Part I:

1. Select five (5) malware from the following: Spyware, Adware, Rootkit,Ransomeware,
Worm, Trojan Horse, or Backdoor

o Spyware
o Adware
o Ransomware
o Worm
o Trojan Horse

2. Search two (2) examples for each of the five malware you have selected. Add ashort description for
each. Cite your reference. (5 points per example)

SPYWARE
a. Infostealers
o As the name suggests, infostealers are programs that have the ability to scaninfected computers and
steal a variety of personal information. This informationcan include browsing histories, usernames,
passwords, email addresses, personaldocuments, as well as media files. Depending on the program,
infostealers storethe data they collect either on a remote server or locally for later retrieval.

In most cases, infostealers exploit browser-related security deficiencies to collect your private data.
They sometimes also use the so-called injection scripts to add extra fields to web forms. When you
type in the requested information and hit “Submit”, instead of going to the website owner, the
information will go directly to the hacker, who can then potentially use it toimpersonate you on the
internet. (softwarelab.org/what-is-spyware/)

b. Password stealers
o Password stealers are very similar to infostealers, the only difference beingthat they are specially
designed to steal login credentials from infected devices. First detected in 2012, these pieces of
spyware don’t steal your passwords as you type them. Instead, they attach themselves to the
browser to extract all your saved usernames and passwords. In addition, they can also record your
system login credentials.

Most password stealers are routinely removed by reliable security software, butsome types still
manage to avoid detection by changing their file hashes beforeeach attack. As with infostealers, the
creators of password stealers can choosewhether they want to store the collected data on a
remote server or in a hiddenfile on your hard drive. (softwarelab.org/what-is-spyware/)

ADWARE
a.Gator
o Another now-inactive adware program, Gator pioneered the concept of behavioralmarketing to
much controversy. Bundled with popular free software like Kazaa andGo!Zilla, Gator would remove
advertising from websites and replace it with its own ads. This meant that if the visitors of a
website clicked on an ad, all theprofits would go directly to Gator instead of the content creator.

However, Gator was most notorious for its policy of recording people’s completebrowsing histories
and even parts of their credit card numbers. They would thenuse this information to serve them
with better targeted ads. Although this practice is common nowadays, it was unheard of at the
turn of the century. (https://softwarelab.org/what-is-adware/)

b. DeskAd
o DeskAd is another common adware program that shows deceptive ads within yourinternet
browser, redirects your traffic to suspicious websites, and displayspop-up ads. Unlike other
similar programs, DeskAd starts off very discreetly only to gradually take full control of your
browser. That is why it often goes
unnoticed until the problem becomes so serious that only an operating systemreinstall can solve it.

Most often distributed via email attachments, DeskAd overrides the computer’s registry so that it can be
launched on startup. It also replicates itself, whichcan take a toll on the memory as well as the processor
and cause a crash. If itinfects a network of computers, the effects could be devastating.
(https://softwarelab.org/what-is-adware/)

RANSOMWARE
a. Locky
o Locky is a type of ransomware that was first released in a 2016 attack by anorganized group of
hackers.
With the ability to encrypt over 160 file types, Locky spreads by tricking victims to install it via fake
emails with infected attachments. This method oftransmission is called phishing, a form of social
engineering.
Locky targets a range of file types that are often used by designers,developers, engineers, and
testers. (https://www.kaspersky.com/resource-center/threats/ransomware-examples)

b. Bad Rabbit
o Bad Rabbit is a 2017 ransomware attack that spread using a method called a ‘drive-by’ attack,
where insecure websites are targeted and used to carry out anattack.
During a drive-by ransomware attack, a user visits a legitimate website, notknowing that they have
been compromised by a hacker.
Drive-by attacks often require no action from the victim, beyond browsing to thecompromised
page. However, in this case, they are infected when they click to install something that is actually
malware in disguise. This element is known asa malware dropper.
Bad Rabbit used a fake request to install Adobe Flash as a malware dropper tospread its infection.
(https://www.kaspersky.com/resource-center/threats/ransomware-examples)

WORM
a.E-mail worms
o Email worms are most often distributed via compromised email attachments. Theyusually have
double extensions (for example, .mp4.exe or .avi.exe) so that the recipient would think that they are
media files and not malicious computer programs. When the victims click on the attachment, copies
of the same infectedfile will automatically be sent to addresses from their contacts list.

An email message doesn’t have to contain a downloadable attachment to distributea computer

worm. Instead, the body of the message might contain a link that’s shortened so that the recipient
can’t tell what it’s about without clicking on it. When they click on the link, they will be taken to an
infected website thatwill automatically start downloading malicious software to their computer.
(https://softwarelab.org/what-is-a-computer-worm/)

b. IRC worms
o Internet Relay Chat (IRC) is a messaging app that is mostly outdated nowadaysbut was all the rage
at the turn of the century. Same as with today’s instant messaging platforms, computer worms
were distributed via messages containing links and attachments. The latter was less effective due
to an extra layer of protection that prompted users to accept incoming files before any transfer
could take place. (https://softwarelab.org/what-is-a-computer-worm/)

TROJAN HORSE
a. Trojan-Dropper
o This is used to install Trojans and other viruses into the computer. This canalso conceal detection of
malicious programs. If you're using a weak or outdatedantivirus, some of them can't scan all of the
components inside this type of Trojan horse virus. (https://enterprise.comodo.com/what-is-the-
trojan-horse-virus.php)

b. Trojan-DDoS
o This Trojan horse virus can start up the Denial of Service (DoS) attacks. Notonly it can affect
endpoints, but also websites. By sending multiple requests –from your computer and several
other infected computers – the attack can overload the target address which leads to a denial of
service. (https://enterprise.comodo.com/what-is-the-trojan-horse-virus.php)

Part II.

A. What is WannaCry ransomware, how does it infect, and who was responsible?

B. Josh Fruhlinger

C. 30 AUGUST 2018

D. https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how-does-it-infect-
and-who-was-responsible.html

E. Yes, it is possible to prevent this malware attack. The best defense is to have a great offense when it
comes to preventing ransomware attacks. Your offense can start with your social media accounts. Make
sure your profiles are private and only share them with people you actually know. Another thing is don't
open emails from people you don't know without scanning them first for malware. Gmail has a built-in
malware scanner that will warn you before you opena suspicious email. Lastly, WannaCry used
vulnerabilities in computers that hadn't updated their Windows operating system. New updates are
regularly released to shore up holes that hackers may use to attack a computer system. Youneed to ensure
your computer is updating as soon as these patches are released.

F. WannaCry is a ransomware worm that spread rapidly through across a number ofcomputer networks
in May of 2017. After infecting a Windows computers, it encrypts files on the PC's hard drive, making
them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.

A number of factors made the initial spread of WannaCry particularly noteworthy:it struck a number of
important and high-profile systems, including many in Britain's National Health Service; it exploited a
Windows vulnerability that wassuspected to have been first discovered by the United States National
Security Agency; and it was tentatively linked by Symantec and other security researchersto the Lazarus
Group, a cybercrime organization that may be connected to the North Korean government.

G. On Friday 12th May 2017, the NHS (National Health Service), was brought to astandstill for several
days due to the WannaCry outbreak, affecting hospitals and GP surgeries across England and Scotland.
Although the NHS was not specifically targeted, the global cyber-attack highlighted security vulnerabilities
and resulted in the cancellation of thousands of appointments and operations, together with the frantic
relocation of emergency patients fromstricken emergency centres. Staff were also forced to revert to pen
and paper and use their own mobiles after the attack affected key systems, including telephones.

NHS England reported at least 80 out of the 236 trusts were affected in additionto 603 primary care and
other NHS organisations, including 595 GP practices.
The Department, NHS England and the National Crime Agency reported that no NHSorganisation paid the
ransom, but the Department does not know how much disruption to services cost the NHS although
estimates total £92m.