Question

for each malware type ( Trojan Horse , Worm , Ransomware , spyware, logic bomb) find a real world example the past 10 years and describe it (name, exploit, damage)

Answer 1

Malware is any software intentionally designed to cause damage to computer ,server ,client or computer network.

1)TROJAN HORSE: Realworld example-Emotet

Disguises itself as desirable code.

2)WORM: Realworld example-Stuxnet

Spreads through a network by replicating itself.

3)RANSOMEWARE: Real world example-RYUK

Disabled victim's access to data until ransom is paid.

4)SPYWARE : Real world example -Dark hotel

Collects user activity data without their knowledge.

5) LOGIC BOMB: Real world example- WORM_SOHANAD.FM

1)TROJAN HORSE:

In computing, a Trojan horse, is any malware which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an email attachment disguised to appear not suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else.

●The peace-offering gift that made the Greeks win the war against the Trojans is no other than the Trojan Horse. It continues its legacy in the Information Technology. It's now used as one of the most threatening cyber threats on the Internet.

● It attacked 50% of entrepreneurs in the USA. They don't even realize that have Trojan horse virus on their computers. This is an alarming threat to many computer users .

● Most antivirus can't detect Trojan horse virus on the system. Even Trojan horse virus are dangerous, they still use ordinary DOS/Windows commands. Any attempt to trigger an alert on these commands would result in great false alarms.

Real world examples:

  

Exploit

● It contains data or code that abuses a    vulnerability within application software that’s operating on your endpoint.

Backdoor

●It gives malicious users remote access over the infected computer. They can do whatever they want such as sending, receiving, launching and deleting files, displaying data and rebooting the endpoint.

Trojan-Banker

● Its purpose is to steal your account data for online banking systems, e-payment systems and credit or debit cards.

Trojan-DDoS

●This Trojan horse virus can start up the Denial of Service (DoS) attacks. Not only it can affect endpoints, but also websites.

Rootkit

●These are designed to hide certain objects or activities in your system. This can effectively prevent malicious programs being detected.

2) WORM:

● A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.

●It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers.

●When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behavior will continue.

EMOTET(realworld example):

Emotet is a sophisticated banking trojan that has been around since 2014. It is hard to fight Emotet because it evades signature-based detection, is persistent, and includes spreader modules that help it propagate. The trojan is so widespread that it is the subject of a US Department of Homeland Security alert, which notes that Emotet has cost state, local, tribal and territorial governments up to $1 million per incident to remediate.

2)WORM:

●Worms target vulnerabilities in operating systems to install themselves into networks. They may gain access in several ways: through backdoors built into software, through unintentional software vulnerabilities, or through flash drives. Once in place, worms can be used by malicious actors to launch DDoS attacks, steal sensitive data, or conduct ransomware attacks.

Real  World  Example:

●Stuxnet was probably developed by the US and Israeli intelligence forces with the intent of setting back Iran’s nuclear program. It was introduced into Iran’s environment through a flash drive. Because the environment was air-gapped, its creators never thought Stuxnet would escape its target’s network — but it did. Once in the wild, Stuxnet spread aggressively but did little damage, since its only function was to interfere with industrial controllers that managed the uranium enrichment process.

3)RANSOME WARE:

●Ransomware is software that uses encryption to disable a target’s access to its data until a ransom is paid. The victim organization is rendered partially or totally unable to operate until it pays, but there is no guarantee that payment will result in the necessary decryption key or that the decryption key provided will function properly.

Real World Example:

●This year, the city of Baltimore was hit by a type of ransomware named RobbinHood, which halted all city activities, including tax collection, property transfers, and government email for weeks. This attack has cost the city more than $18 million so far, and costs continue to accrue. The same type of malware was used against the city of Atlanta in 2018, resulting in costs of $17 million.

4) SPYWARE:

●Spyware collects information about users’ activities without their knowledge or consent. This can include passwords, pins, payment information and unstructured messages.

●The use of spyware is not limited to the desktop browser: it can also operate in a critical app or on a mobile phone.

Real World Example:

●DarkHotel, which targeted business and government leaders using hotel WIFI, used several types of malware in order to gain access to the systems belonging to specific powerful people.

●Once that access was gained, the attackers installed keyloggers to capture their targets passwords and other sensitive information.

5)LOGIC BOMB:

●A logic bomb is a malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processed or on a specific date (also called a time bomb). Malware such as worms often contain logic bombs, which behave in one manner and then change tactics on a specific date and time.

Real World Example:

●Roger Duronio of UBS PaineWebber successfully deployed a logic bomb against his employer after becoming disgruntled due to a dispute over his annual bonus. He installed a logic bomb on 2000 UBS PaineWebber systems, triggered by the date and time of March 4, 2002, at 9:30 AM: “This was the day when 2000 of the company's servers went down, leaving about 17,000 brokers across the country unable to make trades. Nearly 400 branch offices were affected. Files were deleted. Backups went down within minutes of being run.”