MODULE: III

Subject: Fundamentals of Cyber Security

Subject Code: CSCER0PC101
 MALWARE

What is malware?

Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or

server.Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware. These

malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions; and

monitor end users' computer activity.

What does malware do?

Malware can infect networks and devices and is designed to harm those devices, networks and their users in

some way. Depending on the type of malware and its goal, this harm might present itself differently to the user

or endpoint. In some cases, the effect of malware is relatively mild and benign, and in others, it can be

disastrous.
Malware can typically perform the following harmful actions:

● Data exfiltration. Data exfiltration is a common objective of malware. During data exfiltration, once a system is infected with malware,

threat actors can steal sensitive information stored on the system, such as emails, passwords, intellectual property, financial information

and login credentials. Data exfiltration can result in monetary or reputational damage to individuals and organizations.
● Service disruption. Malware can disrupt services in several ways. For example, it can lock up computers and make them unusable or

hold them hostage for financial gain by performing a ransomware attack. Malware can also target critical infrastructure, such as power

grids, healthcare facilities or transportation systems to cause service disruptions.

● Data espionage. A type of malware known as spyware performs data espionage by spying on users. Typically, hackers use keyloggers to

record keystrokes, access web cameras and microphones and capture screenshots.
● Identity theft. Malware can be used to steal personal data which can be used to impersonate victims, commit fraud or gain access to

additional resources. According to the IBM X-Force Threat Intelligence Index 2024, there was a 71% rise in cyberattacks using stolen

identities in 2023 compared to the previous year.

● Stealing resources. Malware can use stolen system resources to send spam emails, operate botnets and run cryptomining software, also

known as cryptojacking.
● System damage. Certain types of malware, such as computer worms, can damage devices by corrupting the system files, deleting data

or changing system settings. This damage can lead to an unstable or unusable system.
How do malware infections happen?
Malware authors use a variety of physical and virtual means to spread malware that infects devices and networks, including the
following:

● Removable drives. Malicious programs can be delivered to a system with a USB drive or external hard drive. For
example, malware can be automatically installed when an infected removable drive connects to a PC.
● Infected websites. Malware can find its way into a device through popular collaboration tools and drive-by downloads,
which automatically download programs from malicious websites to systems without the user's approval or knowledge.
● Phishing attacks. Phishing attacks use phishing emails disguised as legitimate messages containing malicious links or
attachments to deliver the malware executable file to unsuspecting users. Sophisticated malware attacks often use a
command-and-control server that lets threat actors communicate with the infected systems, exfiltrate sensitive data and
even remotely control the compromised device or server.
How do malware infections happen?
● Obfuscation techniques. Emerging strains of malware include new evasion and obfuscation techniques designed to fool
users, security administrators and antimalware products. Some of these evasion techniques rely on simple tactics, such as
using web proxies to hide malicious traffic or source Internet Protocol (IP) addresses. More sophisticated cyberthreats
include polymorphic malware that can repeatedly change its underlying code to avoid detection from signature-based
detection tools; anti-sandbox techniques that enable malware to detect when it's being analyzed and to delay execution
until after it leaves the sandbox; and fileless malware that resides only in the system's RAM to avoid being discovered.
● Software from third-party websites. There are instances where malware can be downloaded and installed on a system
concurrently with other programs or apps. Typically, software from third-party websites or files shared over peer-to-peer
networks falls under this category. For example, a computer running a Microsoft operating system (OS) might end up
unknowingly installing software that Microsoft would deem as a potentially unwanted program (PUP). However, by
checking a box during the installation, users can avoid installing unwanted software.
Types of malware
Types of malware
● Virus. A virus is the most common type of malware that can execute itself and spread by infecting other programs or files.
● Worm. A worm can self-replicate without a host program and typically spreads without any interaction from the malware authors.
● Trojan horse. A Trojan horse is designed to appear as a legitimate software program to gain access to a system. Once activated

following installation, Trojans can execute their malicious functions.

● Spyware. Spyware collects information and data on the device and user, as well as observes the user's activity without their

knowledge.
● Ransomware. Ransomware infects a user's system and encrypts its data. Cybercriminals then demand a ransom payment from

the victim in exchange for decrypting the system's data.

● Rootkit. A rootkit obtains administrator-level access to the victim's system. Once installed, the program gives threat actors root or

privileged access to the system.

● Backdoor virus. A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an infected computer system

that lets threat actors remotely access it without alerting the user or the system's security programs.
 Types of malware
● Adware. Adware tracks a user's browser and download history with the intent to display pop-up or banner
advertisements that lure the user into making a purchase. For example, an advertiser might use cookies to track the
webpages a user visits to better target advertising.
● Keyloggers. Keyloggers, also called system monitors, track nearly everything a user does on their computer. This
includes writing emails, opening webpages, accessing computer programs and typing keystrokes.
● Logic bombs. This type of malicious malware is designed to cause harm and typically gets inserted into a system
once specific conditions are met. Logic bombs stay dormant and are triggered when a certain event or condition is
met, such as when a user takes a specific action on a certain date or time.
● Exploits. Computer exploits take advantage of existing vulnerabilities, flaws or weaknesses in a system's hardware
or software. Instead of depending on social engineering tactics to execute, they exploit technical vulnerabilities to
gain unauthorized access and perform other malicious activities such as executing arbitrary code inside a system.
 Email Attachments and Phishing
Attackers often use phishing emails to trick users into downloading and executing malicious files.

📌 How it Works:

● Cybercriminals send fake emails pretending to be from legitimate sources (banks, companies, or government agencies).
● These emails contain malicious attachments (PDFs, Word documents, ZIP files, or executables) that install malware when
opened.
● Some phishing emails include links leading to fake login pages designed to steal credentials.
● Example: A fake email from "PayPal" requesting urgent account verification with an infected attachment.

Common Types of Malicious Email Attachments:

● .exe (Executable files) – Directly installs malware.

● .doc/.xls (Macros-enabled documents) – Uses macros to download malware.
● .pdf (PDF Exploits) – Contains hidden scripts or links to malicious sites.
● .zip/.rar (Compressed files) – May contain malware inside an archive.
 Infected Websites and Malicious Downloads
Another major way malware spreads is through compromised websites and malicious downloads.

📌 How it Works:

● Attackers inject malicious code into legitimate websites, infecting visitors through drive-by downloads (malware installs automatically without user
interaction).
● Users download software, movies, or games from untrusted sources, which may include hidden malware.
● Some websites use exploit kits to take advantage of software vulnerabilities (e.g., outdated browsers, Flash, or Java).
● Example: A user searching for free software downloads unknowingly installs a Trojan-infected version.

🔹 Common Infection Methods:

● Fake Software Updates – Pop-ups claiming your browser or Flash Player is outdated.
● Malvertising (Malicious Ads) – Ads on legitimate sites leading to infected downloads.
● Bundled Software – Freeware containing hidden malware or adware.
● Exploit Kits – Automatically exploit system vulnerabilities when a user visits a compromised page.

✅ Prevention:
✔ Avoid downloading software from unofficial sources.
✔ Use browser extensions to block malicious ads and scripts.
✔ Keep your OS, browsers, and plugins up to date.
✔ Scan downloaded files with antivirus software before opening.
 Antivirus Software: Overview, Limitations, and Choosing the Right On e

Overview of How Antivirus Software Works

Antivirus software is a cybersecurity tool designed to detect, prevent, and remove malware from computers, networks, and mobile
devices. It uses various techniques to identify and neutralize threats.

📌 Key Functions of Antivirus Software:

✅ Signature-Based Detection – Compares files against a database of known malware signatures.
✅ Heuristic Analysis – Detects new and modified malware by analyzing behavior and code patterns.
✅ Behavior-Based Detection – Monitors program behavior in real time to identify suspicious activities.
✅ Sandboxing – Runs potentially malicious files in an isolated environment to observe their behavior.
✅ Real-Time Scanning – Continuously monitors system files, emails, and downloads for threats.
✅ Automatic Updates – Regularly updates its database with the latest malware definitions to stay effective.

🛠 Example: If you download a suspicious file, the antivirus will scan it before execution, checking for known threats or unusual
behavior.
 Antivirus Software: Overview, Limitations, and Choosing the Right On e

Limitations of Antivirus Software

Despite its usefulness, antivirus software has certain limitations:

🚫 1. Inability to Detect Zero-Day Attacks – New malware variants (zero-day threats) may go undetected until antivirus databases
are updated.
🚫 2. Performance Impact – Some antivirus programs can slow down system performance, especially on older devices.
🚫 3. Cannot Prevent Social Engineering Attacks – Phishing attacks and scams rely on tricking users rather than malware infection.
🚫 4. Limited Against Fileless Malware – Some advanced malware operates in system memory, making traditional file-based
scanning ineffective.
🚫 5. Over-Reliance on Signatures – If a virus signature is not in the database, the antivirus may fail to detect it.
🚫 6. False Positives – Some legitimate programs may be mistakenly flagged as malware.

🔎 Solution: Combine antivirus with other security measures like firewalls, intrusion detection systems, and endpoint security
solutions.
 Antivirus Software: Overview, Limitations, and Choosing the Right On e

Choosing the Right Antivirus

When selecting an antivirus, consider the following factors:

1. Security Features:
✔️Real-time protection
✔️Firewall integration
✔️Ransomware protection
✔️Email and web filtering
✔️Heuristic and behavior-based detection

💻 2. System Performance:
✔️Choose a lightweight antivirus that doesn’t slow down your device.

💰 3. Pricing and Licensing:

✔️Free versions offer basic protection, while premium versions provide advanced features like VPNs, password managers, and identity theft
protection.

🌐 4. Compatibility:
✔️Ensure the antivirus is compatible with your OS (Windows, macOS, Linux, Android, iOS).
 Antivirus Software & Malware: Key Considerations
Considerations for Home and Business Use

Choosing the right antivirus depends on whether it's for home or business use.

🔹 Home Use Considerations

✅ Ease of Use – User-friendly interface with automatic updates.

✅ Performance Impact – Should not slow down everyday tasks.
✅ Basic Security Features – Protection from common threats like phishing, viruses, and Trojans.
✅ Parental Controls (Optional) – For protecting children online.
✅ Cost – Free versions may be sufficient for basic security.

📌 Best for Home Users: Windows Defender (built-in), Bitdefender Free, Avast Free, Kaspersky Security Cloud.

🔹 Business Use Considerations

✅ Advanced Threat Protection – Defends against ransomware, zero-day attacks, and phishing.
✅ Multi-Device Protection – Covers multiple endpoints, including workstations and servers.
✅ Centralized Management – IT teams can manage security across all devices remotely.
✅ Data Loss Prevention – Prevents unauthorized access to sensitive business data.
✅ Compliance Requirements – Meets security regulations (e.g., GDPR, HIPAA).
✅ 24/7 Support – Essential for businesses to minimize downtime in case of attacks.

📌 Best for Businesses: Bitdefender GravityZone, Norton Small Business, Kaspersky Endpoint Security, McAfee Total Protection for Business.
Steps to Install Antivirus Software
nstalling antivirus software is essential for protecting your system from malware and cyber threats. Follow these steps to install and configure your antivirus
properly:

🔹 Step 1: Choose the Right Antivirus Software

● Select a trusted antivirus program (e.g., Windows Defender, Bitdefender, Kaspersky, Norton, McAfee, Avast).
● Decide between a free or paid version based on your needs.
● Ensure it is compatible with your operating system (Windows, macOS, Linux, Android, iOS).

🔹 Step 2: Download the Antivirus Software

● Visit the official website of the antivirus provider.

● Avoid downloading from third-party sites to prevent fake or malicious software.
● Click the Download button and save the setup file.

🔹 Step 3: Uninstall Any Previous Antivirus (If Any)

● Having multiple antivirus programs can cause conflicts.

● Go to Control Panel → Programs → Uninstall a program, find the old antivirus, and remove it.
● Restart your computer after uninstallation.
Steps to Install Antivirus Software
Step 4: Install the Antivirus Software
● Locate the downloaded setup file (usually in the "Downloads" folder).
● Double-click the file to run the installer.
● Follow on-screen instructions:
✅ Accept the license agreement
✅ Choose installation directory (default is recommended)
✅ Select recommended settings (real-time protection, automatic updates, etc.)
● Click Install and wait for the process to complete.

🔹 Step 5: Activate and Update the Antivirus

● If using a paid version, enter the license key to activate the software.
● Open the antivirus software and update virus definitions to get the latest security patches.

🔹 Step 6: Perform an Initial Full System Scan

● Run a full system scan to detect and remove any existing threats.
● Configure real-time protection to monitor new threats automatically.

🔹 Step 7: Configure Settings for Maximum Security

● Enable firewall protection (if available).
● Turn on automatic updates to stay protected against new threats.
● Set up scheduled scans to check for malware regularly.
● Enable web protection to block phishing sites.