Skip to main content
Milav
  1. Resources/
  2. Study Materials/
  3. Information & Communication Technology Engineering/
  4. ICT Semester 5/
  5. Cyber Security (4353204)/

5 mins· ·
Milav Dabgar
Author
Milav Dabgar
Experienced lecturer in the electrical and electronic manufacturing industry. Skilled in Embedded Systems, Image Processing, Data Science, MATLAB, Python, STM32. Strong education professional with a Master’s degree in Communication Systems Engineering from L.D. College of Engineering - Ahmedabad.
Malicious Software

Malicious Software

Understanding Malware and Cyber Threats

Viruses, Worms, Trojans, and More

Vulnerability vs Zero-Day Comparison

What is Malicious Software?

Malware (malicious software) refers to any software intentionally designed to cause harm to a computer system, network, or user.

Common Goals:

  • Steal sensitive information
  • Disrupt system operations
  • Gain unauthorized access
  • Financial gain
  • Espionage and surveillance
Malware Types Comprehensive
Malware Classification

Effects of Malware

  • Data Loss: Deletion or corruption of files
  • System Disruption: Crashes and performance issues
  • Financial Loss: Theft and extortion
  • Privacy Breach: Identity theft and surveillance
  • Reputation Damage: Business and personal impact

Computer Virus

Definition: Malicious program that attaches itself to legitimate files and spreads when infected files are executed

Characteristics:

  • Requires host file to survive
  • Self-replicating
  • Spreads through file sharing
  • Can remain dormant

Types:

  • File infector viruses
  • Boot sector viruses
  • Macro viruses

Virus Lifecycle

  1. Infection: Virus attaches to host file
  2. Dormant Phase: Waits for trigger condition
  3. Propagation: Spreads to other files/systems
  4. Triggering: Activates based on condition
  5. Execution: Delivers malicious payload
Example:
User opens infected email attachment →
Virus infects system files →
Spreads via USB drives →
Activates on specific date →
Deletes critical files

Computer Worm

Definition: Standalone malicious program that replicates and spreads independently across networks

Key Differences from Virus:

  • No host file required
  • Self-contained program
  • Network propagation
  • Exploits system vulnerabilities

Famous Examples:

  • Morris Worm (1988)
  • ILOVEYOU (2000)
  • Conficker (2008)

Worm Propagation Methods

  • Email: Spreads through email attachments
  • Network Scanning: Finds vulnerable systems
  • File Sharing: Exploits P2P networks
  • Removable Media: USB drives, CDs
  • Instant Messaging: Social media platforms
Propagation Example:
1. Worm scans IP range for vulnerable systems
2. Exploits security flaw to gain access
3. Copies itself to target system
4. Continues scanning from new location
5. Exponential spread across network

Trojan Horse

Definition: Deceptive software disguised as legitimate programs that performs malicious actions

Characteristics:

  • Appears beneficial or harmless
  • Requires user interaction
  • Does not self-replicate
  • Creates backdoors

Common Disguises:

  • Free software downloads
  • Software updates
  • Games and utilities
  • Email attachments

Types of Trojans

  • Remote Access Trojans (RATs): Remote control
  • Banking Trojans: Steal financial information
  • Rootkit Trojans: Hide malicious activities
  • DDoS Trojans: Launch distributed attacks
  • Spy Trojans: Monitor user activities
Banking Trojan Example:
User downloads "free game" →
Trojan installs silently →
Monitors banking websites →
Steals login credentials →
Transfers money to attacker accounts

Logical Bomb (Time Bomb)

Definition: Malicious code triggered by specific conditions or events

Trigger Conditions:

  • Specific date/time
  • User actions
  • System events
  • File operations
  • Network conditions
Example Scenarios:
• Delete files on Friday 13th
• Activate when employee is terminated
• Trigger after 30 days without payment
• Execute when specific file is accessed

Keylogger

Definition: Software that records keystrokes to capture sensitive information

Types:

  • Software Keyloggers: Installed programs
  • Hardware Keyloggers: Physical devices
  • Browser Keyloggers: Web-based capture

Captured Information:

  • Login credentials
  • Credit card numbers
  • Personal messages
  • Confidential documents

Sniffer (Network Sniffer)

Definition: Tool that intercepts and monitors network traffic to capture data packets

Legitimate Uses:

  • Network troubleshooting
  • Performance monitoring
  • Security analysis

Malicious Uses:

  • Password interception
  • Email content capture
  • Credit card theft
  • Sensitive data extraction
Protection: Use HTTPS and encrypted protocols to protect against sniffing

Backdoor

Definition: Hidden entry point that bypasses normal authentication mechanisms

Types:

  • Software Backdoors: Code-based access
  • Hardware Backdoors: Physical access points
  • Cryptographic Backdoors: Weak encryption

Creation Methods:

  • Trojan installation
  • System compromise
  • Insider threats
  • Supply chain attacks
Malware Attacks Detailed
Malicious Software Attacks

Modern Malware Trends

  • Ransomware: Encrypts files for ransom
  • Fileless Malware: Lives in memory only
  • AI-Powered Malware: Adaptive and evasive
  • Mobile Malware: Targets smartphones/tablets
  • IoT Malware: Infects connected devices
  • Cryptojacking: Unauthorized cryptocurrency mining

Ransomware - Modern Threat

Definition: Malware that encrypts victim's files and demands payment for decryption

Attack Process:

  1. Initial infection (email, web, USB)
  2. File encryption using strong cryptography
  3. Ransom note display
  4. Payment demand (usually cryptocurrency)
  5. Threatened file deletion if not paid
Famous Examples:
• WannaCry (2017) - Global outbreak
• Petya/NotPetya (2017) - Ukraine focus
• Ryuk (2018+) - Targeted attacks

Malware Type Comparison

TypeReplicationHost RequiredUser ActionPrimary Goal
VirusYesYesYesDamage/Spread
WormYesNoNoNetwork Spread
TrojanNoNoYesStealth Access
KeyloggerNoNoVariesData Theft
BackdoorNoNoNoRemote Access

Common Infection Vectors

  • Email Attachments: Malicious files in messages
  • Web Downloads: Infected software/files
  • Removable Media: USB drives, CDs
  • Network Vulnerabilities: Unpatched systems
  • Social Engineering: Tricking users
  • Supply Chain: Compromised software distribution

Malware Detection Methods

  • Signature-based: Known malware patterns
  • Heuristic Analysis: Suspicious behavior detection
  • Behavioral Monitoring: Runtime activity analysis
  • Machine Learning: AI-powered detection
  • Sandboxing: Isolated execution environment
Modern Approach: Combine multiple detection methods for comprehensive protection

Malware Prevention

  • Antivirus Software: Real-time protection
  • Regular Updates: OS and software patches
  • Email Security: Filter attachments and links
  • User Education: Security awareness training
  • Network Segmentation: Limit spread impact
  • Backup Strategy: Regular data backups

Incident Response

If Malware is Detected:

  1. Isolate: Disconnect affected systems
  2. Identify: Determine malware type and scope
  3. Contain: Prevent further spread
  4. Eradicate: Remove malware completely
  5. Recover: Restore systems and data
  6. Learn: Update defenses based on incident

Anti-Malware Tools

  • Antivirus/Anti-malware: Signature and behavior-based
  • Firewalls: Network traffic filtering
  • EDR Solutions: Endpoint detection and response
  • SIEM Systems: Security information management
  • Threat Intelligence: Real-time threat data

Security Best Practices

  1. Keep all software updated
  2. Use reputable antivirus software
  3. Enable automatic updates
  4. Regular system backups
  5. Email attachment caution
  6. Avoid suspicious downloads
  7. Use strong passwords
  8. Employee security training

Future Malware Challenges

  • AI-Enhanced Malware: Adaptive and intelligent
  • Quantum Computing: Breaking current encryption
  • IoT Proliferation: More attack surfaces
  • Supply Chain Attacks: Trusted source compromise
  • Living-off-the-Land: Using legitimate tools maliciously

Key Takeaways

  • Malware takes many forms with different goals
  • Understanding types helps choose appropriate defenses
  • Prevention is better than cure
  • Multi-layered security approach is essential
  • User education is critical component
  • Rapid response minimizes damage
Remember: Vigilance, education, and robust security measures are your best defense against malware

Thank You

Questions & Discussion

End of Cyber Security Slide Series