Unit6 Malicious Software

Malicious Software
• Malicious software, also known as malware, is any software that is designed to
harm or exploit computer systems.
• There are many types of malware, including viruses, worms, Trojan horses,
ransomware, and spyware.
• Malware can be spread through a variety of means, including email attachments,
infected websites, and software downloads.
• Once it has been installed on a system, malware can perform a variety of harmful
activities, such as stealing sensitive information, disrupting system functions, or
holding data hostage.
• To protect against malware, it is important to keep computer systems and
software up to date with the latest security patches, use antivirus software, and
be cautious when opening email attachments or downloading software from the
internet.
• It is also a good idea to regularly back up important data to protect against the
possibility of data loss due to malware.
Advanced Persistent Threat
• Advanced: Combination of attack methods and tools
• Persistent: Continuous monitoring and interaction, “Low-and-slow”
approach
•Threat: Attacker is skilled, motivated, organized and well funded
• Sophisticated attack that tries to access and steal information from
computers
• Requirement: Remain invisible for as long as possible
• Targets
• .mil and .gov sites
• Department of Defense contractors
• Infrastructure companies
• CEOs or leaders of powerful enterprise or gov. agencies
Stages of an APT Attack
• Step 1: Reconnaissance:
• Research and identify targets
• Using public search or other methods
• Obtain email addresses or IM handles
• Step 2: Intrusion into the Network:
• Spear-phishing emails
• Target specific people
• Spoofed emails
• include malicious links or attachments
• Infect the employee's machine
• Gives the attacker a foot in the door
• Step 3: Establishing a Backdoor:
• Try to obtain domain admin credentials
• grab password hashes from network DCs
• Decrypt credentials to gain elevated user privileges
• Move within the network
• Install back doors here and there
• Typically install malware

• Step 4: Obtaining User Credentials:

• Use valid user credentials
• Average of 40 systems accessed using these credentials
• Most common type of credentials: Domain admin
APT…
• Step 5: Installing Multiple Utilities :
• Utility programs conduct system admin.
• Installing backdoors
• grabbing passwords
• getting emails
• Typically found on systems without backdoors
• Step 6: Data Exfiltration :
• Grab emails, attachments, and files
• Funnel the stolen data to staging servers
• Encrypt and compress
• Delete the compressed
• Step 7: Maintaining Persistence :
• Use any and all methods
• Revamp malware if needed
Virus
• A virus is a small piece of software that is designed to replicate itself and spread
from one computer to another.
• Viruses can be transmitted through email attachments, infected websites, or
infected files that are shared over a network. Once a virus infects a computer, it
can perform a variety of harmful actions, such as deleting files, stealing sensitive
information, or sending spam emails from the infected computer
• Viruses are typically classified according to the type of harm they can cause. Some
viruses are designed to damage or destroy computer systems, while others are
designed to steal sensitive information or to use the infected computer to perform
illegal activities.
• There are also viruses that are designed to display annoying or inappropriate
messages, or to slow down the performance of a computer.
• To protect against viruses, it is important to use antivirus software, keep the
operating system and other software up to date, and be cautious when opening
emails or downloading files from the internet.
Worm
• worm is a type of computer malware that is designed to replicate itself and spread from one
computer to another, often over a network.
• Unlike viruses, which require a host program to replicate, worms are self-contained and can spread
on their own.
• Worms can cause a variety of harmful effects, such as consuming network bandwidth, slowing down
or crashing computer systems, or stealing sensitive information.
• Some worms are also designed to exploit vulnerabilities in computer systems to gain unauthorized
access or to install other malicious software.
• Worms can be transmitted through email attachments, infected websites, or through vulnerabilities
in networked systems.
• To protect against worms, it is important to use antivirus software, keep the operating system and
other software up to date, and practice safe browsing habits by avoiding suspicious websites and
emails.
Spam Email
• Spam email is unwanted or unsolicited email that is often sent in large quantities.
It is typically sent for the purpose of advertising, phishing, or spreading malware.
Some common characteristics of spam email include:
• It is unsolicited, meaning that you did not request or sign up to receive it.
• It is often sent in large quantities, with the sender hoping to reach as many people as
possible.
• The sender may use false or misleading information in the subject line or body of the email
to entice you to open it.
• It may contain links to suspicious websites or attachments that could potentially contain
malware or viruses.
• The sender may use forged or fake headers to try to hide their identity.
• To protect yourself from spam email, you can use email filters or spam blockers,
be cautious about opening email from unknown senders, and avoid clicking on
links or downloading attachments from unfamiliar sources.
Trojan
• A Trojan, or Trojan horse, is a type of malware that disguises itself as legitimate
software. Trojans are often delivered through email attachments, malicious
websites, or by exploiting vulnerabilities in software or operating systems.
• Once a Trojan is installed on a device, it can give an attacker access to the device
and its data. Depending on the type of Trojan, an attacker may be able to:
• Access files and data on the device
• Control the device remotely
• Use the device to launch attacks on other systems
• Steal sensitive information such as login credentials or financial data
• To protect against Trojans, it is important to keep your software and operating
system up to date with the latest security patches, use antivirus software, and be
cautious when opening email attachments or downloading software from the
internet. It is also a good idea to regularly back up important data to prevent loss
in the event that a Trojan does manage to infect your device
System Corruption
• System corruption refers to damage or errors in the system files or configuration of a computer or
other device that can prevent it from functioning properly. System corruption can be caused by a
variety of factors, including malware infections, hardware failures, and incorrect or incomplete
installations of software.
• Symptoms of system corruption can include:
• Error messages or other problems when booting up or running the device
• Unexpected system crashes or freezes
• Difficulty opening or running certain programs or files
• Changes to system settings or appearance that you did not make
• If you suspect that your system may be corrupt, there are a few steps you can take to try to fix the
problem:
• Try restarting the device to see if the issue is resolved.
• Run a scan with antivirus software to check for and remove any malware that may be causing the corruption.
• Check for and install any available updates or patches for the operating system or any programs you are using.
• If the issue persists, you may need to try more advanced troubleshooting techniques or seek assistance from a
technical support professional. In some cases, it may be necessary to restore the system to a previous state or
reinstall the operating system.
Key Logger
• A keylogger, also known as a keystroke logger or keyboard logger, is a type of
software or hardware that records every keystroke made on a computer or other
device. Key loggers can be used for a variety of purposes, including tracking
employee activity, monitoring children's internet use, and stealing sensitive
information such as passwords and financial data.
• Key loggers can be installed on a device through various means, such as email
attachments, software downloads, or physical access to the device. Once installed,
they can operate in the background, undetected by the user, and send the
recorded keystrokes to the person who installed the keylogger.
• To protect against keyloggers, it is important to use strong, unique passwords for
all of your accounts and to avoid downloading or opening attachments from
unknown sources. You can also use antivirus software to detect and remove
keyloggers, and be cautious about allowing anyone physical access to your device
phishing
• Phishing is a type of cyber attack in which an attacker attempts to trick individuals into
disclosing sensitive information, such as passwords, financial data, or personal
identification numbers (PINs), by posing as a legitimate entity or person. Phishing attacks
often take the form of email or text messages that contain links to malicious websites or
attachments that, when clicked on or downloaded, can install malware or steal personal
information.
• Phishing attacks can be difficult to identify, as the attackers often use fake or misleading
email addresses, subject lines, or websites that are designed to look legitimate. They may
also use social engineering techniques to try to create a sense of urgency or fear in the
victim, in order to trick them into revealing sensitive information.
• To protect against phishing attacks, it is important to be cautious about opening email or
text messages from unfamiliar sources, and to be wary of links or attachments, even if
they appear to come from a legitimate source. It is also a good idea to use antivirus
software and to enable two-factor authentication on your accounts whenever possible.
spyware
• Spyware is a type of software that is designed to gather information about an individual or organization without
their knowledge or consent. Spyware can be installed on a device through various means, such as email
attachments, software downloads, or by exploiting vulnerabilities in the device's operating system or other
software.
• Once installed, spyware can operate in the background, collecting and transmitting information about the
device and its user. This information can include browsing history, keystrokes, login credentials, and financial
data. Spyware can also track the user's location, monitor their activity, and record their conversations.
• Spyware can be difficult to detect, as it is designed to operate covertly. However, there are a few signs that you
may have spyware on your device:
• Your device is slower than usual
• Your device is crashing or freezing
• Your battery is draining faster than usual
• You are seeing pop-up ads or other unwanted notifications
• You are being redirected to unfamiliar websites
• To protect against spyware, it is important to use antivirus software, keep your operating system and software
up to date with the latest security patches, and be cautious about downloading or opening attachments from
unfamiliar sources. You should also be careful about the websites you visit and the information you share
online.
Backdoor
• A backdoor is a method of bypassing normal authentication or security controls in order to gain
unauthorized access to a system. Backdoors can be created intentionally by an attacker or malicious
insider, or they can be the result of an accidental vulnerability in the system.
• Backdoors can take various forms, such as:
• A hidden user account with a default or known password
• A modified version of a legitimate program that allows unauthorized access
• A port or service that is intentionally left open for remote access
• A piece of code that allows an attacker to remotely execute commands on the system
• Backdoors can be used to gain unauthorized access to a system, to bypass security controls, or to
maintain persistence on a system after an initial compromise. They can pose a serious security risk,
as they allow an attacker to gain access to sensitive data or to use the compromised system to
launch attacks on other systems.
• To protect against backdoors, it is important to keep your software and operating system up to date
with the latest security patches, use strong, unique passwords, and be cautious about downloading
or installing software from unfamiliar sources. It is also a good idea to regularly scan your system for
vulnerabilities and to use antivirus software to detect and remove any malicious software that may
have been installed
Rootkit
• A rootkit is a type of malware that is designed to gain administrator-level access to
a computer or other device. Rootkits can be installed on a device through various
means, such as email attachments, software downloads, or by exploiting
vulnerabilities in the device's operating system or other software.
• Once installed, rootkits can operate in the background, allowing an attacker to
gain access to sensitive data, monitor the user's activity, or control the device
remotely. Rootkits can be difficult to detect, as they are designed to run covertly
and to hide their presence from the user and from security software.
• To protect against rootkits, it is important to use antivirus software, keep your
operating system and software up to date with the latest security patches, and be
cautious about downloading or installing software from unfamiliar sources. It is
also a good idea to regularly scan your system for vulnerabilities and to use
security tools that are specifically designed to detect and remove rootkits
Countermeasures of malwares
• There are a number of steps that you can take to protect your device and your data from malware:
1. Use antivirus software: Antivirus software can detect and remove malware from your device. It is important to keep your
antivirus software up to date in order to protect against the latest threats.
2. Keep your operating system and software up to date: Installing the latest security patches and updates can help to
protect against vulnerabilities that malware might exploit.
3. Use strong, unique passwords: Using strong, unique passwords for all of your accounts can help to prevent malware
from accessing your accounts through password cracking or other methods.
4. Be cautious when downloading or opening attachments: Malware can often be delivered through email attachments or
downloaded from the internet. Be careful about downloading or opening attachments from unfamiliar sources, and be
sure to scan them with antivirus software before opening them.
5. Enable two-factor authentication: Two-factor authentication (2FA) adds an extra layer of security by requiring a second
form of authentication, such as a code sent to your phone, in addition to your password. This can help to prevent
unauthorized access to your accounts, even if your password is compromised.
6. Back up your data: Regularly backing up your data can help to protect against loss in the event that your device is
infected with malware.
7. Use a firewall: A firewall can help to protect your device from incoming threats by blocking unwanted traffic from
reaching your device.
8. Be cautious about the websites you visit: Malware can often be downloaded from malicious websites. Avoid visiting
unfamiliar or suspicious websites, and be sure to keep your browser and operating system up to date to protect against
vulnerabilities.