Identify Malware:

o Malware is a term which is short for “Malicious Software” is a file or code or application.
o Malware (Malicious Software) is any program or file, that is harmful to a computer user.
o Malicious Software typically delivered over a network that infects, explores and steals.
o Malware (Malicious Software) can be conducts virtually any behavior an attacker wants.
o Malware (Malicious Software) is an inclusive term, for all types of malicious software.
o Malicious Software is terms for all as Viruses, Worms, Trojans, Rootkits, and Spyware.
o Malware is also terms for Adware, Scareware, Botnets, Logic Bombs, Key loggers etc.
o Many tools can identify Malware on the network such as Packet Captures to analyzing.
o In addition, tools Snort, NetFlow, IPS, Advanced Malware Protection, Cisco FirePOWER etc.

Virus:
o Malicious code that attached to executable files that are often regular application.
o Viruses require some type of human or any other application interaction to activate.
o Entire category of viruses are designed to damage or destroy a system or the data.

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Worm:
o Worms are malware that replicate themselves and spread to infect other systems.
o Think of worms as small programs that replicate themselves in a computer network.
o A worm can travel from system to system without human or application interaction.
o When worm executes, it can replicate again & infect even more systems or computer.
o Worms destroy the files and data on user’s computer or system or Computer network.
o Worms usually target the operating system (OS) files to make them empty & destroy.
o Worms typically cause harm to the computer network and consuming the bandwidth.

Adware:
o Adware is computer term, which is stand for Advertising-Supported Malware.
o Adware works by executing advertisements to generate revenue for the hackers.
o Adware (Advertising-Supported Malware) is any type of advertising-supported software.
o Adware will play, display, or download advertisements automatically on a user's computer.
o Adware will play once the software has been installed or the application is in the use.

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Ransomware:
o Its propagate like worm but is designed to encrypt personal files on victim’s hard drive.
o Ransomware works by encrypting the hard drive and all files on a system or Computer.
o Ransomware can encrypt specific files in your system or all your files or mast boot record.
o Ransomware then asks for a payment in exchange for giving the decryption key.
o Major Ransomware like Reveton, CryptoLocker, CryptoWall, Pyeta, Nyeta, Bad Rabbit.
o More recently Ransomware 2017 WannaCry attack was lunched which destroy many PCs.
o Ransomware caused no small amount of destruction, but it caused huge destruction .

Trojan:
o Trojans are malicious programs that appear like regular applications or programs.
o Trojans are malicious programs that appear like media files or other computer files.
o Trojans contain a malicious payload; the payload can be anything malicious acts etc.
o Trojans payload provide backdoor that allows attackers unauthorized access to system.
o Trojans pretend to do one thing but, when loaded, actually perform another malicious.
o Few Trojan categories are command-shell Trojans, graphical user interface (GUI) Trojans.
o HTTP/HTTPS Trojans, document Trojans, defacement Trojans, botnet Trojans, VNC Trojans.
o Remote-Access Trojans, data-hiding Trojans, banking Trojans, DoS Trojans, FTP Trojans.
o Software-Disabling Trojans, and covert-channel Trojans are few examples of trojans.
o Remote-access Trojans (RATs) allow the attacker full control over the system or PC.
o Idea behind this type of Trojan is to hide user’s data sometimes known as ransomware.
o Security-software disablers Trojans are designed to attack and kill antivirus or firewalls.
o Denial of Service (DoS), These Trojans are designed to cause a DoS Denial of Service.
o They can be designed to knock out specific service or to bring an entire system offline.
o Trojans are dangerous, they represent a loss of confidentiality, integrity, and availability.
o Common targets of Trojans Credit card data & banking info have become huge targets.
o Passwords are always a big target of second common targets of trojans malware.

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

o P2P networks and file-sharing sites such as The Pirate Bay are generally unmonitored.
o And allow anyone to spread any programs they want, legitimate or not like trojans.
o Instant Messaging, Internet Relay Chat, Email attachments, and browser extension etc.

Spyware:
o Spyware computer network term, which is common types of malware.
o Spyware monitors the activities performed by a computer user on the PC.
o The main intention of a spyware is to collect the private information of PC user.
o Spyware normally come from internet while user download freeware software.
o Spyware is another form of malicious code that is similar to a Trojan horse malware.

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Rootkits:
o A rootkit is a collection of software specifically designed to permit malware.
o Rootkits gathers information, into your system, Computer, or computer network.
o These work in the background so that a user may not notice anything suspicious.
o Rootkits in the background permit several types of malware to get into the system.
o The term rootkit is derived from the combination of two words – "root" and "kit".
o Root refers to the administrator account in Unix and Linux operating systems etc.
o Kit refers to programs allow threat actor to obtain unauthorized root/admin access.

Keyloggers:
o Keylogger is network term which is Keystroke loggers software or Hardwar.
o Software, which records all the information that is typed using a keyboard.
o Keyloggers store the gathered information and send it to the attacker.
o Attacker extract sensitive information like password or credit card details.

Scareware:
o Scareware is a type of malware, which is designed to trick victims.
o Scareware trick victims into purchasing and downloading useless software.
o Scareware trick victims into download potentially dangerous software.
o Scareware, which generates pop-ups that resemble Windows system messages.
o Scareware usually purports to be antivirus or antispyware software or malwares.
o Scareware also usually popup a firewall application or a registry cleaner.
o The messages typically say that a large number of problems such as infected files.
o The user is prompted to purchase software to fix Computer or system problems.
o In reality, no problems were detected, and the suggested software contain malware.

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Logic Bomb:
o A Logic Bomb is malware that is triggered by a response to an event.
o Such as launching an application or when a specific date/time is reached.
o Attackers can use logic bombs in a variety of ways to destroy data or system.
o They can embed arbitrary code within a fake application, or Trojan horse.
o Logic Bomb will be executed whenever you launch the fraudulent software.
o Attackers can also use a combination of spyware and logic bombs to steal identity.

Botnet:
o Basically, the word botnet is made up of two words: bot and net.
o So, Bot is short for robot and Net comes from the network.
o People who write and operate malware cannot manually log onto every computer.
o They have infected, instead they use botnets to manage a large number of systems.
o A botnet is a network of infected computers, used by the malware to spread.
o Cybercriminals use special Trojan viruses to breach the security of several users’ PCs.
o Cybercriminals take control of each computer & organize all of the infected PCs.
o Cybercriminals remotely manage and organize all infected computer bot.

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

DoS (Denial of Service) Attack:
o DoS Attack is a type of attack to network server with large number of service requests.
o DoS Attack can cause server to crash the server & legitimate users are denied the service.
o DDoS stand for (Distributed Denial of Service) an Attack, which is one type of DoS attack.
o DDoS originating from many attacking computers from different geographical regions.
o Zombies and Botnets are mainly used in DDoS (Distributed Denial of Service) attacks.
o Both type of attack DoS and DDoS can cause the services to become unavailable to users.
o Such as Ping of Death, Smurf Attack, TCP SYN , CDP Flood, Buffer Overflow, ICMP Flood.
o Cloud is more vulnerable to DoS attacks because it is shared by many users & organizations.
DOS Attack

Servers

DDOS Attack

SQL Injection:
o SQL injection is a code injection technique that might destroy your database.
o SQL injection is one of the most common web hacking techniques to gain access.
o SQL injection is placement of malicious code in SQL statements, via web page input.
o SQL Injection is injection attack makes possible to execute malicious SQL statements.
o Attackers can use SQL Injection vulnerabilities to bypass application security measures.
o SQL Injection (SQLi) also used to add, modify, and delete records in the database.
o SQL injection attack exploits vulnerable cloud-based applications allow pass SQL commands.

7 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Cross Site Scripting:
o XSS is term, which stand for Cross-Site Scripting Errors, are a type of coding error.
o Where a malicious party can trigger execution of software from their browser.
o Cross-site scripting is a type of security vulnerability found in web applications.
o XSS enables attackers to inject client-side scripts into web pages viewed by other users.
o Common purpose of XSS attack is to collect cookie data such as session IDs or login info.
o XSS used to steal cookies exploited to gain access as authenticated user to a cloud-based.
o Three major categories are Reflected XSS, Stored(Persistent) XSS, and DOM-Based XSS.

Phishing:
o Phishing is a type of social engineering attack often used to steal user data or info.
o Phishing is social engineering attack to steal login credentials & credit card numbers.
o Phishing is method of trying to gather personal info using deceptive e-mails & websites.
o Phishing is a cyber-attack that uses disguised email as a weapon to steal user data or info.

8 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Man in The Middle:
o MITM (Man in The Middle) means man in the middle of your conversation.
o In a Man-in-The-Middle attack, attackers place themselves between two devices.
o MITM attack to intercept or modify communications between the two devices.
o MITM cyberattacks allow attackers to secretly intercept communications.
o MITM attack happens when hacker inserts themselves between a user & apps.
o Attackers have many different reasons and methods for using a MITM attack.
o MITM is used to steal something, like credit card numbers or user login credentials.
o MITM attacks involve interception of communication between two digital systems.

Data Breach:
o Data breach can involve data that was not supposed to be released to the public.
o Which includes financial information, personal health information & trade secrets.
o Which includes. Personally, identifiable information and other intellectual property.
o Value of the organization’s cloud-based data might be different for different people.
o Data Breach happen if organization lacks managing authentication & identity properly.
o The Businesses need to properly allocate access to data as per every user’s job role.
o One-time passwords & phone-based authentications are the two factor authentications.
o that help securing cloud services by making it tough for the attacks to steal the credentials.

9 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Lab Time:
1- Go to https://geekprank.com/ link to show Virus and Ransomware.
2- Go to https://www.eicar.org/?page_id=3950 download virus file to test antivirus software.
3- Go to Windows XP to show Key Keylogger key stock records using Blackbox free tool.
4- Go to Window XP Start XAMPP Control Panel, open 192.168.122.60/dvwa username admin
password is password, go DVWA Security make low and submit. Click on SQL Injection in
User ID: %' or '0'='0 and click submit it will show all the records.
5- DoS Attack start Kali Linux, take a Switch in GNS3 connect to Kali Linux, Use macof -i eth0
for flooding attack. Use yersina -G for CDP flooding Attack.

10 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717