C235 IT Security and Management

LP1
Lecture 2.1 : Types of Malware
 Learning Objectives

• What is malware?

• Types of malware
 Malware: Malicious Software
• Refers to unwanted software running on a user’s
computer that performs malicious actions.
• Malicious actions include
• Stealing information
• Causing damage (e.g., corrupting or removing files)
• Causing annoyances (e.g, pop-up advertising)
• Opening backdoor
• Spam emails
• Malware often exploits weaknesses or bugs in the target
machine.
 Types of Malware
 Virus
 Worm  Scareware
 Rootkit  Ransomware
 Trojan  Adware
 Spyware  LogicBomb
 Botnet  Zero day

4
 Virus
• A virus is a piece of malicious code that replicates by
attaching itself to another piece of executable code.
• When the other executable code is run, the virus also
executes and has opportunity to infect other files and
perform any other malicious actions it was designed to
do.
• The specific way that a virus infects other files, and the
type of files it infects, depends on the type of virus.
 Types of Virus
• Boot Sector Virus

• Program Virus

• Macro Virus

6
 Boot Sector Virus
• Infects the code in the boot sector of a drive, which run
each time the computer is turned on or restarted.
• Can be difficult to remove, since the boot program is the
first program computer runs
• If the boot sector is infected with a virus, then that virus
can make sure it has copies of itself placed in other
operating system files.

7
 Program Virus
• Attaches itself to executable files-typically files ending
in .exe or .com on Windows based systems.
• The virus is attached in such a way that it is executed
before the program executes.
• Like other types of viruses, program viruses are often not
detected until after they execute their malicious payload.

8
 Virus Attaching to a Program

+ Virus Code = Virus Code

Original
Program
 Macro Virus
• A macro virus is also known as a document virus, is
launched when a document is opened, at which time the
virus then searches for other documents to infect
• Can insert itself into the standard document template,
which makes every newly created document infected.
• Further propagation occurs when infected documents
are emailed to other users.

10
 Watch video on
‘What is a computer virus’
• https://www.youtube.com/watch?v=qy0-X7CTqss
(Time 0.22 to 2.47)

11
 Quiz
• Which of the following is/are characteristic(s) of a virus?
A. It is able to spam your email.
B. It is able to replicate itself.
C. It is able to infect other files.
D. It is able to steal your credit card information
 Worm
• A worm is a standalone computer program that
replicates independently by sending itself to other
systems.
• Since a worm does not have to attach itself to something
else, it can spread much faster than virus.
• Worms typically cause damage two ways: first by the
malicious code they carry; the second type of damage is
loss of network availability due to aggressive self-
propagation.
 Watch video on “What is a
Computer Worm?”
• https://www.youtube.com/watch?v=sptJsIG6zy0
(Time 0.22 to 2.47)

14
 Quiz
• Which of the following is/are characteristic(s) of a worm?
A. It loves to change content of files.
B. It loves to spread.
C. It loves to self-replicate.
D. It loves to steal confidential data.
 Rootkit
• It is a malware specifically designed to modify the
operating system supporting functions, changing the
nature of the system’s operation.
• It can avoid the security functions of the operating
system to avoid detection.
• The installation of the Rootkit usually result in the hacker
getting root or escalated privileges (i.e. admin).
 Watch video on “Rootkit”
• https://www.youtube.com/watch?v=u8IIIW-H3jA
(Time 0.00 to 5.38)

17
 Trojan
• Gets its name from ancient Greek mythology, was named after
a large wooden horse that secretly housed Greek soldiers.
• Program that appears to be useful (i.e. accounting software)
but contains malicious code that could
– Opens a back door
– Log keyboard inputs to steal password - keyloggers
– Steal information – spyware
• Standalone Program
• Require some form of human interaction (e.g.
clicking/installing a program)
 Watch video on “What is a Trojan?”
• https://www.youtube.com/watch?v=buZHcUWE1HU
(Time 0.21 to 3.35)

19
 Quiz
• Which malware make use of the method of appending
“$sys$.” to a file name?
A. Worm
B. Trojan
C. Rootkit
D. Virus
 Quiz
• Which of this malware tricks users by pretending to be
an anti-virus software?
A. Worm
B. Program virus
C. Macro virus
D. Trojan.
 Adware
• The term adware is frequently used to describe a form of
malware which presents unwanted advertisements to
the user of a computer.
• The advertisements produced by adware are sometimes
in the form of a pop-up or sometimes in an "unclosable
window".

22
Example of Adware

23
 Watch video on “What is Adware?”
• https://www.youtube.com/watch?v=lOhoOUDkAzE
(Time 0.22 to 3.48)

24
 Spyware
• Malware that:
– “Spies” on users recording and reporting on their
activities

– For example, monitors users’ online activities to

create profiles based on search habits

– Advertisement may be pushed to victims based on

information collected

25
 Example of Spyware
• Music-lyric sites may trick a person into downloading
spyware

26
Watch video on “What is Spyware?”
• https://www.youtube.com/watch?v=cnQ_dShyU3g
(Time 0.21 to 6.46)

27
 Quiz
• Which of the following characteristics of spyware that
clearly distinguish it from adware?
A. Spyware generate pop-ups.
B. Spyware do not targets users with ads.
C. Spyware generate spam.
D. Spyware attempts to steal your confidential data.
 BotNet
• Also known as a zombie army
– number of Internet computers that, although their
owners are unaware of it, have been set up to forward
transmissions to other computers on the Internet.
• Any such computer is referred to as a zombie - in effect, a
computer "robot" or "bot" that serves the wishes of
some master spam or virus originator.
• A zombie or bot is often created through an Internet port
that has been left open and through which a small Trojan
horse program can be left for future activation.

29
 Watch video on “Botnet”
• https://www.youtube.com/watch?v=Z8KtojO5eGI
(Time 0.00 to 3.42)

30
Watch video on ‘What is botnet and how does it spread?’

• https://www.youtube.com/watch?v=s0sgiY93w9c
(Time 0.00 to 2.33)
 Quiz
• Which of these malware is usually used to spread
botnet?
A. Spyware
B. Trojan
C. Rootkit
D. Program virus
 Scareware
• Poses as legitimate software and tools such as registry
cleaners and virus removers.
• Typically useless software although some may hide
malicious intent.
• Trick users in purchasing them through shock , anxiety or
through the perception of a threat.
• Some of them look tremendously convincing.
Example of Scareware
Watch video on “What is Scareware”
• https://www.youtube.com/watch?v=m_bZiEMkd5Y
(Time 0.00 to 4.16)

35
 Ransomware
• Restricts access to the computer systems that it infects
and demands a ‘ransom’ to be paid for removal of the
restriction.

36
 Watch video on “Ransomware”
• https://www.youtube.com/watch?v=oGqSxKxJKWE
(Time 0.00 to 2.46)

37
 Quiz
• Choose the most likely malware that caused the following pop-up:

A. Ransomware
B. Scareware
C. Spyware
D. Trojan.
 Logic Bomb
• Generally installed by an authorized user, but in some
cases it maybe from an external source (e.g. Friday the
13 malware)
• It will remain dormant until an event invokes its
malicious payload

39
 Watch video on “Logic Bomb”
• https://www.youtube.com/watch?v=1fJLS-Y-lUk
(Time 0.00 to 3.30)

40
 Zero Day malware
• Zero day malware is a previously unknown malware for
which specific antivirus software signatures are not yet
available.
• A zero day vulnerability refers to a hole in software that
is unknown to the vendor. This security hole is then
exploited by hackers before the vendor becomes aware
and hurries to fix it. This exploit is called a zero day
attack.

41
 Watch video on Zero Day Attacks
• https://www.youtube.com/watch?v=3-zQlUJweE4
(Time 0.00 to 5.58)
At the end of this lesson, you should be able
to
• List and describe the different categories of malware
• Distinguish between the different categories of
malware.
• Explain the potential danger and damage from
malware.

43