KIMBERLY D.

BORLING BSCRIM-IV

PRETEST

Directions: Read the following sentences. Write T if the statement is True and
F if the statement is False. Write your answer on the space before the number.

_T _1. Emotet is a trojan that gained notoriety in 2008.

_T _2. WannaCry, the deadliest ransomware outbreaks in history, was spread

using phishing emails in 2017.

_T _3. Petya disables the whole operating system of the computer.

_F _4. This type of ransomware targets users by infecting them with malicious
files ostensibly containing further information on the situation is called Mellieza
virus.

_F _5. In 2019, the ransomware iloveyou made news after targeting big
corporations throughout the world, including Altran Technologies and Hydro.
 ACTIVITY 1:
Create a Reaction paper regarding the video you watch. (500 words each)

1. https://www.youtube.com/watch?v=NZDiQczOsdc
Melissa
Conferring to the video I have viewed, The Melissa Virus is malware that was deployed in late March
of 1999. A programmer by the name of David Lee Smith took over an America Online (AOL) account and
used that account to post a file on an Internet newsgroup. The posting was advertising free login credentials
to adult content websites, using the file as bait. Once the users on the website downloaded and opened the
file, a virus was deployed onto their computer. The virus hacked into user’s Microsoft Outlook account and
sent emails with the same malicious file to the first 50 contacts in the contact list. This was one of the first
big attacks that caught people’s attention, and one of the first real phishing attacks. This attack was a harbinger
of our online future as today we continue to be plagued by even more sophisticated social engineering and
phishing attacks
As per my research, Melissa arrives in an attachment to an e-mail note with the subject line
"Important Message from the name of someone[," and body text that reads "Here is that document you asked
for...don't show anyone else ;-)". The attachment is often named LIST.DOC. If the recipient clicks on or
otherwise opens the attachment, the infecting file is read to computer storage. The file itself originated in an
Internet alt.sex newsgroup and contains a list of passwords for various Web sites that require memberships.
The file also contains a Visual Basic script that copies the virus-infected file into the normal.dot template file
used by Word for custom settings and default macros. It also creates this entry in the Windows registry:
HKEY_CURRENT_USERSoftwareMicrosoftOffice"Melissa?"="...by Kwyjibo"
The virus then creates an Outlook object using the Visual Basic code, reads the first 50 names in each Outlook
Global Address Book, and sends each the same e-mail note with virus attachment that caused this particular
infection. The virus only works with Outlook, not Outlook Express.

In a small percentage of cases (when the day of the month equals the minute value), a payload of text
is written at the current cursor position that says: “Twenty-two points, plus triple-word score, plus fifty points
for using all my letters. Game's over. I'm outta here."The quote refers to the game of Scrabble and is taken
from a Bart Simpson cartoon. The virus also disables some security safeguards. These are described by CERT
and the anti-virus software sites.
Avoiding Melissa does not mean you can't read your e-mail - only that you have to screen your notes and be
careful about what attachments you open, if you get an e-mail note with the subject, "Important Message from
[the name of someone]," and it has an e-mail attachment (usually a 40 kilobyte document named LIST.DOC),
simply DO NOT OPEN (for example, do not click on) the attachment. Write down the e-mail address of the
person it came from. Delete the message. Then send a note to the sender so that they know that their
computer has been infected. As a rule, viruses are named by antivirus companies, who avoid using proper
names. The Melissa virus was named by its creator, David Smith, for a Miami stripper.
2. https://www.youtube.com/watch?v=iBGIUd9niXc

ILOVEYOU
The year 2000’s ILOVEYOU virus functioned by directing a false “love letter” that is viewed like an
inoffensive text file. Like Mydoom, this attacker sent copies of itself to every email address in the infected
machine’s contact list. Shortly after its May 4 release, it had spread to more than 10 million PCs.

The virus was created by a college student in the Philippines named Onel de Guzman. Lacking
funds, he wrote the virus to steal passwords so he could log into online services he wanted to use for free.
He reportedly had no idea how far his creation would spread. This virus is also known as Loveletter. The
malware was created by Onel de Guzman, a then-24-year-old resident of Manila, Philippines. Because there
were no laws in the Philippines against creating malware at the time of its creation, the Philippine Congress
enacted Republic Act No. 8792, otherwise known as the E-Commerce Law, in July 2000, in order to
discourage future iterations of such activity. The Constitution of the Philippines bans ex post facto laws,
however, and as such, de Guzman could not be prosecuted. ILOVEYOU was created by Onel De Guzman,
a college student in Manila, Philippines, who was 24 years old at the time. De Guzman, who was poor and
struggling to pay for Internet access at the time, created the computer worm intending to steal other users'
passwords, which he could use to log in to their Internet accounts without needing to pay for the service.
He justified his actions on his belief that Internet access is a human right, and that he was not actually
stealing. On 5 May 2000, two young Filipino programmers named Reonel Ramones and Onel de Guzman
became targets of a criminal investigation by agents of the Philippines' National Bureau of Investigation
(NBI). Local Internet service provider Sky Internet had reported receiving numerous contacts from
European computer users alleging that malware (in the form of the "ILOVEYOU" worm) had been sent via
the ISP's servers

The worm used the same principles that de Guzman had described in his undergraduate thesis at
AMA Computer College. He stated that the worm was very easy to create, thanks to a bug in Windows 95
that would run code in email attachments when the user clicked on them. Originally designing the worm to
only work in Manila, he removed this geographic restriction out of curiosity, which allowed the worm to
spread worldwide. De Guzman did not expect this worldwide spread. On the machine system level,
ILOVEYOU relied on the scripting engine system setting (which runs scripting language files such as .vbs
files) being enabled, and took advantage of a feature in Windows that hid file extensions by default, which
malware authors would use as an exploit. Windows would parse file names from right to left, stopping at
the first period character, showing only those elements to the left of this. The attachment, which had two
periods, could thus display the inner fake "TXT" file extension. True text files are considered to be
innocuous as they are incapable of running executable code. The worm used social engineering to entice
users to open the attachment (out of actual desire to connect or simple curiosity) to ensure continued
propagation. Systemic weaknesses in the design of Microsoft Outlook and Microsoft Windows were
exploited to allow malicious code capable of gaining complete access to the operating system, secondary
storage, and system and user data in, simply through unwitting users clicking on an icon. Since there were
no laws in the Philippines against writing malware at the time, both Ramones and de Guzman were
released with all charges dropped by state prosecutors.
 ACTIVITY 2.

MyDoom Melissa Zeus

ILOVEYOU WannaCry CryptoLocker

Malware Trojan CovidLock Petya

Melissa1. On or around March 26, 1999, the _ virus was launched as a mass-mailing macro virus.
Trojans can provide an attacker access to a user's personal information, such as financial information,
passwords, or personal identification, such as Social Security or Driver's License numbers.

MyDoom 2. In January 2004, a computer worm infecting the Microsoft Windows operating system
was found for the first time.

ILOVEYOU_3. Is a computer worm that infected over ten million Windows PCs on and after May 5,
2000, when it began propagating as an email message with the subject line "ILOVEYOU" and the
attachment "LOVE-LETTER-FOR-YOU.TXT.vbs.‖?

Malware_4. This refers to any invasive software created by cybercriminals (commonly referred to as
"hackers") with the intent of stealing data and causing harm or destruction to computers and computer
systems. Viruses, worms, Trojan horses, spyware, adware, and ransomware are all examples of prevalent
malware. Data has been infiltrated in large quantities as a result of recent malware assaults.

WannaCry 5. In May of 2017, a ransomware worm spread quickly across a number of computer
networks.

Zeus_6. Malware that masquerades as something beneficial, helpful, or entertaining while inflicting
harm or stealing information. Other malware (e.g., spyware, adware, and ransomware) is frequently
quietly downloaded by this virus on an infected system.

CryptoLocker_7. Since it was originally released in 2013, it has been one of the most well- known
ransomware in history, owing to the fact that it used an unusually large encryption key, making
professional work more difficult.

Petya 8. This malware disables the computer's whole operating system, the windows operating system.

Zeus 9. Malware that is transmitted through phishing attacks using harmful files disguised as emails
and bogus websites. It's well-known for spreading quickly and replicating keystrokes, which has led to
widespread use in instances when credentials and passwords, such as email and bank accounts, are
stolen.

Trojan CovidLock 10. This type of ransomware targets victims by infecting them with malicious files
ostensibly containing further information on their condition.
Let your thoughts be known!

What is a Distributed Denial of Service (DDoS) attack? and, in your own words, how does it work?
(1000 words)

Concluded after seeing the video I have that learned distributed denial-of-service (DDoS) attack is a
malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the
target or its surrounding infrastructure with a flood of Internet traffic. This type of attack takes advantage of
the specific capacity limits that apply to any network resources – such as the infrastructure that enables a
company’s website. The DDoS attack will send multiple requests to the attacked web resource – with the aim
of exceeding the website’s capacity to handle multiple requests… and prevent the website from functioning
correctly. Typically, attackers generate large volumes of packets or requests ultimately overwhelming the target
system. In case of a Distributed Denial of Service (DDoS) attack, and the attacker uses multiple compromised
or controlled sources to generate the attack. Typical targets for DDoS attacks include: Internet shopping sites,
online casinos, any business or organization that depends on providing online services and even government
sites. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of
attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.
From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular
traffic from arriving at its destination. DDoS attacks are carried out with networks of Internet-connected
machines. These networks consist of computers and other devices (such as IoT devices) which have been
infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are
referred to as bots (or zombies), and a group of bots is called a botnet. Once a botnet has been established,
the attacker is able to direct an attack by sending remote instructions to each bot. When a victim’s server or
network is targeted by the botnet, each bot sends requests to the target’s IP address, potentially causing the
server or network to become overwhelmed, resulting in a denial-of-service to normal traffic. Because each bot
is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult. In addition to
the capacity limit of the server, the channel that connects the server to the Internet will also have a finite
bandwidth / capacity. Whenever the number of requests exceeds the capacity limits of any component of the
infrastructure, the level of service is likely to suffer in one of the following ways: The response to requests will
be much slower than normal, and some – or all – users’ requests may be totally ignored. Usually, the attacker’s
ultimate aim is the total prevention of the web resource’s normal functioning – a total ‘denial of service’. The
attacker may also request payment for stopping the attack. In some cases, a DDoS attack may even be an
attempt to discredit or damage a competitor’s business.

In order to send an extremely large number of requests to the victim resource, the cybercriminal will often
establish a ‘zombie network’ of computers that the criminal has infected. Because the criminal has control
over the actions of every infected computer in the zombie network, the sheer scale of the attack can be
overwhelming for the victim’s web resources. The most obvious symptom of a DDoS attack is a site or service
suddenly becoming slow or unavailable. But since a number of causes — such a legitimate spike in traffic —
can create similar performance issues, further investigation is usually required. Traffic analytics tools can help
you spot some of these telltale signs of a DDoS attack: (1)Suspicious amounts of traffic originating from a
single IP address or IP range, (2) A flood of traffic from users who share a single behavioral profile, such as
device type, geolocation, or web browser version, (3)An unexplained surge in requests to a single page or
endpoint, (4)Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be
unnatural (e.g. a spike every 10 minutes).There are other, more specific signs of DDoS attack that can vary
depending on the type of attacks. The goals of the attack attempt is to create congestion by consuming all
available bandwidth between the target and the larger Internet. Large amounts of data are sent to a target by
using a form of amplification or another means of creating massive traffic, such as requests from a botnet.

Through research, I have also learned DDoS Protection Techniques —one of the first techniques to
mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for
attackers and allowing you to build protections in a single place. We want to ensure that we do not expose
our application or resources to ports, protocols or applications from where they do not expect any
communication. Thus, minimizing the possible points of attack and letting us concentrate our mitigation
efforts. In some cases, you can do this by placing your computation resources behind Content Distribution
Networks (CDNs) or Load Balancers and restricting direct Internet traffic to certain parts of your
infrastructure like your database servers. In other cases, you can use firewalls or Access Control Lists (ACLs)
to control what traffic reaches your applications. Second, the two key considerations for mitigating large scale
volumetric DDoS attacks are bandwidth (or transit) capacity and server capacity to absorb and mitigate
attacks. Third, Transit capacity. When architecting your applications, make sure your hosting provider
provides ample redundant Internet connectivity that allows you to handle large volumes of traffic. Since the
ultimate objective of DDoS attacks is to affect the availability of your resources/applications, you should
locate them, not only close to your end users but also to large Internet exchanges which will give your users
easy access to your application even during high volumes of traffic. Additionally, web applications can go a
step further by employing Content Distribution Networks (CDNs) and smart DNS resolution services which
provide an additional layer of network infrastructure for serving content and resolving DNS queries from
locations that are often closer to your end users. Fourth, server capacity. Most DDoS attacks are volumetric
attacks that use up a lot of resources; it is, therefore, important that you can quickly scale up or down on your
computation resources. You can either do this by running on larger computation resources or those with
features like more extensive network interfaces or enhanced networking that support larger volumes.
Additionally, it is also common to use load balancers to continually monitor and shift loads between resources
to prevent overloading any one resource.

In the early to mid-2000s, this kind of criminal activity was quite common. However, the number of successful
DDoS attacks has been reducing. This decrease in DDoS attacks is likely to have resulted from the following:

 Police investigations that have resulted in the arrest of criminals across the world
 Technical countermeasures that have been successful against DDoS attacks