PROBLEM 02:

INFECTED!
Zhen Wei
Hamzah
Jerolyn
Siti
Jun Hao
• ROBOT + NETWORK = BOTNET
BOTNET
• Distribute malicious software that can turn your computer into a
bot

• Use bots to infect large numbers of computers

• These computers form a network, or a botnet

• Uses botnets to send out spam email messages, spread viruses,

attack computers

• Bots communicate with botnet servers, allowing update of

existing malware, insert new malware, or instruct the infected
computer to carry out specific tasks

• Attacker will have as much authority as the computer user

Solution for BOTNET
• Install anti-virus
• Anti-spyware
• Anti-adware
• Spyware protection
• Install firewall
• Cleaning up files - CCleaner
Prevention for BOTNET
• Attackers can enlist your computer in a
botnet by:

• Avoid clicking on links that you click in

email or instant messages (IM), or on a
social network

• Scaring you into clicking a button or link

they supply with fake warnings that your
computer has a virus
How to tell if your computer is infected with malware?

• Slow, crashes or stops responding frequently

• These problems might be signs that your

computer has been infected.

• Same problems might also point to hardware or

software issues that have nothing to do with
malware
Prevention for Malware
• Install antivirus and antispyware
programs from a trusted source

• Keep all software up to date

• Use strong passwords and keep

them secret

• Never turn off your firewall

• Use flash drives cautiously

Link 16
http://
antivirus.about.com/od/virusdescriptions/p/zeusbotnet.htm

Zeus / Zbot (Trojans/Botnet):

• Zeus/ZeuS are often referred to as Zbot, are an entire

family of Trojans and botnet

• A type of crime ware bot that usually engaged in data

theft

• Range from large scale data thievery in bank,

government organization and etc to phishing individual
Link: 17
http://www.securelist.com/en/descriptions/17485338/Trojan-
Downloader.VBS.Agent.aby
Downloader.VBS.Agent.aby(Trojan)

• Once launched, the Trojan downloads files from the

following URL addresses:
http://adminlz***600.org/img/
T1gANoXmXwXXcGRBI1_1001.gif
• At the time of writing, these links were inactive. It saves
downloaded files under the following names, respectively:
c:\windows\Resources\1001.exe
• The Trojan then launched downloaded files for execution
and in a hidden mode launches Internet Explorer where it
opens the following link:
http://adminlz***600.org/img/gg.htm?vbs31
Link: 18
http://www.f-secure.com/v-descs/
backdoor_osx_devilrobber_a.shtml

OSX/DevilRobber (Backdoor):
• A silently installed applications related
to Bitcoin-mining

• Harvest data from the infected machine

and listen for additional commands from
a remote user.
Link 19
http://
home.mcafee.com/VirusInfo/VirusProfile.aspx?key=1
509581

VirusProfile:Skintrim.gen.f!88147B8A80D7 (Trojan):
• Spread manually, often under the premise that
they are beneficial or wanted

• Most common installation methods involve system

or security exploitation, and unsuspecting users
manually executing unknown programs
Link 20
http://about-threats.trendmicro.com/us/malware/
TROJ_SCRIPBRID.A
TROJ_SCRIPBRID.A (trojan)
• Spammed via email.
• Arrives as an attachment to email message
spammed by malware.
• Overall risk rating is low and damage potential is
high.
• Non-destructive and it's platform is windows
2000 and windows server 2003.
• Minimum scan engine needed is 9.200.
Email 03
• Younger brother download Movie from
internet
• Adult Advertisement start showing up when
using internet
• Got  embarrassed when boss or colleague see
them when walk pass
• Younger brother use free software and found
wyyo or yoyo (malware)
• Request help from IT Helpdesk
• Reported by Jasmine (victim embarrassed by
the ad)
Email 03
Possible infection: wyyo
wyyo is an adware and display several misleading advert and will slows
down pc performance. It will make it vulnerable to remote attack.

Solution:
• Download free anti malware programs. E.G (Malwarebytes)
• Run the software
• Identify the adware
• It will prompt user to remove the adware accordingly

Prevention:
• Be selective about what you download to your computer
• Read licensing agreements
• Watch out for anti-spyware scams
• Beware of clickable advertisements
Problem: Email 08
• One of shared folders named “Customer
Information” was maliciously deleted
• Major inconvenience caused
• Missing folder’s and files that contains client’s data
was manually restored
• No other departments have access to this folder
• One engineer that was terminated 1 month ago was
the suspect of the problem
• Logical explanation needed as they want to pursue
legal action against the suspect
• Reported By an angry Sales Director, Timothy Wood
Email 08
Possible Infection: Logic Bomb

A type of malware that is triggered by a response to an event, such as launching an

application or when a specific date/time is reached.

Ways to use:
Embed code within a fake application, or Trojan horse
will be executed whenever you launch the fraudulent software.

Solution:
• Install malware removal tool to remove all possible malware threats in the computer

Prevention:
• Create a trigger in database so that any amendment to the system can be track and
remove on time if proven dangerous.
• Limit the staff from downloading or inserting new software/code into system without
authorization from higher up.
• Installed a anti-virus and anti-malware so that it can detect and remove virus/malware
before it can cause harm to the system.
References
• http://www.microsoft.com/security/pc-security/botnet.aspx
• http://us.norton.com/catch-spyware-before/article
• Problem 2 worksheet