CEH 7-Malware Threats

What is Malware?

  • Malware: Mal means Malicious, ware means Software.
  • Simply, malware means malicious software.
  • It is a type of program that combines malicious code with genuine application.
  • It is used to perform unauthorized operations.
  • It can take control of a system or cause damage.

Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

Types of Malware:

    1. Trojan
    2. Virus
    3. Worm
    4. Rootkits
    5. Spyware
    6. Ransomware
    7. Adware
    8. Backdoor

1. Trojan

  • Trojan is a malicious program.
  • It is bound with a harmless application program or data.
  • It can help an attacker to gain control and cause damage to the targeted machine. 
  • Malware tries to steal victims confidential information and sends back to the attacker.

Trojan Attack Symptoms:

  • In browser the pages are redirected to unknown pages.
  • The account passwords changes.
  • An attacker can gain access to personal information about a target.
  • Strange chat boxes appear on computer screen.
  • Reversing the functions of the right and left mouse buttons.
  • Abnormal activity by the modem, network adapter, or hard drive.
  • The ISP complains to the target that your computer is performing unauthorized network scanning.

Trojan Detection:

  • Scan for suspicious OPEN PORTS
  • Scan for suspicious RUNNING PROCESSES
  • Scan for suspicious DEVICE DRIVERS INSTALLED
  • Scan for suspicious REGISTRY ENTRIES
  • Scan for suspicious WINDOWS SERVICES
  • Scan for suspicious STARTUP PROGRAMS
  • Scan for suspicious NETWORK ACTIVITIES

Tools to detect Trojans:

  • Netstat: To check for open ports, the connection established ports.
  • Process Monitor: To verify for suspicious processes.
  • Driver View: To check for the Suspicious drivers in the system.

2. Virus

  • VIRUS stands for Vital Information Resource Under Seize. 
  • It can self-replicate by producing a copy of itself and attaching to another program, computer boot sector or a document.

A. Creating a Virus using Batch file programming:

  • Batch file programming can be used to automate several jobs in windows operating system, which means the repetitive tasks can be written in a file by the administrators to simplify the job just by running the file instead of executing command separately.

B. Creating a Virus using Shell scripting:

  • Shell scripting performs the similar job in Linux environment to automate the execution of simple commands. Hackers take advantage of batch or shell scripting knowledge to create dangerous viruses which can destroy data on a victim machine or can consume all the PC resources to make the PC either crash or slow.

3. Worm

  • Worms are malicious programs. 
  • It replicate and spread across the network connections independently without human restrictions.
  • It infect computers in the network. 

4. Rootkit

  • Rootkit is a malicious program.
  • It has the ability to hide its presence from the user and perform malicious activities.
  • It grants full access of the infected computer to the attacker.

5. Spyware

  • Spyware is a program that records user interaction with the computer, without their knowledge.
  • Sends the recorded user interaction to the remote attackers over the internet. 
  • Spyware hides its process, files, and other objects to avoid detection and removal.

6. Ransomware

  • Ransomware is a malware.
  • It can restrict access to computer system files and folders.
  • Then attacker demands an online ransom payment to remove the restrictions.

7. Adware

  • Adware is designed to display unwanted advertisements on the browser. 
  • Which redirects users search requests to malicious web pages that forces them to download malware on to their computers. 
  • Adware can also be used to collect users search habits.

8. Backdoor

  • A backdoor is a piece of code.
  • It is executed on victim computer system by an attacker.
  • It bypasses standard authentication and maintain secure unauthorized access to remote desktop.

Mitigation:

  • Do not download email attachments received from unknown senders. 
  • Block unnecessary ports running vulnerable services.
  • Avoid downloading and executing applications from untrusted sources. 
  • Restrict permissions within the desktop environment to prevent malicious applications installation.
  • Run host-based antivirus, firewall, and intrusion detection software.
  • Manage local workstation file integrity through checksums, auditing, and
  • port scanning.

Be Aware, Be Secure.

Thank You 🙏

Comments