TOOLKIT OF

CYBERCRIMINALS

1
1. Malwares or
malicious software
Back-doors, Trojan horse, Viruses, Worms,
Denial of Service, DDOS, Botnet, Spyware.
“ Malware – MALicious SoftWARE
- software that is specifically designed to
disrupt, damage, or gain unauthorized
access to a computer system.

3
4
TROJAN
▰ type of malware that tricks the
computer user into thinking that it
is legitimate software but
contains hidden functions. When
the computer user downloads and
installs the program, these hidden
functions are executed along with
the software
“Trojan horses do not self- replicate or reproduce by infecting other files or programs”
5
How do Trojans work?
▰ A Trojan must be executed by its victim to do its work. Trojan
malware can infect devices in several ways – for example:
• A user falls victim to a phishing or other social
engineering attack by opening an infected email
attachment or clicking on a link to a malicious website.
• A user sees a pop-up for a fake antivirus program that
claims your computer is infected and invites you to run a
program to clean it up. This is known as “scareware”. In
reality, users are downloading a Trojan onto their device.
6
• A user downloads a program whose publisher is
unknown from an untrustworthy website.
• A user visits a malicious website and experiences
a drive-by download pretending to be helpful software.
• Attackers install a Trojan through exploiting a software
vulnerability or through unauthorized access.
• Hackers create a fake Wi-Fi hotspot network that looks
like one a user is trying to connect to. When the user
connects to this network, they can be redirected to
fake websites containing browser exploits that redirect
any file they try to download. 7
If you suspect your device may have been breached by
Trojan malware, you should look our for following signs:

• Poor device performance – for example, running slowly or

frequently crashing (including the infamous “blue screen of
death”)
• The desktop has changed – for example, the screen resolution
has altered, or the color appears different
• The taskbar has changed – or perhaps disappeared altogether
• Unrecognized programs appear in your task manager – you
didn’t install them
8
• An increase in pop-ups – not just ads but browser pop-ups
offering products or antivirus scans which, when clicked on,
download malware onto your device
• Being redirected to unfamiliar websites when browsing online
• An uptick in spam emails

9
BACKDOOR
▰ is a type of malware that is used to
get unauthorized access to a website
by the cybercriminals. The
cybercriminals spread the malware
in the system through unsecured
points of entry, such as outdated
plug-ins or input fields

10
11
12
A well-known backdoor example is
called FinSpy. When installed on a
system, it enables the attacker to
download and execute files remotely
on the system the moment it
connects to the internet, irrespective
of the system's physical location. It
compromises overall system security

13
VIRUS
▰ is a software program that is designed to spread
itself to other computers and to damage or
disrupt a computer, such as interrupting
communications by overwhelming a computer’s
resources.
▰ A computer virus is a malicious piece of
computer code designed to spread from
device to device. A subset of malware, these
self-copying threats are usually designed to
damage a device or steal data.
“They are passed on by a computer user’s activity, such as opening an email attachment
infected by the virus” 14
15
 COMPUTER WORM
▰ are unique form of malware that can
spread autonomously, though they
do not necessarily have a payload.
Instead, they use system memory to
spread, self-replicate, and
deteriorate system functionality.

“Once activated, it copies itself Into the system memory and attempts to spread to
other systems through email address books or other mechanisms”
16
17
18
 BUNDLERS “Bundleware”
▰ malware which is hidden inside what
appears to be legitimate software or
download. Containers often include
gaming software, freeware, image or
audio files, or screensavers.

“(1) the main program a user is after and (2) bundleware. Many bundlers are found in
freeware download sites.”
19
20
DOS (DENIAL OF SERVICE)
▰ A Denial-of-Service (DoS) attack is
an attack meant to shut down a
machine or network, making it
inaccessible to its intended users.
▰ DoS attacks accomplish this by
flooding the target with traffic, or
sending it information that triggers a
crash.
21
22
 Distributed Denial of Service
(DDoS) Attack
▰ occur when a perpetrator seeks
to gain control over multiple
computers and then uses these
computers to launch an attack
against a specific target or
targets

“the attack overwhelms the resources of the target computers, causing them to deny
server access to other computers making legitimate requests”
23
24
BOTNET AND ZOMBIE (BOTS)
▰ are compromised computers
attached to the Internet which are
often used to remotely perform
malicious or criminal tasks. They
are often used in large batches,
and most owners of zombie
computers are unaware of their
usage.
“Their use is increasingly common as they effectively camouflage the perpetrator”
Botherder—A person who controls a botnet 26
27
28
 SPYWARE
▰ a type of malware that enables the
remote monitoring of a computer
user’s activities or information on an
individual’s computer where this
software has been installed. It may
also secretly gather information on
users without their knowledge and
relay it to interested third parties
Spyware can also secretly gather information on users (e.g., passwords, credit card
details) without their knowledge and relay these data to interested third parties.
29
30
 KEYLOGGERS
▰ a type of spyware that records every
keystroke of the user and reports this
information back to its source.
Keyloggers are a serious threat to users
and the users’ data, as they track the
keystrokes to intercept passwords and
other sensitive information typed in
through the keyboard.
“Keyloggers can be installed when a user clicks on a link or opens an attachment/file
from a phishing mail”
31
 SNIFFER
▰ a type of software that is used to
monitor and analyze networks, but can
also be used to collect individuals’
usernames, passwords, and other
personal information

“A sniffer or a spoofer is usually a standalone program to intercept and analyse certain

data”
32
Types of Sniffing Attacks
▰ Active sniffing occurs when an attacker interacts
with network traffic as in a traffic-flooding attack.
The victim could detect someone sniffing data from
his/her network during such an attack.
▰ Passive sniffing attacks, on the other hand, are more
dangerous as victims may not know that an attacker
is spying on them for a long time without getting
detected. In such an attack, an attacker listens in and
intercepts network traffic without interacting with it.
33
34
35
2. Phishing
Spoofing, Pharming, Redirectors, 419 fraud,
Floating windows
“ PHISHING
The solicitation of information via e-mail or the
culling of individuals to fake Web sites. Such
messages contain solicitations for account or
personal information. Normally alarming in some
manner, request is made to update or service an
account” or to provide additional information

37
“

38
 SPOOFING
▰ a type of scam in which criminals
attempt to obtain someone’s personal
information by pretending to be a
legitimate business, a neighbor, or some
other innocent party

“involves spoofing of e-mails or Web sites by using company trademarks and logos”
39
40
 PHARMING
▰ is an advanced form of phishing, which
redirects the connection between an IP
address (i.e., consumer seeking
legitimate site) and its target serve (i.e.,
legitimate site). This is accomplished
when the link is altered so that
consumers are unwittingly redirected to
a mirror site.
“In essence, it is the criminal act of producing a fake website and then redirecting users
to it.”
41
42
43
44
REDIRECTORS
▰ are malicious programs which redirect
users’ network traffic to undesired sites.
The most common form of malicious
code is designed to modify DNS server
setting or host files so that either
specific or all DNS lookups are directed
to a fraudulent server,

45
46
47
FLOATING WINDOWS
▰ Phishers may place floating windows
over the address bars in Web
browsers. Although the site appears to
be legitimate, it is a site designed to
steal personal information.
Traditionally, potential victims could
protect themselves by identifying URL
anomalies.

48
PROTECTING OUR
SECURITY

49
How to protect yourself against Malwares
1. Be cautious about downloads. Never download or install
software from a source you don’t trust completely.
2. Be aware of phishing threats. Never open an attachment,
click a link, or run a program sent to you in an email from
someone you don’t know.
3. Update your operating system’s software as soon as the
updates are available. In addition to operating system
updates, you should also check for updates on other
software you use on your computer. Updates often include
security patches to keep you safe from emerging threats. 50
4. Don’t visit unsafe websites. Look out for sites that have security
certificates – their URL should start with https:// rather than http:// -
the “s” stands for “secure” and there should be a padlock icon in the
address bar too.
5. Avoid clicking pop-ups and banners. Don’t click on unfamiliar,
untrusted pop-ups warning you your device is infected or offering a
magical program to fix it. This is a common Trojan horse tactic.
6. Protect accounts with complex, unique passwords. A strong
password is not easy to guess and ideally made up of a combination of
upper- and lower-case letters, special characters, and numbers. Avoid
using the same password across the board and change your password
regularly. A password manager tool is an excellent way to manage your
passwords.
51
7. Keep your personal information safe with
firewalls. Firewalls screen data that enters your device from
the internet. While most operating systems come with a built-
in firewall, it’s also a good idea to use a hardware firewall for
complete protection.
8. Back up regularly. While backing up your files won’t protect
you from downloading a Trojan, it will help you should a
malware attack cause you to lose anything important.

52