EXPERIMENT NO.

4
Name : Bhaskar Kumbhar
Roll No. : 6118023
Aim : Case Study
a. Identification of 5 malware and its Classification
b. Exploring Authentication and Access Control using RADIUS
and TACACS +.

1. Ransomware:
Ransomware is malware that employs encryption to hold a victim’s
information at ransom. A user or organization’s critical data is encrypted so
that they cannot access files, databases, or applications. A ransom is then
demanded to provide access. Ransomware is often designed to spread across a
network and target database and file servers, and can thus quickly paralyze an
entire organization.
 When Ransomware Started ?
a. The first ever ransomware virus was created in 1989 by Harvard-trained
evolutionary biologist Joseph L. Popp (now known as the 'father of
ransomware').
b. It was called the AIDS Trojan, also known as the PC Cyborg. Popp sent
20,000 infected diskettes labeled “AIDS Information – Introductory
Diskettes” to attendees of the World Health Organization’s international
AIDS conference in Stockholm.
c. The disks contained malicious code that hid file directories, locked file
names and demanded victims send $189 to a PO Box in Panama if they
wanted their data back.
d. The AIDS Trojan was “generation one” ransomware malware and
relatively easy to overcome. The Trojan used simple symmetric
cryptography and tools were soon available to decrypt the file names.
But the AIDS Trojan set the scene for what was to come.
 Example :
a. WannaCry was a ransomware attack that spread to over 150 countries in
2017.
b. It was designed to exploit a security vulnerability in Windows that was
created by the NSA and leaked by the Shadow Brokers hacker group.
 c. WannaCry affected 230,000 computers worldwide. The attack hit one-
third of all NHS hospitals in the UK, causing estimated damages of 92
million pounds.
d. Users were locked out and a ransom payable in Bitcoin was demanded.
The attack exposed the issue of outdated systems, because the hacker
exploited an operating system vulnerability for which a patch had long
existed at the time of the attack. The worldwide financial damage
caused by WannaCry was approximately US$4 billion.

2. WORMS
A worm is a type of malware that spreads from one system to another
by creating copies of itself. A worm can replicate itself without any
human interaction, and it does not need to attach itself to a software
program in order to cause damage.
For Example: Storm Worm
 On January 17, Storm Worm was identified as a fast spreading email
spamming threat to Microsoft systems.
 It began gathering infected computers into the Storm botnet. By around
June 30, it had infected 1.7 million computers.
  It was originated in Russia, it disguises itself as a news email containing a
film about bogus news stories asking you to download the attachment
which it claims is a film.
 The Storm Worm began attacking thousands of (mostly private)
computers in Europe and the United States on Friday, January 19, 2007,
using an e-mail message with a subject line about a recent weather
disaster, "230 dead as storm batters Europe".
 During the weekend there were six subsequent waves of the attack. As
of January 22, 2007, the Storm Worm accounted for 8% of all malware
infections globally.

3. TROJAN
A Trojan horse or Trojan is a type of malware that is often disguised as
legitimate software. Users are typically tricked by some form of social
engineering into loading and executing Trojans on their systems. Once
activated, Trojans can enable cyber criminals to spy on you, steal your sensitive
data, and gain backdoor access to your system.
Example: Bitfrost Trojan
 Bifrost is a trojan that uses a backdoor server to send information to a
remote server.
 It then uploads one or more files and runs them on the compromised
computer.On December 28, 2005, the extremely dangerous Windows
WMF exploit was used to drop new variants of Bifrost to machines.
  While it can infect all Microsoft Windows operating systems starting
from Windows 95, the trojan's functionality is limited in more modern
operating systems, starting with Windows Vista.
 This is due to the fact that Windows UAC was introduced with Vista,
making the trojan unable to install itself without being launched with
administrator privileges.
 Bifrost uses the typical server, server builder, and client backdoor
program configuration to allow a remote attacker, who uses the client,
to execute arbitrary code on the compromised machine (which runs the
server whose behavior can be controlled by the server editor)

4. VIRUS
A computer virus is a malicious piece of computer code designed to spread
from device to device. A subset of malware, these self-copying threats are
usually designed to damage a device or steal data. Viruses can be spread
several ways, including via networks, discs, email attachments or external
storage devices like USB sticks.
Example: Stuxnet Virus
 Stuxnet is a malicious computer worm first uncovered in 2010 and
thought to have been in development since at least 2005.
  Stuxnet targets supervisory control and data acquisition (SCADA)
systems and is believed to be responsible for causing substantial damage
to the nuclear program of Iran.
 Stuxnet was a multi-part worm that traveled on USB sticks and spread
through Microsoft Windows computers.
 The virus searched each infected PC for signs of Siemens Step 7
software, which industrial computers serving as PLCs use for automating
and monitoring elector-mechanical equipment.
 Stuxnet has three modules: a worm that executes all routines related to
the main payload of the attack; a link file that automatically executes the
propagated copies of the worm; and a rootkit component responsible
for hiding all malicious files and processes, to prevent detection of
Stuxnet.
 It is typically introduced to the target environment via an infected USB
flash drive, thus crossing any air gap.

5. SPYWARE
Spyware is a type of malicious software -- or malware -- that is installed on
a computing device without the end user's knowledge. It invades the
device, steals sensitive information and internet usage data, and relays it
to advertisers, data firms or external users.
Example: CoolWebSearch
 CoolWebSearch (also known as CoolWWWSearch or abbreviated as
CWS) is a spyware or virus program that installs itself on Microsoft
Windows based computers.
  It first appeared in May 2003.
 CoolWebSearch has numerous capabilities when it is successfully
installed on a user's computer.
 The program can change an infected computer's web browser
homepage to 'coolwebsearch.com', and though originally thought to
only work on Internet Explorer, recent variants affect Mozilla Firefox as
well as Google Chrome, and others.
 Infected computers can create pop-up ads which redirect to other
websites, including pornography sites, collect private information about
users, and slow the connection speed.
 CoolWebSearch uses various techniques to evade detection and
removal, which many common spyware removal programs are unable to
properly remove the software

Conclusion :
Hence we have successfully identified 5 malwares.
 Bhaskor kumbher 680 22.
A peloiaq Autaenticsatoa 2 Access
ssto
utingRAgnUs and TACACSt

ADLWS
D+ is Renste Authonci eccton Dial- iete
Seicee.
i s two ng eratacal that/r0vi
atho.ni2aion
Ceutrali zed athord' caon,
ana9emtfa uJeA1
auauti CAAA)
a netwek senvie
Cannet
RADTUs a J develaPRL by himgsttr easePUY
1991 a an e Sewer autetttdtto
aul c o i g pete ca
RADTs Uas ariginaly uRyoexteut
toeotu-
authek attin tron lyer-2-RE
and-user a d
Potocol CPPP) e d e Le
Jetuoe acex e n e N ue eady
a u t t a t c a k o foo NAs t t AAA seaye
Pertomng autthantt caiay
PADTUS
use Swity
Aaiud&eve

se
Sw

se =
Swrt
TAC AcSt
Teounel aced Contoalle
s ace
CGnctaal ygtem (TACACSL)
uh is
D Pz petony Pretocol
Csco
ien
e fec ommunlCater ot Cisco
Csco ACS Sever u e TCR P f no-

9 i masaJ i-eltauk
t S a P r a t ool ge otAsed K_
TACAC

has sce Coaed ttuis ne{ k aProteol

datdIneastu
a JeleRA a au opOm

990s davico Qdinistrth.

TACA C+_ malnjy e l for
is PoesiLle to ute it kac SEm
tyAd
AA A,
AA
FACACcs +
ba alauty to 8 p a m e R
athon2ako accatiny
b h e u n catou,
a y S e e r a A
&inbeAelewA Anat'

Peutew
(TACACS+ Ptwel
Cuey
Romoke

ACACSS+
Rre
 PADTUJs TACACS
p e n andarA Cisce_P2ep aetuony
Protocsl_
)T er UD P i) Twes Tcf
+ u n sni kidu Potet
P a t o col

iti)D+ ws UDPP
nuuub | 812 fo Po n u l s a ¢9.

atho 2 'e n
S?for eis-
IV) Used kor devia
Vsed o ntuo
Quheticetiey

v)Nemltirootocal m iRbtoe euPA

Supp