Scribd
Upload
2 views

Week-6 (2)

The document provides an overview of malicious software (malware), detailing its various types including viruses, worms, ransomware, Trojan horses, adware, spyware, and rootkits. It explains how these malicious programs operate, their potential impacts on systems, and methods of infection and removal. Additionally, it highlights notable examples of malware incidents and offers references for further reading.

Uploaded by

ABMAYALADANO ,Ervin
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Week-6 (2)

The document provides an overview of malicious software (malware), detailing its various types including viruses, worms, ransomware, Trojan horses, adware, spyware, and rootkits. It explains how these malicious programs operate, their potential impacts on systems, and methods of infection and removal. Additionally, it highlights notable examples of malware incidents and offers references for further reading.

Uploaded by

ABMAYALADANO ,Ervin
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 66

REVIEW

MALICIOUS
SOFTWARE
State your experience
where your
computer/device got
infected with a virus
and what did you do?
MALICIOUS
SOFTWARE
The term 'Malicious
Software' is the origin of
the word 'Malware,' and the
meaning remains the same.
MALICIOUS CODE
Malicious Software refers
to any malicious program
that causes harm to a
computer system or network.
Malicious Malware Software
attacks a computer or
network in the form of
viruses, worms, trojans,
spyware, adware or rootkits
MALICIOUS
SOFTWARE
ATTACK
An attacker inserts
malicious code into a
user's system to disrupt or
disable the operating
system or any other
application and destroy the
important information
stored.
TYPES OF
MALICIOUS
SOFTWARE
COMPUTER VIRUS
A computer virus is malicious software that
self-replicates and attaches itself to other
files/programs. It can execute secretly when the
host program/file is activated.
COMPUTER VIRUS (TWO TYPES)
• Non-resident Virus
• Resident Virus
NON-RESIDENT VIRUS
Non-resident viruses are any viruses that do not
live in the computer’s memory.

A non-resident virus is capable of infecting


executable files when programs are not running.
NON-RESIDENT VIRUS
After they reach the host,
they immediately start
searching for other hosts
that could be infected;
once found they infect
these targets and finally
transfer control to the
application program which
they infected.
RESIDENT VIRUS
A resident virus — or memory-resident virus —
works by latching itself onto the computer’s
memory, thus granting it the freedom to attack
any file or application on the device (including
the anti-virus software).
RESIDENT VIRUS

Resident viruses
can come from
corrupted drives or
disks, or from
suspicious links or
downloads.
WORMS
A computer worm is a
self-replicating computer
virus. It uses a network to
send copies of itself to other
nodes and do so without any
user intervention.
WORMS DO NOT
Delete system's files, modify
existing files, install Trojan
horses, record or transmit
decrypted passwords, capture
super user privileges.
I LOVE YOU VIRUS
COMMON NAME:
LOVE LETTER

TYPE: COMPUTER WORM

OPERATING SYSTEM:
MICROSOFT

AFFECTED: WINDOWS

WRITTEN IN:
VBSCRIPT
I LOVE YOU
VIRUS
I LOVE YOU VIRUS
ILOVEYOU, sometimes referred to as Love Letter, was
a computer worm that attacked tens of millions of
Windows personal computers on and after 6 May 2000
local time in the Philippines when it started
spreading as an email message with the subject line
"ILOVEYOU" and the attachment "LOVE-LETTER-FOR-
YOU.txt.vbs".
WHO WAS RESPONSIBLE FOR CREATING
AND DISTRIBUTING IT?
Young Filipino computer programmer named
Onel de Guzman
WORMS

Jerusalem, the first


known computer worm, was
discovered in 1987.
MORRIS WORM
was launched in 1988
by Robert Morris, an
American student who
wanted to discover
how big the internet
really was.
MORRIS WORM
To do this, he launched a few dozen lines of
code, but he didn’t know that the code was
riddled with bugs that would cause a variety of
problems on affected hosts.

The result was thousands of overloaded computers


running on UNIX and a financial damage ranging
between $10 million and $100 million.
STORM WORM
An email worm launched in 2007.

Victims would receive emails with a fake news


report about an unprecedented storm wave that had
already killed hundreds of people across Europe.
STORM WORM
More than 1.2 billion of these emails were sent
over the course of ten years in order to create
a botnet that would target popular websites.
Experts believe that there are still at least a
million infected computers whose owners don’t
know that they are part of a botnet.
SQL SLAMMER
unique, it didn’t utilize any of the traditional
distribution methods.
SQL SLAMMER
It generated many random IP addresses and sent
itself out to them, hoping they weren’t protected
by antivirus software.

Soon after it hit in 2003, over 75,000 infected


computers were unknowingly involved in DDoS
attacks on several major websites.
RANSOMWARE
Ransomware is a type of malware that locks and
encrypts a victim's data, files, devices or
systems, rendering them inaccessible and unusable
until the attacker receives a ransom payment.
TROJAN HORSES
a malicious program that
is designed as
authentic, real and
genuine software.
TROJAN HORSE PERCENTAGE
WHAT TROJANS CAN DO?
• Erase or overwrite data on a computer
• Spread other viruses or install a backdoor.
In this case the trojan horse is called a
'dropper.'
• Setting up networks of zombie computers to
launch DDoS attacks or send Spam.
WHAT TROJANS CAN DO?
• Logging keystrokes to steal information
such as passwords and credit card numbers
(known as a key logger)
• Phish for a bank or other account details,
which can be used for criminal activities.
• Or simply to destroy data
• Mail the password file.
HOW CAN YOU BE INFECTED?
• Websites: You can be infected by visiting a
rogue website.
• Instant message: Many get infected through
files sent through various messengers.
• E-mail: Attachments on e-mail messages may
contain Trojans. Trojan horses via SMTP.
HOW CAN YOU BE INFECTED?
• The Trojan horse is typically a Windows
executable program file and must have an
executable file extension such as .exe, .com,
.scr, .bat, or .pif.

With file extensions hidden, the user would only


see 'Readme.txt' and could mistake it for a
harmless text file.
How does it get in?
• Downloading a file
• Installing a program
• Opening an attachment
• Opening bogus Web pages
• Copying a file from someone else
ADWARE
Adware is not exactly
malicious but they do
breach the privacy of
the users for malicious
purpose.
ADWARE
They display ads
(a pop-up window
appears) on the
computer’s desktop or
inside individual
programs.
ADWARE
Adware can get onto
people’s mobile or cell
phones through apps in
popular categories like
entertainment and gaming.
SIGNS THAT YOU MAY BE INFECTED
WITH UNWANTED ADWARE INCLUDE:
Computer adware infection signs
• An unexpected change in your
web browser home page
• Web pages that you visit are
not displaying correctly
• Being overwhelmed with pop-
up ads — sometimes even if
not browsing the internet
SIGNS THAT YOU MAY BE INFECTED
WITH UNWANTED ADWARE INCLUDE:
Computer adware infection signs
• Slow device performance
• Device crashing
• Reduced internet speeds
• Redirected internet searches
• Random appearance of a new
toolbar or browser add-on
SIGNS THAT YOU MAY BE INFECTED
WITH UNWANTED ADWARE INCLUDE:
Mobile adware infection signs
• Your phone is slow
• Apps take longer to load
• Your battery drains quickly
• Your phone has apps you
don’t remember downloading
SIGNS THAT YOU MAY BE INFECTED
WITH UNWANTED ADWARE INCLUDE:
Mobile adware infection signs
• There is unexplained data
usage and higher-than-
expected phone bills
• There are numerous ad
pop-ups
HOW TO REMOVE ADWARE?
• Create a backup of the data
• Download or update your
security software
• Uninstall programs that are
not in use
• Use an adware and cleanup
application to run a scan
SPYWARE
Spyware is a type of
malware that perform
certain tasks
including watching and
tracking user actions
and collecting
personal data.
SPYWARE
Spyware programs generally install themselves on
the user's computer and provide profit to the
third party by collecting data of the user
without his awareness.

Moreover, spyware steals passwords and personal


information of the users by running in
background in the system.
SPYWARE TYPES
SPYWARE TYPES
SPYWARE TYPES
SPYWARE TYPES
SPYWARE TYPES
SPYWARE TYPES
ROOTKIT
A rootkit is a
malicious software
that alters the
regular functionality
of an OS on a
computer in a
stealthy manner.
WHY ARE ROOTKITS SO DANGEROUS?
They’re sneaky: rootkit infections can spread
through deceptive threat vectors like corrupt
downloads, spam emails, and exploit kits.

They’re stealthy: Unlike other types of malware,


a deeply concealed rootkit will not display many
symptoms.
WHY ARE ROOTKITS SO DANGEROUS?
They’re capable: A few experts call rootkits the
Swiss Army Knives of malware because they have
multiple capabilities.
TYPES OF ROOTKITS
Bootloader rootkit
When you turn on a computer, its bootloader
loads the operating system.

A bootloader rootkit infiltrates this


mechanism, infecting your computer with the
malware before the operating system is ready
to use.
TYPES OF ROOTKITS
Firmware rootkit
All devices, from mobile phones to washing
machines, can have firmware.

A firmware rootkit is challenging to find


because it hides in firmware, where
cybersecurity tools usually don’t look for
malware.
TYPES OF ROOTKITS
Kernel Rootkit
A kernel rootkit can be catastrophic because it
attacks a core component of your computer and
gives a threat actor significant control over a
system.
Application rootkit
may modify your regular files with rootkit code,
giving the rootkit’s author access to your
machine every time you run the infected files.
TYPES OF ROOTKITS
Memory rootkit
reside on your computer's RAM and can slow down
your machine while performing malicious tasks.

You can usually clear a memory rootkit by


restarting your computer, as a simple restart
clears your machine’s memory of all processes.
HOW ARE ROOTKITS
DETECTED AND REMOVED?
#1 System crashes:
A rootkit that infects your computer's
bootloader, hard drive, BIOS, or applications
may cause system crashing software conflicts.
HOW ARE ROOTKITS
DETECTED AND REMOVED?
#2 Software Malfunctions: Are you noticing
slowdowns, mysterious settings changes, or web
browser malfunctions? A rootkit can be
responsible for such issues.
HOW ARE ROOTKITS
DETECTED AND REMOVED?
#3 Antivirus crash: Should your antivirus
deactivate without cause, try an anti-rootkit
scan to search for malware. Afterwards,
reinstall your cybersecurity software.
• https://www.techtarget.com/searchsecurity/definition/
worm
• https://softwarelab.org/what-is-a-computer-worm/
• https://www.malwarebytes.com/computer-worm
• https://www.spiceworks.com/it-security/security-
general/articles/what-is-adware/
• https://www.kaspersky.com/resource-
center/threats/adware

REFERENCES • https://www.spiceworks.com/it-security/security-
general/articles/what-is-adware/
• https://www.geeksforgeeks.org/difference-between-
adware-and-spyware/
• https://softwarelab.org/what-is-spyware/
• https://sectigostore.com/blog/spyware-examples-4-
real-life-examples-that-shook-2021/
• https://gridinsoft.com/spyware
• https://www.malwarebytes.com/rootkit
• https://www.fortinet.com/resources/cyberglossary/root
kit

You might also like