Question

1. Explain Malware and viruses ?

2. Explain two of the attacks and give a real scenario ?

3. How can you defend your network from these attacks?

Answer 1

Ans 1 :

Malware :

• Malware is a malicious software intentionally designed to provide damage to your computer network whether it is your computer, server, or client machine.
• Malware consists of code developed by attackers, designed to cause major damage to data by altering, deleting, or accessing it in an unauthorized way.
• It is typically delivered in the form of a link or file over email. It requires to run the file or click the malicious link to execute it.
• There are different types of malware like viruses, worms, spyware, trojans, and ransomware.
• If malware exists in your system, user actions are mainly responsible for its spread either my emails, social media, or messaging.

Types of Malware :

1. Virus: Viruses are designed to damage the target computer by corrupting data, reformatting your hard disk, or completely shutting down your system by inserting their code in software programs.

2. Worm: A worm is a standalone program that replicates itself to infect other computers, without requiring action from anyone. They are used to execute a payload that can delete files on a host system, encrypt data for a ransomware attack, steal information, delete files, and create botnets.

3. Trojan: Using trojans, the attacker can steal data, install malware, modify files, monitor user activity, destroy data, steal financial information, conduct denial of service (DoS) attacks on targeted web addresses.

4. Spyware: Spyware is designed to track your browsing habits and internet activity. Spying capabilities can include activity monitoring, collecting keystrokes, and harvesting of account information, logins, and financial data.

5. Adware: Malicious adware can collect data on you, redirect you to advertising sites, and change your internet browser settings, your default browser and search settings, and your homepage.

6. Ransomware: Ransomware is a type of malware that holds your data captive and demands payment to release the data back to you. It restricts user access to the computer by encrypting files on the hard drive and displaying messages that are intended to force the user to pay the attacker to release the restrictions and regain access to the computer.

Viruses :

• It is a program (malicious code) that replicates itself by altering other computer programs and inserting its code there causing malfunction of the infected programs.
• As the name says, it spreads from host to host and can replicate itself.
• They can be spread through email and text message attachments, Internet file downloads, and social media links.
• There are different types of viruses like boot sector virus, resident virus, direct action virus, polymorphic virus, etc.
• They can flood traffic in the network, disrupt systems performance, and causing frequent crashes to computer software.

Types of Viruses :

1. Boot sector virus: This type of virus can take control when you boot your computer. One way it can spread is by plugging an infected USB drive into your computer.

2. Web scripting virus: This virus exploits the code of web browsers and web pages. If you access a malicious web page, the virus can infect your computer.

3. Browser hijacker: This virus “hijacks” certain web browser functions, and you may be automatically directed to an unintended website.

4. Resident virus: This is a general term for any virus that inserts itself in a computer system’s memory. It can execute anytime when an operating system loads.

5. Direct action virus: This virus comes into action when you execute a file containing a virus. Otherwise, it remains dormant.

6. Polymorphic virus: A polymorphic virus changes its code each time an infected file is executed. It does this to evade antivirus programs.

7. File infector virus: This common virus inserts malicious code into executable files — files used to perform certain functions or operations on a system.

8. Multipartite virus: This virus infects and spreads in multiple ways. It can infect both program files and system sectors.

9. Macro Virus: Macro viruses are written in the same macro language used for software applications. Such viruses spread when you open an infected document, often through email attachments.

10. Overwrite Virus: This virus deletes all the files that it infects and spreads through emails.

11. Spacefiller Virus: Also known as “Cavity Viruses”, this virus fills up the empty spaces between the code and hence does not cause any damage to the file.

Ans 2 :

Malware Attack :

• A malware attack is when attackers create malicious software that is installed on users’ devices without their knowledge to gain access to personal information or to damage the device, usually for financial gain.
• Exploit kits are malicious toolkits that attackers use to search for software vulnerabilities on a target’s computer or mobile device.
• Malicious websites and drive-by-downloads: A drive-by-download is a download that occurs when a user visits a malicious website that is hosting an exploit kit for malware attacks.
• Malvertising: Malvertising is a type of malware attack that can display unwanted advertisements or content on your screen when you browse the web.
• Man-in-the-middle attack: All an attacker needs to do is inject malware into the computer, which will then install itself into the browser without the user’s knowledge. The malware will then record the data that is being sent between the victim and specifically targeted websites.
• Social engineering and malware attacks: Social engineering involves the manipulation of human emotions. The goal is to trick the user into downloading malware or clicking a link to a compromised website that hosts the malware. The link will then lead the user to a copy of the legitimate website, in the hope that the user will enter their credentials for the site so they can be taken by the attacker.

Example for real Scenario :​​​​​​​

• As Coronavirus disease is going on, cyber-attacks have used its fear as a method of exploitation.
• CovidLock is a malware application for android mobiles.
• It infects the victim's mobile by malicious files by promising te user to give him/her information about Corona Disease.
• Once it is installed, it denies the user from accessing data.
• To take access, you have to a ransom of 100 dollars.   

Virus Attack :

• A computer virus operates in two ways.
• The first type, as soon as it lands on a new computer, it begins to replicate itself.
• The second type plays dead until the triggered kick starts the malicious code. In other words, the infected program needs to run to be executed. Therefore, it is highly significant to stay shielded by installing a robust antivirus program.
• It affects files by altering data on file, stealing passwords, deleting files, inserting its code in software which leads to frequent crashes.
• The file whose code is altered by the virus is known as an infected file. If this file is moved inside the system or any other system it helps to spread the virus in the system.

Example for real Scenario :

• One of the most famous viruses is Melissa created by David Smith.
• It is initially masked as an infected Microsoft Word document.
• Once you download it and try to open it, this virus sends itself to 50 people in your address book by creating a lot of email traffic.
• This virus caused about $80 million worth of damages.

Ans 3 :

Approaches against Viruses and Malware :

• We can either remove the virus manually or installing an antivirus system, anti spyware system, and a firewall.
• we can avoid clicking on pop-up ads.
• Before downloading any file, we should always scan the files
• We can install adware protection to avoid web scripting viruses.
• Avoiding download of unknown and untrusted email attachments and opening them.
• Avoiding third-party sources as more as possible.
• Especially avoiding Questionable websites as they collect your information for using it in the wrong way.
• Updating your software and operating system regularly on time.
• Deleting messages that you suspect as spam.
• While connecting external peripherals like USB, scan it before use.