Chapter 2 Malware BMIT2713 Information and IT Security

Tutorial 2 Part 1

1. Define the following terms:

a) Virus: A computer virus is a malicious software program that infects and spreads from one
computer to another by attaching itself to a legitimate program or document. Once activated,
viruses can damage or corrupt files, steal personal information, and cause other harmful
effects on a computer system.

b) Worm: A computer worm is a type of malware that spreads over a network by exploiting
security vulnerabilities or by using social engineering techniques to trick users into executing
the worm. Unlike viruses, worms can spread and replicate without the need for a host
program, making them more dangerous and difficult to control.

c) Trojan horses: A Trojan horse is a type of malware that disguises itself as a legitimate
program or file, often tricking users into downloading and installing it. Once installed, the
Trojan horse can perform a variety of malicious actions, such as stealing data, damaging files,
or allowing unauthorized access to the infected computer system.

d) Rootkits: A rootkit is a type of malware that allows unauthorized users to gain access to a
computer system and control it without being detected by antivirus software or other security
measures. Rootkits can hide their presence on a system by modifying system files, processes,
and drivers.

e) Backdoor: A backdoor is a hidden entry point in a computer system that allows an attacker
to bypass normal authentication procedures and gain unauthorized access. Backdoors can be
installed by attackers using various techniques, such as exploiting vulnerabilities or using
social engineering tactics to trick users into granting access. Once a backdoor is installed, it
can be used to remotely control a system, steal data, or perform other malicious actions.

2. How attacker steal data from owner?

There are various methods that attackers may use to steal data from the owner of a
device or system, including:

1. Phishing: Attackers may send fake emails, messages, or pop-ups that look like
they are from legitimate sources, such as banks or other trusted organizations,
in an attempt to trick the user into providing sensitive information, such as
passwords, account numbers, or other personal details.
2. Malware: Attackers may use malicious software, such as viruses, worms,
Trojans, or spyware, to infect the user's device or system and steal sensitive
data, such as login credentials, credit card numbers, or other personal
information.
 3. Social engineering: Attackers may use social engineering tactics, such as
pretexting, baiting, or quid pro quo, to manipulate or deceive users into giving
up sensitive information.
4. Physical access: Attackers may gain physical access to a device or system, such
as a computer or smartphone, and extract data directly from the device or
through peripheral devices, such as USB drives or external hard drives.
5. Network sniffing: Attackers may use network sniffing tools to intercept and
capture data packets as they travel over the network, allowing them to steal
sensitive information, such as passwords or other personal data.

To protect against data theft, users can take various measures, such as using strong
passwords, keeping their software and operating systems up to date with the latest
security patches, avoiding suspicious emails or links, using encryption to protect
sensitive data, and limiting physical access to their devices or systems.

2. What could be the reason attacker uses malware for?

 Stealing data: Malware can be used to steal sensitive data, such as login
credentials, credit card numbers, or other personal information, which can be
sold on the black market or used for identity theft.
 Financial gain: Malware can be used to conduct fraudulent activities, such as
stealing money from bank accounts or cryptocurrency wallets, or to extort
money from victims through ransomware attacks.
 Espionage: Malware can be used to conduct espionage activities, such as
stealing confidential information, trade secrets, or intellectual property from
businesses or governments.
 Botnet creation: Malware can be used to create a botnet, which is a network
of infected computers that can be controlled by an attacker to carry out
various malicious activities, such as distributed denial-of-service (DDoS)
attacks or spam campaigns.
 Cyber warfare: Malware can be used as a weapon in cyber warfare to disrupt
or disable critical infrastructure, such as power grids, transportation systems,
or communication networks.

In general, attackers use malware as a means to gain unauthorized access to

computer systems or networks, and to carry out various malicious activities that can
cause harm to individuals, businesses, or governments.

3. Why anti-virus is important?

Antivirus software is important because it helps protect computer systems and
networks from malware infections and other cyber threats. Here are some key
reasons why antivirus software is important:
  Protection against malware: Antivirus software can help prevent malware
infections by detecting and blocking malicious software before it can harm a
computer or network. This includes viruses, worms, Trojans, spyware, adware,
and other types of malware.
 Real-time scanning: Antivirus software can provide real-time scanning of files
and programs, ensuring that any new malware that enters the system is
detected and stopped before it can cause harm.
 Automatic updates: Antivirus software is constantly updated to keep pace
with new and evolving threats, and these updates are often delivered
automatically to ensure that the system is always protected.
 Security for online activities: Antivirus software can provide protection while
browsing the internet, checking email, or downloading files, by scanning for
potential threats and blocking malicious websites and downloads.
 Protection for personal data: Antivirus software can help protect personal
data, such as passwords, credit card numbers, and other sensitive information,
from being stolen by cybercriminals.
 Peace of mind: Having antivirus software installed can provide peace of mind
that the system is protected against known and unknown threats, and that
personal data is safe and secure.

In summary, antivirus software is an essential tool for protecting computer systems

and networks from malware infections and other cyber threats, and should be
installed on all devices that are connected to the internet.

4. Specify TWO (2) different techniques used to eliminate malware.

There are several techniques that can be used to eliminate malware, but here are two
common approaches:

1. Antivirus software: Antivirus software is designed to detect and remove

malware infections from a computer or network. When an antivirus program
detects malware on a system, it can quarantine or delete the infected files,
preventing the malware from causing further harm. Antivirus software can also
provide real-time scanning to detect and block new malware infections as
they occur.
2. Manual removal: In some cases, it may be necessary to manually remove
malware from a system. This involves identifying the malicious files and
processes associated with the malware, and deleting them from the system.
Manual removal can be a complex and time-consuming process, but it may be
necessary when antivirus software is unable to detect or remove the malware.

It's worth noting that some malware, such as rootkits, may be difficult to detect and
remove, and may require specialized tools and techniques to eliminate. Additionally,
prevention is often the best defense against malware infections, so it's important to
use a combination of antivirus software, software updates, strong passwords, and
safe browsing practices to reduce the risk of malware infections in the first place.

5. Give TWO (2) limitations of antivirus.

Antivirus software may not detect all types of malware: Antivirus software
relies on a signature database to identify and detect malware. However, new
and unknown types of malware may not yet have a signature in the database,
which can allow them to evade detection by the antivirus software.

Additionally, some malware may be designed specifically to avoid detection

by antivirus software, making it difficult to detect and remove.

Antivirus software may impact system performance: Antivirus software needs

to scan files and processes on a computer to detect malware. This scanning
process can consume system resources such as CPU and memory, which can
slow down the computer and impact its performance. Additionally, some
antivirus software may produce false positives, flagging legitimate files or
programs as malware, which can cause confusion and disrupt normal system
operation.

6. Give some example of free anti-viruses?

 Avast Free Antivirus
 AVG AntiVirus Free
 Avira Free Antivirus
 Bitdefender Antivirus Free Edition
 Kaspersky Security Cloud Free
 Microsoft Defender Antivirus (built-in to Windows 10)
 Sophos Home Free Antivirus
 Comodo Free Antivirus
 Panda Free Antivirus
 ZoneAlarm Free Antivirus + Firewall