What is Blackout?

Blackout in a computer system refers to a complete loss of power or a sudden

interruption of power supply to the system, resulting in the system shutting down or
becoming non-functional. This can occur due to various reasons, such as power
outages, hardware failures, software issues, or malicious attacks. Blackouts can lead
to a loss of data, system downtime, and disruption of services.

Cause of Blackout:

1. Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks: These

attacks overwhelm the targeted system or network with a flood of incoming traffic,
causing it to become overloaded and unable to respond to legitimate requests.
2. Malware or ransomware attacks: These types of attacks involve infecting a
system with malicious software that may disrupt its normal functioning, resulting in a
blackout.
3. Natural disasters or physical damage: Events like earthquakes, floods, fires, or
other physical damage to data centers or infrastructure can lead to power outages and
network failures, resulting in blackouts.
4. Hardware or software failures: Technical glitches, hardware malfunctions, or
software bugs can also cause system or network blackouts.

Blackouts can have serious consequences, including loss of data, financial losses,
interrupted services, and damage to a company's reputation. Organizations typically
implement various preventive measures, such as firewalls, antivirus software,
intrusion detection systems, redundancy plans, and disaster recovery procedures, to
minimize the risk of blackouts and mitigate their impact if they occur.

Controlling methods:
1. Implement robust cyber security measures: Enhance your network and system
security by utilizing firewalls, intrusion detection systems, antivirus software, and
regular security updates. This can help protect against cyber attacks that may cause
blackouts.
2. Distributed network architecture: Design your network in a way that distributes
resources across multiple locations or servers. This helps to prevent a single point of
failure and reduces the impact of a blackout.
3. Backup and redundancy: Regularly backup critical data and systems, and
maintain redundant systems or backup power sources. This ensures that if one system
fails or experiences a blackout, the backup can take over and keep essential services
running.
4. Uninterruptible Power Supply (UPS): Implement UPS systems that can provide
temporary power during a blackout or power failure. This allows time for systems to
be properly shut down or transitioned to backup power sources.
5. Conduct regular testing and maintenance: Regularly test and maintain your
systems, networks, and backup power sources to ensure they are functioning properly.
Identify and fix any vulnerabilities or weaknesses that could lead to blackouts.

6. Stay updated with security practices: Stay informed about the latest security
threats, best practices, and industry standards. Regularly review and update your
security policies and practices to stay ahead of new and emerging threats.
 Dilla
University
College of Engineering and Technology
School of Computing and Informatics
Department of Computer Science

Computer Security Assignment

Submitted by:

SALADIN HASEN ID Number:5119/20

ODA NEGERO ID
Number:9015/20
 What Is Buffer
Overflow?
Buffer overflow is a software coding error or vulnerability that can be exploited by hackers to gain
unauthorized access to corporate systems. It is one of the best-known software security vulnerabilities yet
remains fairly common. This is partly because buffer overflows can occur in various ways and the
techniques used to prevent them are often error-prone.

The software error focuses on buffers, which are sequential sections of computing memory that hold data
temporarily as it is transferred between locations. Also known as a buffer overrun, buffer overflow occurs
when the amount of data in the buffer exceeds its storage capacity. That extra data overflows into
adjacent memory locations and corrupts or overwrites the data in those locations

What Is a Buffer Overflow Attack?

A buffer overflow attack takes place when an attacker manipulates the coding error to carry out malicious
actions and compromise the affected system. The attacker alters the application’s execution path and
overwrites elements of its memory, which amends the program’s execution path to damage existing files
or expose data.

A buffer overflow attack typically involves violating programming languages and overwriting the bounds
of the buffers they exist on. Most buffer overflows are caused by the combination of manipulating
memory and mistaken assumptions around the composition or size of data.

A buffer overflow vulnerability will typically occur when code:

1. Is reliant on external data to control its behavior

2. Is dependent on data properties that are enforced beyond its immediate scope
3. Is so complex that programmers are not able to predict its behavior accurately

Types of Buffer Overflow Attacks

The three main types of buffer
overflow attacks are as follows:
1 Stack-based attack
A stack-based buffer overflow happens when a program writes more data to a stack-based buffer than
the buffer can accommodate. This almost always destroys neighboring stack data and is the most
prevalent form of buffer overflow exploit. This occurs due to the finite capacity of a stack.
 2 Heap-based attack
A heap-based buffer overflow occurs when a significant amount of additional memory is allocated to a
buffer that will be overwritten. This extra space is referred to as accumulation. Exploitation involves the
destruction of stored data. The damage occurs in a manner that causes the application’s internal
structures to be overwritten. This form of attack specifically targets heap data.

3 Integer-based attack
In various programming languages, integers have a set amount of bits in memory. An integer overflow
attack is caused by an arithmetic overflow error, which occurs when the outcomes of an integer function
cannot be found in the allocated memory area.

Buffer Overflow Exploits

The buffer overflow exploit techniques a hacker uses depends on the architecture and operating system
being used by their target. However, the extra data they issue to a program will likely contain malicious
code that enables the attacker to trigger additional actions and send new instructions to the application.

For example, introducing additional code into a program could send it new instructions that give the
attacker access to the organization’s IT systems. In the event that an attacker knows a program’s memory
layout, they may be able to intentionally input data that cannot be stored by the buffer. This will enable
them to overwrite memory locations that store executable code and replace it with malicious code that
allows them to take control of the program.

Attackers use a buffer overflow to corrupt a web application’s execution stack, execute arbitrary code, and
take over a machine. Flaws in buffer overflows can exist in both application servers and web servers,
especially web applications that use libraries like graphics libraries. Buffer overflows can also exist in
custom web application codes. This is more likely because they are given less scrutiny by security teams
but are less likely to be discovered by hackers and more difficult to exploit.

Buffer Overflow Consequences

Common consequences of a buffer overflow attack include the following:

1. System crashes: A buffer overflow attack will typically lead to the system crashing. It may also
result in a lack of availability and programs being put into an infinite loop.
2. Access control loss: A buffer overflow attack will often involve the use of arbitrary code, which is
often outside the scope of programs’ security policies.
3. Further security issues: When a buffer overflow attack results in arbitrary code execution, the
attacker may use it to exploit other vulnerabilities and subvert other security services.
 How to Prevent
Buffer Overflows
Application developers can prevent buffer overflows by building security measures into their development
code, using programming languages that include built-in protection, and regularly testing code to detect
and fix errors.

Modern operating systems now deploy runtime protection that enables additional security against buffer
overflows. This includes common protection like:

1. Use a language that does not allow buffer overflows, such as Java or Python.

2. Use input validation and sanitization to ensure that user-supplied data does not exceed the
allocated memory space for a buffer.

3. Use secure coding practices, such as checking the bounds of arrays, to prevent overflows.

4. Use security tools like firewalls and intrusion detection systems to monitor for and prevent buffer
overflow attacks.

5. Keep systems and software up-to-date with the latest security patches and updates to prevent
exploitation of known vulnerabilities

Note: How does a buffer overflow attack work?

A buffer overflow attack works when an attacker manipulates coding errors to overwrite computing
memory. They can then carry out malicious actions like stealing data and compromising systems.

Why is buffer overflow a vulnerability?

Buffer overflow is a vulnerability because it overflows memory storage capacity, which overwrites memory
data.
 Dilla University College of Engineering and
Technology School of Computing and Informatics
Department of Computer Science
Computer Security
DDoS ATTACK
Tomas Teshale RNS-2941/20
 DDoS (Distributed Denial of Service) Attack
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the regular
functioning of a network, service, or website by overwhelming it with a flood of internet traffic.
Multiple compromised devices, known as a botnet, are used in a coordinated effort to send a
massive volume of requests or data packets to the target system. This renders the target
system unable to respond to legitimate user requests.

The objective of a DDoS attack is to exhaust the target's network resources, such as bandwidth,
processing power, or memory, resulting in a disruption of its normal operation. This can cause
the target system to become slow, unresponsive, or completely unavailable to legitimate users.

DDoS attacks can be launched using various techniques, including:

Volume-based attacks: These attacks aim to overwhelm the target's network infrastructure by
flooding it with a high volume of traffic. Examples include UDP floods, ICMP floods, and DNS
amplification attacks.

TCP-based attacks: These attacks exploit vulnerabilities in the TCP protocol to exhaust system
resources. Examples include SYN floods, ACK floods, and TCP connection attacks.

Application layer attacks: These attacks target the application layer of the target system, aiming
to exhaust its resources or exploit vulnerabilities in specific applications. Examples include HTTP
floods, Slowloris attacks, and application-specific attacks.

DDoS attacks can be initiated by individuals, criminal organizations, or even state-sponsored

actors. The motivations behind DDoS attacks can vary. They may be carried out for financial
gain, as a form of protest or activism, to disrupt competitors, or simply to cause chaos and
damage.

To mitigate the impact of DDoS attacks, organizations employ various defense mechanisms,
such as traffic filtering, rate limiting, load balancing, and the use of specialized DDoS mitigation
services.

The main difference between a DDoS attack and a DoS (Denial of Service) attack lies in the
number of attacking sources involved. A DoS attack overwhelms a target system or network
with excessive traffic or requests from a single source or a small group of sources. On the other
hand, a DDoS attack utilizes a coordinated effort using multiple compromised devices, forming a
botnet, to launch the attack. This makes it more powerful and harder to defend against.
HTTP tunnel exploit
An HTTP tunnel exploit refers to a technique where an attacker uses HTTP (Hypertext Transfer
Protocol) to establish a covert communication channel or bypass network security measures.
HTTP tunneling is a method that allows the encapsulation of non-HTTP traffic within HTTP
packets. It is commonly used to bypass network restrictions or firewall rules that may block
certain protocols or traffic types. However, attackers can also exploit HTTP tunneling for
malicious purposes.
In an HTTP tunnel exploit, the attacker typically follows these steps:
1. Tunnel Creation: The attacker sets up an HTTP tunnel between their system and the
target network. This can be achieved by leveraging specific tunneling protocols or
manipulating existing HTTP traffic to create a hidden channel.
2. Data Encapsulation: The attacker encapsulates unauthorized or malicious data within
the HTTP tunnel. This can include traffic from other protocols like FTP, SSH, or even
custom protocols that are not typically allowed through network security controls.
3. Evasion of Detection: The encapsulated data is disguised to appear as legitimate HTTP
traffic. The attacker may use techniques such as payload encryption, encoding, or
obfuscation to avoid detection by network security devices.
4. Unauthorized Activities: Once the tunnel is established and the malicious traffic is
encapsulated, the attacker can carry out various unauthorized activities. This can include
data exfiltration, command and control communication for malware, bypassing network
restrictions, or gaining unauthorized access to systems.
HTTP tunnel exploits can pose significant security risks, including data breaches, unauthorized
access, malware distribution, evasion of security controls, or facilitating attacks like information
theft or denial-of-service.
To mitigate the risks associated with HTTP tunnel exploits, organizations should implement
security measures such as network monitoring, intrusion detection/prevention systems, traffic
analysis, and the use of security devices capable of inspecting and identifying anomalies in
HTTP traffic. Regular security assessments, patch management, and secure coding practices are
also important to prevent and detect these types of exploits.
 LOGIC BOMB
A logic bomb refers to a type of malicious code or program that is designed to
execute a certain action when specific conditions are met. It is essentially a time
based or event-based trigger that causes the code to behave maliciously.
A logic bomb is usually inserted into a system or software by a person with
malicious intent, often an insider. Unlike viruses or worms, logic bombs are not
designed to spread themselves. Instead, they are intentionally hidden within
legitimate programs or software and remain dormant until the predefined
conditions are met.
Once the conditions are satisfied, the logic bomb may perform various harmful
actions, such as deleting files, altering data, or disrupting system operations.
These actions can have severe consequences, including data loss, system crashes,
or unauthorized access to sensitive information.
EX 1 A logic bomb is a programmer who embeds code within a system that will
trigger a harmful action on a specific date or when the programmer is no longer
employed.
Overall, logic bombs pose a significant threat to computer security and can have
severe consequences if triggered. Therefore, it is crucial to maintain a proactive
and robust security posture to prevent and detect such malicious code
The History of a logic bomb derives from the broader field of computer
programming and has a history spanning several decades. While the term "logic
bomb" was officially coined in the 1970s, the notion of code with malicious intent
reaches back further.
The rapid development and adoption of computer systems in the 1960s and 1970s
brought about an increased concern for data security. This led to the emergence
of individuals who sought to exploit vulnerabilities for personal gain, revenge, or
simple to prove their technical
One of the earliest known instances resembling a logic bomb occurred in 1969. As
part of the ARPANET project (a precursor to the internet), a researcher named
William W. Haven in advertently programmed a self-replicating and self-modifying
code segment. Although unintended, this incident demonstrated the potential
impact that malicious code could have on a system.
The term "logic bomb" was officially introduced in the early 1970s. The phrase
referred to a piece of code with a hidden, time-based trigger that would perform a
destructive action when a specific condition was met. These conditions could
include a predetermined date, a particular user action, or any other event
programmed into the logic bomb.
Throughout the 1980s and 1990s, several well-known incidents involving logic
bombs received significant attention. For example, as mentioned earlier,
programmer Richard Vickery planted a logic bomb in 1982 that triggered on his
birthday, causing data loss and system disruptions at Fidelity Investments.
Malware Attack

Any malicious software intended to harm or exploit any programmable device, service, or
network is referred to as malware. Cybercriminals typically use it to extract data they can use
against victims to their advantage in order to profit financially.

In simple words, malware is short for malicious software and refers to any software that is
designed to cause harm to computer systems, networks, or users. Malware is a program designed
to gain access to computer systems, generally for the benefit of some third party, without the
user’s permission..

Types of Malware

Viruses – A Virus is a malicious executable code attached to another executable file. The virus
spreads when an infected file is passed from system to system. Viruses can be harmless or they
can modify or delete data.

Worms – Worms replicate themselves on the system, attaching themselves to different files and
looking for pathways between computers, such as computer network that shares common file
storage areas. Worms usually slow down networks. A virus needs a host program to run but
worms can run by themselves. After a worm affects a host, it is able to spread very quickly over
the network.

Trojan horse – A Trojan horse is malware that carries out malicious operations under the
appearance of a desired operation such as playing an online game. A Trojan horse varies from a
virus because the Trojan binds itself to non-executable files, such as image files, and audio files.

Ransom ware – Ransom ware grasps a computer system or the data it contains until the victim
makes a payment. Ransom ware encrypts data in the computer with a key that is unknown to the
user. The user has to pay a ransom (price) to the criminals to retrieve data. Once the amount is
paid the victim can resume using his/her system

Spyware – Its purpose is to steal private information from a computer system for a third party.
Spyware collects information and sends it to the hacker.

How to Know If Our Devices Are Infected With Malware?

1. Performing poorly on the computer by execution.

2. Having trouble starting or shutting down your computer.

How to Protect From Malware?

1. Emails requesting personal information should be avoided.

2. Update your operating system and software.
3. Be cautious when using the internet.
 1. Meryem Mohammad……………2595/20
2. Tekileab Tegegn…………………8752/20

Scams and Phishing

Phishing scams trick victims by using social engineering to create a sense of
urgency. Once the victim opens a phishing email or text message and clicks the
malicious link, they are taken to a fake website that matches the legitimate site.
Phishing is a cyber-attack that gathers sensitive information like login credentials,
credit card numbers, personal information, bank account numbers by masquerading
as a legitimate website or email.
Types of Scams and Phishing:
Spear Phishing:
 Spear Phishing: A targeted form of phishing where scammers personalize
their messages to appear more legitimate. They may use specific information
about you or your organization to gain your trust.
Smishing and Vishing:
 Smishing: Phishing attacks conducted through SMS or text messages.
 Vishing: Phishing attacks conducted through voice calls.
Link Manipulation
 Link manipulation is a form of phishing that attempts to make a malicious
link look like it belongs to the spoofed organization.
Protecting Yourself:
 Be cautious with personal information: Avoid sharing sensitive information
unless you are certain of the recipient's legitimacy and the purpose of the
request.
 Verify the source: Contact the organization directly using official contact
information to confirm the authenticity of any request or communication.
 Use strong, unique passwords: Create strong passwords and avoid reusing
them across multiple accounts.
History of viruses
Though they had yet to be named, computer viruses were first conceptualized by Hungarian
mathematician John von Neumann, who designed a self-replicating computer program that some consider
to be the precursor to computer viruses, even if it was never developed or deployed in the way computer
viruses eventually would be.
What Are Computer Viruses?
Computer virus is a type of malicious software, or malware, that spreads between computers and causes
damage to data and software
Computer viruses aim to disrupt systems, cause major operational issues, and result in data loss and
leakage. A key thing to know about computer viruses is that they are designed to spread across programs
and systems, such as email attachments, infected software downloads, malicious websites, or
compromised external devices like USB drives. Once a computer is infected, the virus can perform a
variety of actions, depending on its programming. Some of these are: - Replication, Damage or
destruction, Unauthorized access, Information theft
There are various types of computer viruses that have been developed over the years some of these
are: -
File Infector Viruses: These viruses infect executable files, such as .exe or .com files, by attaching
themselves to the host file.
Boot Sector Viruses: These viruses infect the boot sector of a computer's hard drive or floppy disk.
Stealth Viruses: Stealth viruses are designed to hide themselves and their activities from antivirus
software and other security measures.
Spyware: Spyware is designed to secretly gather information about a user's activities.
Historical damages of viruses
1. Mydoom – $38 billion The worst computer virus outbreak in history, Mydoom caused estimated
damage of $38 billion in 2004.The exact origin of Mydoom remains unknown, but it is believed to have
originated in Russia. The virus Created by individual or group responsible for creating Mydoom has not
been definitively determined.
2. ILOVEYOU – $15 billion The year 2000’s ILOVEYOU virus worked by sending a bogus “love letter”
that looked like a harmless text file. The exact origin of the ILOVEYOU virus is believed to have
originated in the Philippines. The virus was created by a college student in the Philippines named Onel de
Guzman.
3.The WannaCry ransomware attack in May 2017 caused significant financial losses and operational
disruptions globally. The Cyber Risk Management project estimated the total economic loss to be
between $4 billion and $8 billion globally.
To protect your computer from viruses, it's important to follow some best practices:
Install antivirus software, keep your operating system and software updated, Exercise caution with email
attachments and downloads, Use strong and unique passwords and regularly back up your data.
 Teardrop

What is teardrop?

In computer security, a "teardrop" refers to a type of Denial-of-Service (DoS) attack. This attack
involves sending fragmented packets to a target system or network, with manipulated packet
information that causes the target's operating system to incorrectly reassemble the packets. This
can lead to system crashes or freezes, resulting in denial of service to legitimate users.

How to teardrop attacks work?

a teardrop attack, the client sends an intentionally fragmented information packet to a target
device. Since the packets overlap, an error occurs when the device tries to reassemble the packet.
The attack takes advantage of that error to cause a fatal crash in the operating system or
application that handles the packet.

How to control teardrop attacks

 Keep your operating system and software up to date

 Use a reliable firewall
 Deploy an antivirus/anti-malware solution
 Educate users about safe computing practices

History of teardrop attacks

The teardrop attack is a type of denial-of-service (DoS) attack that exploits a vulnerability in the
way certain operating systems handle fragmented internet control message protocol (ICMP)
packets. The attack was first discovered and documented in 1997 by a researcher named Rain
Forest Puppy.
In a teardrop attack, the attacker sends a series of fragmented ICMP packets with overlapping
payloads to the target system. When the target system attempts to reassemble these packets, it
encounters a programming error that causes it to crash or become unresponsive. This can result
in a denial of service for legitimate users trying to access the targeted system or network.
The teardrop attack was particularly effective against older versions of the Windows operating
system, as well as some versions of the Linux kernel.
Scams and Phishing
Scams and Phishing
‣ Using social engineering to create a sense of urgency.
‣ cyber-attack that gathers sensitive information like login credentials, credit
card numbers, personal information, bank account numbers by masquerading
as a legitimate website or email.
‣ Once the victim opens a phishing email or text message and clicks the
malicious link, they are taken to a fake website that matches the legitimate
site.
Types of scams
Advance Fee Fraud: approach as a online make money.
Tech Support Scams: send virus as a antivirus.
Employment Scams: by offering fake job opportunity.
Phishing scam: close someone in any way to attack.
Types of Phishing:

1.Email phishing: attacker send deceptive emails that appear to be from a legitimate
source and typically contain links that lead to fake websites
designed to steal login credentials.

2. Spear Phishing: A targeted form of phishing where scammers personalize

their messages to appear more legitimate source.

3. Link Manipulation: is a form of phishing that attempts to

make a malicious link look like it belongs to the well known organization
Cont..

4. Smishing and Vishing:

‣ Smishing: Phishing attacks conducted through SMS.
‣ Vishing: Phishing attacks conducted through voice calls.

History on scam and phishing attack

‣ Phishing Started in the 1990s.

‣ AOL phishing attack in America.
‣ The Love Bug(ILOVEYOU) message of 2000.
 Here some vulnerability to attacked.

‣ Lack of Awareness and Education

‣ Trust and Authority
‣ Lack of Two-Factor Authentication (2FA)

How Protecting Yourself

‣ Be cautious with personal information

‣ Verify the source
‣ Use strong, unique passwords
‣ Avoid reusing passwords across multiple accounts.
 What Is a Denial-of-
Service (DoS) Attack?
A denial-of-service (DoS) attack is a cyberattack on devices, information systems, or other
network resources that prevents legitimate users from accessing expected services and resources.

This is usually accomplished by flooding the targeted host or network with traffic until the target
can't respond or crashes. DoS attacks can last from a few hours to many months, costing companies
and consumers time and money while their resources and services are unavailable .
 How Do DoS Attacks Work?
• A DoS attack is most commonly accomplished by flooding the
targeted host or network with illegitimate service requests. The
hallmark of these attacks is the use of a false IP address, which
prevents the server from authenticating the user. As the flood of bogus
requests are processed, the server is overwhelmed, which causes it to
slow and, at times, crash—at which point, access by legitimate users is
disrupted. In order for most DoS attacks to be successful, the
malicious actor must have more available bandwidth than the target.
 Types of DoS Attacks
• There are two main types of DoS attacks:

• Those that crash web-based services, called buffer overflows.

• Those that flood them, called flood attacks.
 cont’d...
• 1. Buffer Overflows buffer overflows is the most common form of DoS
attack. In this type of exploit, the adversary drives more traffic to a
network address than the system is capable of handling. This causes the
machine to consume all available buffers, or memory storage regions
that temporarily hold data while it is being transferred within the
network. A buffer overflow occurs when the volume of data exceeds all
available bandwidth, including disk space, memory, or CPU, resulting in
slow performance and system crashes.
• 2. Flood Attacks flood attacks occur when the system receives too
much traffic for the server to manage, causing them to slow and
possibly stop.
 How Can You Identify a DoS Attack?
• The signs of a DoS attack can be observed by any network user. Common
indicators include:

• Slow network performance for common tasks, such as downloading/uploading

files, logging into an account, accessing a website or streaming audio or video
content.
• Inability to access online resources, including websites or web-based accounts,
such as bank accounts, investment portfolios, education materials or health
records.
• An interruption or loss in connectivity of multiple devices on the same
network.
How can you reduce the risk of a DoS attack

• Establish consistent and comprehensive training for employees about how to

recognize common attack indicators and promote responsible online activity.
• Verify extortion attempts when adversaries threaten massive DoS attacks. A
cybersecurity partner could help the organization quickly investigate the
threat and gauge their ability to disrupt operations — potentially saving the
organization significant money in the event the threat is not credible.
• Conduct routine tabletop exercises and penetration testing to improve
prevention capabilities by identifying weaknesses in the network
architecture.
•Thank you!
 Trojan horse
 A Trojan horse is a type of malicious software that appears to
be legitimate but actually contains a hidden functionality
 Once installed, a Trojan horse can perform various malicious
activities such as
 spreading other malware
 stealing sensitive information
 providing unauthorized access to the attacker.
history of trojan horse
• The term Trojan horse stems from Greek mythology.
According to legend, the Greeks built a large wooden
horse that the people of Troy pulled into the city.
During the night, soldiers who had been hiding inside
the horse emerged, opened the city's gates to let
their fellow soldiers in and overran the city.
 Steps to prepare trojan

 Creation of trojan
 Dropper : way of transfering to another computer
 Wrapper : to bind into applications
 Crypter : used to detect antivirus
 How a Trojan horse works
Before a Trojan horse can infect a machine, the user must
download the server side of the malicious application.
The Trojan horse cannot manifest by itself. The executable
file must be implemented and the program must be installed
in order for the attack to be unleashed on the system.
 Types of Trojan horse
There are different types of trojan horses some of them are:-
 Backdoor Trojan: Gives attackers unauthorized access to the infected
system.
 Downloader Trojan: Downloads and installs other malware onto the
infected system.
 Remote Access Trojan (RAT): Allows remote control of the infected
system.
 Ransom Trojan: it will block access to things such as your documents on
the device until a ransom is paid to the attacker
 Banker Trojan: Designed to steal account data for credit and debit cards.
how to trojan got on our system ?

 free software
 file share
 USB flash
 Email Attachement
 How to Prevent Trojan Horse Attacks
only download apps and software from official sources such as:-
app store and play store
Never open an email attachment from an unknown source
Install a good antivirus
Use strong, unique passwords.
 How to know if you attack Trojan ?

 Strange pop-ups or messages

 Slow performance
 Unexpected system crashes
 Unauthorized access or control
 Disabled security software
 Unexpected or missing files
 Examples of Trojan Horse

Zeus
• It is estimated to have infected over 3.6 million computers in the
USA, including machines owned by NASA, Bank of America and the
US Department of Transportation.
ILOVEYOU
ILOVEYOU was a trojan released in 2000, which was used in the world’s
most damaging cyberattack, which caused $8.7 billion in global losses.
Stuxnet
• Stuxnet was a specialized Windows Trojan designed to attack
Industrial Control Systems (ICS). It was allegedly used to attack