropper
20
Spyware ‫برامج التجسس‬
◦ Spyware is a software code or program, which is installed on the computers
without letting the user know about it.
◦ The main objective of this program is to monitor online activities, computer
using habits and personal interests.
◦ A spyware snoops ‫ يتطفل‬the way user uses the internet.
◦ In most cases the spywares are used to learn the habits of the computer
users so that proper and focused digital marketing campaign through emails
and other online sources can be implemented.
◦ In the present-day modern world, the importance of privacy has become
very critical.

21
 Spyware
◦ A few years back the NSA data snooping jolted the entire world.

◦ In that security surveillance the privacy of the online people all over the world
was compromised.

◦ The tougher laws and regulations were brought into force all over the world to
maintain the security and privacy of the online users.

◦ Thus, the privacy has not become matter of individuals only, but also a big
concern for all businesses and enterprises all over the world.

◦ At the initial stages, the attack of spyware is not even noticed, but slowly and
gradually the impact of the spyware unleashes on your system as well as
personally on you.
22
 Spyware
The symptoms of a spyware attack on your computer may include the
following:

─ System performs slows down

─ Any spyware stops working properly
─ Many changes in browser tools bar and plugins ‫ اضافات‬appear
─ Advertisements appear on your screen increasingly.
─ Internet bandwidth chokes

23
 Spyware
A few important measures to reduce the impact of spyware are listed below.

─ Always close the advertisement popup windows by clicking on “X” red

button or ALT+F4 shortcut key
─ Don’t click the OK, NO, YES, or any other link on the popup window
─ Be very careful while visiting new websites or redirected websites
─ Don’t download free software tools
─ Don’t be lured by the tempting ‫ إغراء باإلغراء‬offers
─ Don’t open emails and their attachments form unknown senders
─ Don’t rely on free help for removing anti-spyware links; they are normally
spyware themselves in many cases
24
 Spyware
─ Keep your operating system up to date
─ Install a genuine spyware software from renowned companies
─ Keep your anti-spyware up to date
─ Activate firewall settings
─ Increase the security level of your browser to high

25
 Worms
◦ The main feature of a computer worms and viruses is that they replicate
themselves in order to spread to other computers on the network or through
other data transmission mediums.
◦ Computer worms are the types of malware software programs that replicate
on the computers to consume the majority portions of the computer
resources like bandwidth, hard disk, and memory.

◦ The basic objective of a worm is to spread on the computers in a network by

exploiting the vulnerabilities in the computer operating system and other
vulnerabilities in the computer networks.

◦ They are considered to be harmless without payloads. The worms without

any payloads ‫الحموالت‬or payload-free worms just consume the resource of
26
the computer and do no other harms.
 Worms
◦ The history of creating computer worms is very interesting. The first worm
code named as “tapeworm” ‫ الشريطية‬to replicate on 100 different nodes for a
communication was created at Xerox Palo Alto Research Center by John
Shoch.

◦ The purpose of that code was to analyze traffic patterns of a communication

network based on Ethernet.

◦ This worm was created to save the time of code creation on every single
machine individually. So that worm code replicated on all machines on the
network. It was not a maliciously intended code.

27
 Worms
◦ So, the ratio of the servers that went down due to Morris worm was about
10% of the entire internet.

◦ The estimated cost of that worm attack was between $0.1 million and $10
million.

◦ After that worm attack many other worms were released on the internet
through different sources. A few very important worms are listed below:

─ Blaster worm
─ My Doom worms
─ Code Red worm
─ I LOVE YOU worm
─ CIH worm
28
 Worms
The main points of a worm can be summarized as below:

─ It replicates and spreads

─ Exploits communication protocol vulnerabilities on networks
─ Exploits operating systems on the computers
─ They are harmless in nature without any payloads
─ Payloads on the worms can be harmful like virus or other malicious
attacks
─ They infect the computers without any interaction from the user
─ Bandwidth, storage space, memory can be consumed with uncontrolled
replication
29
 Worms
A worm infected computer can be recognized by certain symptoms.
Those symptoms are listed below:

─ Some errors related to the operating system and system files appear
─ The modified files disappear or don’t open
─ Firewall warnings may popup in certain cases
─ Strange icons or files appear on the desktop
─ Computer generates unknown errors in sounds, messages or even in
images
─ The performance of computers slows down

30
 Worms

─ Sometimes computer may hang or freeze

─ In extreme conditions system may crash frequently
─ In extreme cases, you will find emails sent to your contacts without
your knowledge

31
 Worms
The worms can be prevented by using taking the following measures and
guidelines:

─ Always keep operating system updated with software patches

─ Always take care in opening emails and its attachments from
unknown source
─ Activate the security firewall
─ Use anti-spyware and antivirus software
─ Always keep antivirus software updated
─ Use packet filters on the network
─ Implement ACL, and null route configuration on switches and routers
32
 Adware
◦ According to the Statista information, the total spending on digital
advertisement in 2018 was more than $266 billion, which will increase to
over $517 by 2023.

◦ Different tactics are used by the marketers to make their digital marketing
campaigns effective.

◦ One of those tactics is the use of adware to make their marketing

strategies more focused and effective.

◦ As the name ‘Ad-ware’ implies; it is a computer program that forces the

internet users to visit a particular web page, pop-up window, or an on-
page advertisement to watch.
33
 Adware
◦ Adware has become a very popular tool for digital marketing teams to draw
attention of the users to a particular product or service.

◦ The adware code uses different ways to propagate and find the suitable
targets so that the focused audience is figured out ‫اكتشف‬for a particular
product.

◦ You might have come across some annoying links and pages while browsing
the internet. When you click on those pages or links you are redirected to
another page that promotes a particular product or service.

◦ In some cases, pop-ups windows appear with promotional content for a

particular product.
34
◦ This is all done with the help of adware programs.
 Adware
◦ A few very important symptoms of your computer to have been
affected by the adware include the following:

─ Frequent redirects
─ Huge number of spam emails
─ Frequent popup windows of offers
─ Bombardment of product ads in browser
─ Heavy outgoing and incoming traffic
─ Slowdown of internet connection

35
 Adware

◦ So, an adware is a software code that is used to force the users to see a
particular advertisement or promotional content on any website,
popup window or a commercial advertisement.

◦ The adware software programs are created by the hired programmers

for a particular company, which pays the programmers for such codes.

36
 Adware
◦You can avoid adware or reduce them by taking the following
measures:

Activate popup blocker on your browser

Use your common sense what to click and what not
Activate the firewall

Install an anti-adware software

Update the anti-adware software regularly

Try to avoid free downloads, they may contain adware codes

37
 Adware
◦ This is very important to note that adware is normally not so
dangerous to damage your computer or valuable data; so,
don’t panic ‫هلع‬at all.

◦ This malware only focuses on your behavior to study and send

you the targeted advertisements that you may be interested in.

38
 Adware
◦ Hundreds of adware have been detected on the internet, a few very important
among those adware codes are listed below:
─ DeskAd adware
─ SpyTrooper adware
─ WebCake adware
─ WebSparkle adware
─ 1ClickDownloader adware
─ Aartemis search adware
─ AnyWhereMe toolbar adware
─ AllSearchApp adware
─ GetSavin adware
─ Hotspot Shield adware
39
 Scareware ‫خداع‬
◦ Scareware is a type of malware, which pops up in window with a serious warning
about any virus threat on your computer.
◦ But, in reality there is no threat or virus on your computer excepting that hoax
‫خدعة‬, which appeared on your screen.
◦ The alert looks very genuine from certain reputable ‫حسن السمعة‬websites, but they
are not genuine websites.
◦ This message normally prompts‫ حث‬the users to download or call some numbers to
get help.
◦ The main objective behind the Scareware is sale fake and bogus products.
◦ The use of scareware has been also found in the entertainment pranks.

40
 Scareware
Use of the Scareware:

(1) The hackers trick the users to input the credit card, personal, and bank
information on their website. Once you provide that information, your data has
been compromised for malicious financial uses.

(2) To force the user to download some free antivirus software to clean your
computer from those viruses that the website has detected. But, that free antivirus
is itself a dangerous software program, which can control your computer and start
damaging your system or stealing your data.

◦ So, the scareware can be the foundation of many dangerous cyberattacks.

41
 Scareware
The main objectives of spreading scare may include the following:

 Selling fake products

 Stealing personal and bank information
 Installing viruses and other malicious codes for cyber crimes
 Blackmailing for some ransom ‫ابتزاز‬
 Prank for fun

42
 Scareware
You can avoid the impact of scareware by taking the following steps:

─ Don’t panic ‫هلع‬at all

─ Check if your antivirus is working well
─ Keep your antivirus up to date
─ Search about the legitimacy of that website, which alerts you of virus
on your computer
─ Search for the legitimacy of the message you see on your computer
─ Never rely on free software in such conditions
─ Purchase a genuine antivirus and install if you have none installed on
your computer
43
 Scareware

◦ The hackers use the social engineering tactics to force you follow the
instructions they give you.

◦ So, always use your common sense and remain calm and cool to deal
with the situation.

44
Browser Hijacker
◦ You might have been in the situation when the default settings of your
browser were changed. For example, your default search engine was
changes to a new one without getting permission from you.

◦ As we know that the browser is one of the core software tools that are
used to connect to a wide range of computer programs, web
applications, websites, and many other digital resources located on the
internet or even on the local networks.

◦ If any breach in the browser is established, all of your digital resources

including the security passwords are at stake. So, hackers try to attack the
browsers more frequently to establish a way to attack computers and
networks. 45
Browser Hijacker
◦ When you observe this situation, be sure that your computer’s
browser has been hijacked ‫مختطف‬by the malicious program, which is
altering the settings of browser and creating a way for the malicious
programs to intrude in.

◦ In some cases, you might have seen that some unknown plugins
‫اإلضافات‬have been installed and activated on your browser. Although
you have not downloaded or installed on your browser, but still they
are there and active.

46
Browser Hijacker
◦ Browser Hijacker malware is a certain malicious code.

◦ This code is used to pave the way for different kinds of cyberattacks on your
computer or to the other computers on your network.

◦ Browser hijacker normally downloaded on your computer via some free

software applications.

◦ The main objective of browser hijacker software is to force the users to visit
certain websites for improving the volume of traffic on that particular website.

◦ When the traffic of a website is improved, the website gets higher revenue of
online advertisement.

47
Browser Hijacker
 The browser hijacker malware can also be used for stealing personal
information, user accounts, and other information for financial benefits.

 The symptoms and impact of browser hijack malware may include:

 Slow browsing speed

 Multiple tool bars on the browser
 Redirecting your search queries to websites that you have not set as default
 A large number of popup windows and ads appear on your browser

48
Browser Hijacker
You can save your browser from being hijacked by the browser hijacker
malware by taking the following measures:

─ Avoid free downloads as much as possible

─ Disable unwanted tool bars
─ Remove or disable unwanted plugins
─ Set your default search engine
─ Install antimalware erasers
─ Use common sense while downloading and internet browsing

49
 Rootkit
◦ Rootkit ‫ الجذور الخفية‬is a type of malware that gets the administrator level
privileges on the operating system of the computer without showing its
presence on the computer.

◦ The main feature of rootkit is that it hides from being detected easily but
maintains the control over the operating system to perform its designated
tasks on the system.

◦ The normal behavior of the operating system is subverted‫ مخربة‬by the

rootkit malware on the system.

50
 Rootkit
◦ As we know all applications on the computer including the antivirus, anti-
malware, and other security related applications use the application
programming interfaces or APIs provided by the operating system.

◦ A powerful rootkit gets control on those APIs and establishes the full
control on the system.

◦ For instance, windows browser program sends a request to the operating

system API to find a certain file on the computer. The operating system
responds to the browser through API about that file. API Application
Programming Interface ‫وباللغة العربية واجهة برمجة التطبيقات‬.

◦ The rootkit malware subverts the request sent to the operating system
51
from reaching to the desired API and responds with fake responses.
 Rootkit
◦ Moreover, you request the operating system to start the antivirus or anti-
malware application to scan your computer; the request is interrupted
from reaching to the operating system. The rootkit interrupts the request
and sends you a fake response that the program you requested for is not
working at this time.

◦Rootkit is considered as one of the nastiest‫ شرير‬forms of malware that is

not easily detected and removed from your computer once it has
established the privileges to access and control the operating system
through available vulnerabilities in the OS and other applications.

52
 Rootkit
There are three main goals (objectives) of a rootkit on a computer as
mentioned below:

─ Running freely without any restrictions of having been caught and

deleted
─ Hiding from the system applications and the user of the computer
─ Stealing personal information, passwords, and installing other malicious
programs on the computer so that the compromised computer can be
used for attacking the other computers on the network

53
 Rootkit
◦ There are numerous types of rootkits based on the objective and point of
attack on the systems.

◦ A few very well-known and important rootkits are listed below:

─ Memory rootkits
─ Kernel rootkits
─ Bootkit rootkits
─ Firmware rootkits
─ Library rootkits
─ Application rootkits

54
 Rootkit
◦ For a normal user of the computer, it may be very difficult to recognize that the
computer has been infected by the rootkits.

◦ If the computer shows the following symptoms, then you should suspect that the
computer has been infected by the rootkit attack.

─ Modifications in the dates and time of computer

─ Slowdown of the computer
─ Unexpected system error messages
─ Many programs, especially computer security related programs fail to start
─ Substantial redirects on browsers
─ Appearance of blue screen of death

55
 Rootkit

◦ Rootkits travel through the standard ways of the propagation of

viruses, worms and other malware programs. Those include:

─ Infected ‫ُمصاب‬downloads
─ Unknown emails
─ Short text messages (SMS)

56
 Rootkit
◦ It is very difficult to detect and remove the rootkit from your computer, once it has established the control over
the operating system APIs.

◦ Normally, the rootkit remains unnoticed on the machine and keeps doing its job.

◦ For remaining many days on the computer, the system becomes a rogue‫ محتال‬machine, and many malicious
programs start running on the machine. Those programs will be used for different malicious activities.

◦ You will find the behavior of operating system very irritating ‫مزعج‬with the passage of time. One day you will see
a cryptic blue screen of death and your computer will never load again normal.

◦ Now, you will have to re-install and configure your computer from the scratch.

57
 Rootkit
But you can still take the following steps to avert ‫تجنب‬from getting rootkits
control of your computer. Save

solve

─ Always visit the legitimate and secure websites

─ Don’t download free and compromised products
─ Open emails and their attachments from known people only
─ Never open attachments in SMS and other messages
─ Activate firewall on your system
─ Activate intrusion prevention system IPS
─ Activate access control lists ACL on the system and network

58
 Rootkit

─ Scan and clean flash or other data traveling devices before opening the files
─ Use the latest anti-rootkit tools with Security Technology and Response
(STAR) technology
─ Keep your anti-malware up to date
─ Keep operating system up to date

59
 Rootkit

◦ Many new software tools have also been created by the major computer
security software providers like Norton, Avast, Panda, Kaspersky, and
others.

◦ All those tools are able to detect the rootkits if present on your computer.
They are also able to remove the nastiest forms of the rootkits on your
computer easily.

60
THANK YOU!

61