Anatomy of Malware

Name – Sandeep Singh

Part A

Malware Example: Ransomware

What it Does:
Ransomware is a dimension of malware that implicitly encrypts documents on the victim's computer or
network and in this way, they become unreachable. After the fulfillment of his intention, the attacker
wants to exchange a breviary key for the decrypting of the files in most cases in a crypto currency for the
payment. The encryption could be temporary, depending on the timeframe within which a ransom is paid.
Eventually, the files may become lost forever.

Ransomware targets individual users or organizations whether they are local businesses or entire
government agencies. It can encrypt file types as diverse from word documents to images, videos to
databases and renders the victims' operations effectively inoperable until the ransom is paid or the files
are restored from backups.

How it is Transmitted:
Ransomware can be distributed through various means, including Ransomware can be distributed through
various means, including:

Phishing Emails: Phishing emails aiming to trick innocent users are common means for cyber criminals
to deliver ransomware through dubious attachments or hyperlinks included in their emails. The e-mails
can be falsely imitated to seem as if they came from familiar sources. As such, they may invite the
recipients to open the attachments and click on links, which causes the ransomware to be activated.

Exploit Kits: Ransomware may leverage software or operating system loopholes to access and penetrate
systems. <p>Daylight saving time can have both positive and negative effects on human health. Criminals
in this regard utilize the attack mechanism called exploit kits, which enables them to achieve the
predetermined objectives and automate the process of recognizing and exploiting these loopholes, thus
negating the requirement of user interaction.
Remote Desktop Protocol (RDP) Compromise: The result of such attacks is the establishment by the
intruders of connections that would otherwise be inaccessible, i.e. use of Remote Desktop Protocol with
little or no security. If the host is the victim and the software has been installed successfully, then the
malware can be deployed to encrypt files and ask for ransom money to regain access to the files.

Malicious Websites: Another source of infection can be the visitors of the insecure websites, may be
malicious and can lead to ransomware infections. They can leverage browser bugs for downloading and
injecting malicious clues (ransomware) straight into consumers' machines.
Impact it Causes:
Ransomware attacks can have devastating consequences for individuals and organizations, including
Ransomware attacks can have devastating consequences for individuals and organizations, including:

Financial Loss: Victims may gain multi-faceted financial losses due to ransoms demanded, production
losses, and recovery services. In some cases the cybercriminals needing the money to be paid, there still is
the risk of the decryption key not being provided, or even after paying the ransom, the files not to be
recovered at all.

Data Loss: Files would be securely encrypted, and they lose their accessibility permanently if backups
are not available or if encryption is too strong to crack. This might lead even to encoding of valuable data,
losing all critical documents such as business records, private customer data and protected IP, as well.

Disruption of Operations: There will be business operations impediments and productivity losses,
giving the enterprise negative outcomes in terms of the services and reputation. Organizations are likely
to experience lasting damage due to some unexpected downtime, and it may as well get their businesses
subjected to legal ramifications owing to the data breach.

Trust and Confidence: Ransomware attacks breach the trust and faith in digital systems and cause
tarnishing of the relationships with the customers, partners and stakeholders which for a long term can be
detrimental to the business. Organizations that were affected by ransomware may pay the price much
more expensive and fairer in terms of customer loyalty and brand image.

Briefly, ransomware is a notorious type of malware that would lead to a huge disruption of businesses and
would even threaten people across the globe. Ransomware symptoms encrypt the files and ask for
payments to the criminals who extort these making it an instrument in the hands of cybercriminals so that
well-conceived cybersecurity system and preventive steps against cyber risk becomes a necessity.
2. Malware Example: Trojan

What it Does:
A Trojan, which being Trojan horse is called in abbreviation, represents a kind of malware that pretends to
be a legitimate application and, thus, deceives users to install it onto their systems. Contrary to
ransomware Trojans do not encrypt files and don't ask for cryptography payments. Unlike this, they
mostly act as breaches allowing attackers to enter the system through its backdoor, seize sensitive data
and manage other harmful activities anonymously.

Trojans can take various forms and perform a wide range of malicious actions, including Trojans can take
various forms and perform a wide range of malicious actions, including:

Spyware: Trojans created to obtain this information quietly from users by recording what they type,
monitoring their internet activities, or making audio and video recordings without the user knowing.
Remote Access Trojans (RATs): Trojans which let the attacker remote control over attacked PCs, so that
he can execute commands, affect files or to put more malware on the computer.
Banking Trojans: Trojan horse techniques accessing personal online banking information for accounts
login credentials, passwords, and more.
Downloader Trojans: Trojan horses opening the way for malware downloading and installing on the
infected system, for instance ransomware and botnets.
How it is Transmitted:
Trojans can be distributed through various means, including Trojans can be distributed through various
means, including:

Email Attachments: Attackers can distribute malware by sending phishing emails with malicious
attachments, they may be in the form of documents, pictures, or executable files that the users should not
open or run.
Malicious Websites: And through unsuspected malicious websites that are compromised, or even
malicious ones used as a vehicle to deliver malware and, hence, browser weakness app.
File Sharing Networks: The Trojans may easily be spread through the P2P file sharing networks or
torrent websites, where they are usually downloaded completely unaware of the presence of the infected
package.
Software Bundling: Trojans may be attached as extensions to a legitimate program package or
application, especially those downloaded from unverified sources or third-party app stores.
Impact it Causes:
Trojan effect is variable but might rely on Trojan varieties and attacker's purposes. However, common
consequences of Trojan infections include However, common consequences of Trojan infections include:

Data Theft: Hackers can exploit Trojans to take over data that are considered as sensitive information,
such as usernames and passwords, financial data, and personal identifiable information (PII), with the aim
of carrying out identity thefts, frauds, or blackmails.
System Compromise: The Trojans are a good example of how the infection with such malware poses a
threat not only to individual users who unwittingly install such a program but also to the safety of the
critical information systems in the whole organization.
Financial Loss: Trojan infection may provoke financial losses because of hijacked bank account logins,
scams, or attacks by attackers by blackmail or something else that compels the victim to perform financial
transactions.
Privacy Violation: Trojans that monitor users' activities can disclose personal information that is meant
to be private, for example, passwords, bank cards information, or those communication that has been
made within an organization.
In the end, Trojans are a great menace, they can overcome almost every program. What’s more can
destroy data confidentiality and integrity. Preventing Trojan virus user's consciousness and secure
browsing mode, as well as the robust cyber security solutions that contain antivirus, firewalls, and
intrusion detection systems, usually contribute.

3. Malware Example: Hoax

What it Does:
Tautology malware is the type of malicious software that spreads misleading information or fraudulent
reports instead of causing damages physical or stealing information. Hoaxes are more likely to be shared
on the web by the means of faking emails, messages, or posts on social networks to deceive people and
arrange panic or consternation in authorities. While traditional malware generally includes the running of
malicious code or the exploitation of vulnerabilities, hoaxes do not necessarily implement such strategy.

Hoaxes can take various forms, including Hoaxes can take various forms, including:

Fake Virus Warnings: Hoaxes who pretend to be a warning of their non-existent viruses by instead
consulting critical system files or installing fake anti-viruses’ software all aims to cause damage to the
system or to gain undeserved profits.
Chain Letters: The hoaxes or many people are also actually effective to promote their principle of
passing the messages to other people, often with the promise of good luck, money or other benefits, and
the threat of bad luck and harm if they fail to do so. They usually have bogus or over exaggerated claims,
and it is actively billing with inaccurate information.
False Information: Material fakes that possess inaccurate information and rumors about celebrities and
prominent news items, and private health issues for the sake of fear, danger, as well as the inability to
comprehend the situation.
How it is Transmitted:
Hoaxes are typically spread through various means, including Hoaxes are typically spread through
various means, including:

Email: Hoaxes can be extremely deceptive and often associated with emails, where criminals could send
spam messages to lots of recipients and even have a chance to reach unaware or unsuspecting targets.
Social media: The life span of a hoax on social media can be very fast as users may very easily jump into
sharing or even reposting inaccurate information without cross checking it.
Instant Messaging: Hoaxes can spread via different instant messengers or chatting networks. In these
cases, people can tend to be more susceptible to spreading messages they have received from people
whom they know.
Impact it Causes:
While hoaxes may not directly compromise computer systems or steal sensitive information, they can still
have significant impacts, including While hoaxes may not directly compromise computer systems or steal
sensitive information, they can still have significant impacts, including:

Misinformation: Fake news can spread false information or a spread of rumors which leads to the
originating of confusion, panic, and misinformation. This might, consequently, weaken trust in
information resources and lead to a shaken belief in the authorities and cause a surge of public mistrust
and suspicion.
Wasted Resources: A hoax will take a lot of time, resources, and efforts on behalf of users, as they will
be busy searching for the fake threats and warnings. For example, the users will look for viruses or
through software reinstallation or call for help technical support.
Reputation Damage: One way a hoax harms the reputation and credibility of individuals, organizations
or branded entities is when it is associated with imaginary information when others are mentioned in the
literature. If such incidents are not handled carefully, they can have the bad effects of causing public
disillusionment, loss of trust and damage to professional or personal relations.
Psychological Impact: The psychological effect is an added factor, as had by any user, who gets scared,
anxious, or worried because of the uncertainty they have no idea about, or lack of authentic information.
These consequences may involve mental health problems and diminished well-being, especially in those
who find their resilience tested or at-risk patients.
In short, hacks may not be able to attack directly or disrupt data security, but they can bring about serious
social and psychological effects and may even destroy the reputation of organizations. Hoaxes are
widespread and everyone should be aware of critical thinking, media literacy, and skepticism when
coming across facts that have not been verified at all on the internet. People must check the truthfulness
of what they see before sharing it and block it if they feel it is a hoax/they don’t trust it to stop it
spreading all over the internet.

4. Malware Example: Adware

What it Does:
Adware or Ad means network conveyed by software or software which shows against the user's wish is
known as a form of malware. The Adware, as part of the cyber-attack, for instance, may be accidentally
downloaded along with the legitimate software or unintentionally clicked on by the users. The primary
intention of the actors, be it behind the attack or behind the development of this Adware, is to make a
profit. As adware itself is not necessarily destructive for a computer or lead to theft of data, it can,
however, be highly annoying or interfere with user's browsing experience.

Adware typically displays various forms of advertisements, including Adware typically displays various
forms of advertisements, including:

Pop-up Ads: interruption by the adware may happen if some window or dialog shows up, that covers the
screen, that, typically, is irritating.
Browser Redirects: Adware can send web browsers to advert related websites or land pages, altering
what a user sees in search results or to a web page they may not want to visit.
Banner Ads: Adware might place banner ads or display ads directly onto the web pages that are being
visited by the users and in some cases even overlays and disturbs the users.
In-text Ads: Adware may inject hyperlinks, keywords or even images on the web pages designed to
trigger pop-up ads once clicked, or, like sniper, go to advertisement information.
How it is Transmitted:
Adware can be distributed through various means, including Adware can be distributed through various
means, including:

Software Bundling: The adware may be built in disguise together with the genuine software or with the
tools that are free to download from the world wide web. Users could without being aware of it accept the
installation of adware again during the process of the installation by unwittingly tick the moral clause
without having read them through.
Drive-by Downloads: Adware can be found in compromised or malicious sites in which distortion occurs
silent download on devices belonging to users. Such hauls are meant to take advantage of the holes in
browsers and other OS's security systems to install the ad's code without user's involvement.
Fake Software Updates: Advertising can be sent by deceiving users through fabricated software update
notices or alerts and have the victims mistakenly download/install unscrupulous codes which are
disguised as genuine copies of the updates.
Impact it Causes:
While adware may not pose a direct threat to computer systems or data security, it can still have several
negative impacts on users and their devices, including: While adware may not pose a direct threat to
computer systems or data security, it can still have several negative impacts on users and their devices,
including:

Disruption of User Experience: Cookies and adware deprive users of their convenience while browsing
– the flood of intrusive advertisements, pop-ups, and redirects can be extremely irking, distracting, and
even interfering.
Decreased Performance: Aside, adware can share system resources, namely with streaming media,
slightly lower system’s performance and browsing speeds.
Privacy Concerns: Tracking and targeting the user are operations performed either by recording his/her
online activity, browsing habits or personal info to determine the advertisements’ specifics or for
advertising purposes. Such activity may raise privacy concerns and remove guarantee of the
confidentiality of the platform users.
Security Risks: Adware could be considered as an accompanying threat which, for instance, would be
able to lead to additional damages such as click fraud, malware infections, or phishing attacks by
redirecting people to malicious websites or serving as a channel for spreading out even more malware.
His first conclusion is that although malware may seem to be less gravitating than the other types of
malwares, it can still have considerable influence on people’s privacy, devices and their security. There, it
can go from quotes inserted into website content, to the exploitation of computer resources, sometimes
even resulting in financial damage to both businesses and private individuals for adware to be prevented,
cautiousness when downloading, installing and browsing, as well as using reliable security programs to
detect and erase adware infections should be employed. Adding to this, consumers need to be very careful
and skeptical about unwanted ads, pop-ups, or software upgrades and immediately report any suspicious
occurrence either to security experts or to reliable security organizations.

Part B

Malware Example: Exploit pornography and talented people are pushed to the corner of internet society
where they cannot participate in the big society.

What it Does:
An exploit kit, a malware toolkit renders the complications in the process of detecting vulnerabilities in
the codes and in the operating systems owing to which it becomes easy for the hackers. Kits with an
exploit in them mostly have a compilation of exploits built up with the known vulnerabilities in
commonly used programs such as web browsers, plug-ins, and OS applications. Acquiring control for the
exploit kit will then be able to additionally deliver malware payloads including ransomware, Trojans,
botnets and so on, onto the victim's device.

Exploit kits are a conspicuous and common method of attack that leverage software flaws to gain
unauthorized access to a system, execute arbitrary code, or even subvert the working of system elements.
Such weaknesses may be the consequence of coding faults, design faults, or old software versions, which
attackers can exploit to gain access to the sensitive systems to be sure.

How it is Transmitted:
Exploit kits are typically distributed through various means, including Exploit kits are typically
distributed through various means, including:

Malicious Websites: Exploit kits can be hosted on compromised or malicious websites, where there's an
opportunity for the users to click on a link and be redirected to an exploit landing page containing
malicious code. In these instances, these webpages will link to malicious code that, without the person
user's knowledge, can enter directly into the device and cause damage.
Advertising: The C&C servers can be in various criminal communities operating on onion networks and
eel sites. Exploit kits may be exploited through malicious advertisements distributed on the networks of
legitimate websites or ad networks. The audiences may unwillingly claim these ads and, as a result,
distribute the exploit payloads onto devices, thus infecting them.
Phishing Emails: Today, there are several methods by which exploit kits can be spread, for example, via
phishing spam emails containing links to websites hosting exploits. The email inbox may thus receive
messages masquerading as messages from trustworthy sources, encouraging users to take the bait or open
attachments that have malicious links embedded within and thus become victims of exploitation attacks.
File Downloads: Exploit kits may be packed along with malicious files, which can be in documents,
executable programs, or compressed archives to be spread to P2P networks, emails, and through the
download channels.
Impact it Causes:
Exploit kits and vulnerabilities can have significant impacts on users and organizations, including: Exploit
kits and vulnerabilities can have significant impacts on users and organizations, including:

Compromised Security: Exploit kits can be used to gain unauthorized access to the systems by
exploiting vulnerabilities, such as running malevolent code, or downloading further payloads which may
be additional malware. This gives rise to data breaches, uncontrolled access to proprietary data, and losing
power over systems where its is applicable.
Data Theft: Usurping the vulnerability helps attackers to withdraw data, including credentials of logging
in, financial details, or personal identifiable information (PII) from such systems. Which consequently
leads to identity theft, fraud, or unauthorized accessing to such data.
System Damage: Kits may result in an unsolicited consumption of unlawful traffic located inside the
targeted systems by surfing the web for specific exploits, deploying destructive payloads, such as
ransomware, destructive malware, attack tools or rootkits, which encrypt files, corrupt data or render
systems inoperable. This often results in the interruption of work, loss of operational efficiency, as well as
expensive remedial operations for the organizations that are affected. +
Reputation Damage: This type of attack can harm the image and credibility of the negatively centered
organizations and generate the mistrust of the customers, unwanted publicity, and the financial bruises.
Companies might be legally accountable for the safety of confidential data or any security issues resulting
from exposure of personal identities or financial records.
In the last, exploit kits and exploits are the main disruptors of cyber security posing great danger by
enabling attackers to take over targeted systems, exfiltrate confidential information and launch disruptive
attacks on users and organization. For a smoother mitigation of exploit attacks, you could consider timely
patching and updating of software, high-quality security measures, for example firewalls and intrusion
detection systems, and staying informed on the existing vulnerabilities. Users, businesses, and individuals
alike need to ensure that they adopt essential cybersecurity hygiene while implementing proactive
measures to fight the exploit kits and vulnerabilities being faced by them.