Computer System Security

COS-413

Lecture Five
Eng. Mohamed Jaambiir
 Malware

 Short for malicious software.

 Is software used or created to disrupt computer operation, gather sensitive
information, or gain access to private computer systems.
 It can appear in the form of code, scripts, active content, and other software.
 Any malicious software intended to harm or exploit any programmable device,
service, or network is referred to as malware
 'Malware' is a general term used to refer to a variety of forms of hostile, intrusive, or
annoying software
 Usage of Malware

 Many early infectious programs, including the first Internet Worm, were written as
experiments or pranks.
 Today, malware is used primarily to steal sensitive personal, financial, or
business information for the benefit of others.
 Malware is sometimes used broadly against government or corporate websites to
gather guarded information, or to disrupt their operation in general.
 However, malware is often used against individuals to gain personal information
such as social security numbers, bank or credit card numbers, and so on.
Types of Malware
 1. Virus

 Virus is program or piece of code that is loaded onto your computer without your
knowledge and runs against your wishes.
 Viruses require human intervention to propagate. Viruses can also replicate
themselves.
 Viruses copy themselves to other disks to spread to other computers.
 Once users download the malicious code onto their devices; often delivered via
malicious advertisements or phishing emails; the virus spreads throughout their
systems. Viruses can modify computer functions and applications; copy, delete and
exfiltrate data; encrypt data to perform ransomware attacks; and carry out DDoS
attacks.
Types of viruses
 2. Worms

 A computer worm is a self-replicating computer program.

 This malware inserts itself in devices via security vulnerabilities or
malicious links or files.
 It uses a network to send copies of itself to other nodes (computers
on the network) and it may do so without any user intervention.
 It does not need to attach itself to an existing program.
Types of worms
 3. Trojan Horses

 A Trojan Horse program has the appearance of having a useful and

desired function.
 A Trojan Horse neither replicates nor copies itself, but causes damage or
compromises the security of the computer.
 A Trojan Horse must be sent by someone or carried by another program and may
arrive in the form of a joke program or software of some sort.
 These are often used to capture your logins and passwords.
Examples of Trojan Horse
 4. Spyware

 Spyware is a type of malware installed on computers that collects information

about users without their knowledge.
 The presence of spyware is typically hidden from the user and can be difficult to
detect.
 Spyware programs lurk on your computer to steal important information, like
your passwords and logins and other personal identification information and then
send it off to someone else.
Examples of Spyware
 5. Bots

 A bot is a self-replicating malware that spreads itself to other devices,

creating a network of bots, or a botnet.
 Once infected, devices perform automated tasks commanded by the
attacker.
 Botnets are often used in DDoS attacks.
 They can also conduct keylogging and send phishing emails.
Examples of bots
 6. Keyloggers

 A keylogger is surveillance malware that monitors keystroke patterns.

 Threat actors use keyloggers to obtain victims' usernames and passwords and other
sensitive data.
 Keyloggers can be hardware or software.
 Hardware keyloggers are manually installed into keyboards. After a victim uses the
keyboard, the attacker must physically retrieve the device.
 Software keyloggers, on the other hand, do not require physical access. They are
often downloaded by victims via malicious links or attachments. Software keyloggers
record keystrokes and upload the data to the attacker.
Examples of Keyloggers
 7. Adware

 Adware is software that displays or downloads unwanted

advertisements, typically in the form of banners or pop-ups.
 It collects web browser history and cookies to target users with specific
advertisements.
 Adware (short for advertising-supported software) is a type of
malware that automatically delivers advertisements.
Example of Adware
 8. Ransomware

 Ransomware locks or encrypts files or devices and forces victims to pay a ransom
in exchange for re-entry.
 Ransomware is a form of malware that essentially holds a computer system captive
while demanding a ransom.
 The malware restricts user access to the computer either by encrypting files on the
hard drive or locking down the system and displaying messages that are intended
to force the user to pay the malware creator to remove the restrictions and regain
access to their computer.
Example of Ransomware
 9. Rootkits

 A rootkit is malicious software that enables threat actors to remotely access

and control a device. Rootkits facilitate the spread of other types of
malware, including ransomware, viruses and keyloggers.
 Rootkits often go undetected, because once inside a device, they can
deactivate antimalware and antivirus software. Rootkits typically enter
devices and systems through phishing emails and malicious attachments.
Example of Rootkits
10. Spam

 Spam is email that you did not request and do not want.
 Spam is a common way to spread viruses, Trojans, and malware.
 Spammers often send messages or emails with links to install
malware onto your system.
Example of Spam
 Damages caused by malware
1. Data Loss
 Many viruses and Trojans will attempt to delete files or wipe hard drives when
activated, but even if you catch the infection early, you may have to delete infected
files.

2. Account Theft
 Many types of malware include Keylogger functions, designed to steal accounts and
passwords from their targets.
 This can give the malware author access to any of the user's online accounts,
including email servers from which the hacker can launch new attacks.
 Damages caused by malware

3.Botnets
 Many types of malware also subvert control over the user's computer, turning it into a
"bot" or "zombie."
 Hackers build networks of these commandeered computers, using their combined
processing power for tasks like cracking password files or sending out bulk emails.

4. Financial Losses
 If a hacker gains access to a credit card or bank account via a Keylogger, he can
then use that information to run up charges or drain the account.
 How To Know If Devices Are Infected With
Malware?
The following are the most typical indications that malware has compromised your
computer:
I. Increased CPU usage
II. Problems connecting to networks
III. When your web browser directs you to a website you didn’t intend to visit, this is
known as a browser redirect.
IV. Warnings about infections are frequently accompanied by offers to buy a product to
treat them.
V. Having trouble starting or shutting down your computer.
VI. Persistent pop-up ads.
How To Protect From Malware?

 Protect your devices.

 Update your operating system and software.
 Never click on a popup’s link.
 Don’t install too many apps on your devices.
 Be cautious when using the internet.
 Do not click on unidentified links.
 Choose the websites you visit wisely.
 Emails requesting personal information should be avoided.
 How to prevent from malware?

Anti-Malware Program
 Anti-Malware program is used to prevent, detect, and remove computer
viruses, worms, Trojan horses and any other type of malware.
Examples of Anti-Malware program:
1. Antivirus program
2. Anti-spyware program
3. Anti-spam program
4. Firewall
 1. Antivirus Program

 “Antivirus" is protective software designed to defend your computer

against malicious software.
 In order to be an effective defense, the antivirus software
needs to run in the background at all times, and should be kept
updated so it recognizes new versions of malicious software.
Examples of Antivirus Program

I. Norton Antivirus
II. AVG
III. Kaspersky
IV. Avast!
V. PC-Cilin
VI. McAffee
VII. Avira
 2. Anti-Spyware Program

 Anti-spyware program is a type of program designed to prevent and detect

unwanted spyware program installations and to remove those programs if
installed.
Examples of Anti-spyware program:
I. Spyware Doctor
II. AVG Anti-spyware
III. STOPzilla
IV. Spysweeper
 3. Anti-Spam Program

 Anti-spam is software that aims to detect and block potentially dangerous email
from user inboxes. Anti-spam protocols determine what is an unsolicited and
unwanted message (spam).
Examples of Anti-spam program:
I. SpamTitan
II. Leanmail
III. MailCleaner
IV. Mimecast
 4. Firewall

 A firewall is a network security device that monitors incoming and

outgoing network traffic and decides whether to allow or block
specific traffic based on a defined set of security rules.
 A Firewall is a barrier between two networks identifying and blocking
cyber threats while allowing appropriate traffic through.
The End