2. Introduction
What Is Malware?
The term "malware" is a combination or blend of two words - malicious and software, and it
means malicious software that can be utilized to harm any system, or network, or mobile
devices or even the servers. These are unpleasant programs installed without any proper
or actual user consent that can damage the performance of your system, erase your data,
and mine your personal data. They can be even controlled remotely by malicious
cybercriminals. So, from these activities, it is now clear that these malicious programs
need to stop accessing any system.
Security professionals and analysts are hired in almost all companies to keep track of all
systems, networks, and servers to see if there is any malicious activity getting performed
or not, or whether there is any data leakage and stealing happening within the
organization's network or not. Malware may come from unknown phishing sites, spam
emails, or unauthorized or illicit external USB or flash drives.
Types of Malware
Certain common types of malware can be seen in the wild. These are listed below:
⢠Viruses
⢠Worms
⢠Spyware
⢠Ransomware
⢠Rootkits
⢠Bots
⢠Trojans
⢠Adware
3. Introduction
What Is Computer Virus?
Computer viruses are malicious codes that can contaminate multiple files
on any system. They get spread when these infected files are sent
over emails or via flash or external drives and can replicate and delete
useful information.
Viruses are of different types:
⢠Boot sector virus.
⢠Polymorphic virus.
⢠Web scripting virus.
⢠Browser hijacking virus.
⢠Direct action virus.
⢠Resident virus.
⢠File infectors.
⢠Multipartite virus.
⢠Macro virus.
4. Introduction
What is Computer Worm? -Computer Worms are particular types of malware that are self-replicating, and
through this technique, they spread to another computer. It gets spread by itself through the computer
networks or by the use of other flash drives.
What is Spyware? -Spywares are unwanted programs that will spy on your system without your knowledge
and will steal your sensitive data and other browsing information and will or will take access to your
system to damage it.
What is Ransomware? -Ransomware's are malicious programs that will encrypt all your system's data and will
ask for a ransom to decrypt these files. They take the support of the Bitcoins to get the ransom.
What is Rootkit? -A rootkit is a unique harmful program used by cybercriminals to take privileged access to
any system by hiding its presence in that system.
What is Trojan? -A trojan is programmed for a particular purpose and can be destructive. They act as
legitimate files but can bring unexpected changes to your system even when your system is in an idle
state.
What is Adware? -Adware is malicious software that will hide and will periodically pop up with ads. Some of
them also keep track of your online activities and searches.
How to Keep the Systems Safe From Malware and Viruses.These are some steps you can follow to protect
yourself
⢠Install Anti-Virus/Anti-Malware Software.
⢠Make sure your Anti-Virus software is up to date.
⢠Run scheduled scans for malicious threats and programs using your anti-virus software regularly.
⢠Keep your Operating System updated.
⢠Secure your network with WPA3, honey-pots, strong authentication mechanisms, and passwords.
⢠Think before clicking any malicious or unknown links.
⢠Keep a backup of your work and personal information safe.
⢠Never use any public Wi-Fi while using your corporate work or using your company's system.
5. Security Policies
This is a set of rules and procedures set up for all employees and individuals as to
how the assets and information of that organization will be accessed and
utilized. Various security policies will permit the employees to enforce
corporate assets with rules and specific actions. These security policies are set
on the firewalls of the network, which after all brings certain security
restrictions on corporate data and other digital assets:
⢠Security on specific file formats.
⢠NAT (Network Address Translation).
⢠Quality of Service (QoS), decryption procedures.
⢠Policy-Based Forwarding (PBF).
⢠Application Overriding policies.
⢠Authentication policies.
⢠Zone protection policies.
⢠Denial of Service (DoS) prevention.
These are some of the major policies set up in any organization or firm. All these
diverse policies function jointly for allowing, denying, forwarding data packets,
encrypting and decrypting packets, authenticating particular access, making
exceptions, and prioritizing data packets as required for preserving the
security of the organization's network.
6. information Security
⢠Information security, sometimes shortened
to infosec, is the practice of protecting
information by mitigating information risks.
It is part of information risk management.
⢠Information Security is basically the practice of
preventing unauthorized access, use, disclosure,
disruption, modification, inspection, recording or
destruction of information. Information can be
physical or electrical one.
6
7. Aspects of information
Security
ď 3 aspects of information security:
ďŹ security attack
ďŹ security mechanism (control)
ďŹ security service
ď note terms
ďŹ threat â a potential for violation of security
ďŹ vulnerability â a way by which loss can happen
ďŹ attack â an assault on system security, a
deliberate attempt to evade security services
7
8. Network security
⢠Network security is protection of the access
to files and directories in a
computer network against hacking, misuse
and unauthorized changes to the system.
⢠Network security consists of the policies and
practices adopted to prevent and monitor
unauthorized access, misuse, modification,
or denial of a computer network and
network-accessible resources
8
9. Goal of network security
The primary goal of network security are Confidentiality, Integrity, and
Availability. These three pillars of Network Security are often
represented as CIA triangle.
⢠Confidentiality â The function of confidentiality is to protect
precious business data from unauthorized persons. Confidentiality
part of network security makes sure that the data is available only
to the intended and authorized persons.
⢠Integrity â This goal means maintaining and assuring the accuracy
and consistency of data. The function of integrity is to make sure
that the data is reliable and is not changed by unauthorized
persons.
⢠Availability â The function of availability in Network Security is to
make sure that the data, network resources/services are
continuously available to the legitimate users, whenever they
require it.
9
10. Aspects of network security
⢠Privacy: Privacy means both the sender and the receiver expects confidentiality. The
transmitted message should be sent only to the intended receiver while the message
should be opaque for other users. Only the sender and receiver should be able to
understand the transmitted message as eavesdroppers can intercept the message.
Therefore, there is a requirement to encrypt the message so that the message cannot be
intercepted..
⢠Message Integrity: Data integrity means that the data must arrive at the receiver exactly
as it was sent. There must be no changes in the data content during transmission, either
maliciously or accident, in a transit. As there are more and more monetary exchanges
over the internet, data integrity is more crucial. The data integrity must be preserved for
secure communication.
⢠End-point authentication: Authentication means that the receiver is sure of the sender?s
identity, i.e., no imposter has sent the message.
⢠Non-Repudiation: Non-Repudiation means that the receiver must be able to prove that
the received message has come from a specific sender. The sender must not deny
sending a message that he or she send. The burden of proving the identity comes on the
receiver. For example, if a customer sends a request to transfer the money from one
account to another account, then the bank must have a proof that the customer has
requested for the transaction.
10
11. What is Cyber Security?
⢠Cyber-security is the practice of defending
computers, servers, mobile devices, electronic
systems, networks, and data from malicious
attacks. .... -kaspersky
⢠Cybersecurity is the practice of protecting systems,
networks, and programs from digital attacks.
These cyberattacks are usually aimed at accessing,
changing, or destroying sensitive information;
extorting money from users; or interrupting normal
business processes. Implementing effective
cybersecurity measures is particularly challenging
today because there are more devices than people,
and attackers are becoming more innovative.-Cisco
11
12. 5 main categories of cyber
security:
⢠Critical infrastructure security: Critical
infrastructure security consists of the
cyber-physical systems that modern
societies rely on. ...
⢠Application security: ...
⢠Network security: ...
⢠Cloud security: ...
⢠Internet of things (IoT) security.
12
13. Levels of Impact
ď can define 3 levels of impact from a
security breach
ďŹ Low -The loss could be expected to have a limited
adverse effect on organizational operations,
organizational assets, or individuals.
ďŹ Moderate -The loss could be expected to have a
serious adverse effect on organizational operations,
assets, or individuals.
ďŹ High- The loss could be expected to have a severe
or catastrophic adverse effect on organizational
operations, organizational assets, or individuals
13
20. Handling Attacks
ďŹ Passive attacks â focus on Prevention
⢠Easy to stop
⢠Hard to detect
ďŹ Active attacks â focus on Detection and
Recovery
⢠Hard to stop
⢠Easy to detect
20
23. Devices at different layers
Layer 7 â I put gateway here. This is not the same as a âDefault Gatewayâ. This is a device that works kind of like a
translator. It is able to understand application languages like HTTP, SMTP, etc. The term âNext Generation
Firewallsâ is some times applied to these devices.
Layer 3 â Routers and âSwoutersâ devices go here. A Swouter is a layer 3 switch. It has more than a couple ports on
the back and is capable of routing.
Layer 2 â This is the typical layer where switches are put. Switches are able to look at traffic and filter data based on
MAC addresses.
Layer 1 â Typically Hubs and Repeaters are put here. You donât really see them anymore because they tend to be slow
and pretty brain dead. Because of this they only work âwellâ in a very small network design.
23
24. OSI model attacks by Layers
OSI model Layer 1 attacks
⢠Layer 1 refers to the physical aspect of networking â in other words, the cabling and infrastructure used for networks to
communicate.
⢠Layer 1 attacks focus on disrupting this service in any manner possible, primarily resulting in Denial of Service (DoS)
attacks.
⢠This disruption could be caused by physically cutting cable right through to disrupting wireless signals.
OSI model Layer 2 attacks
⢠Layer 2 of the OSI model is the data link layer and focuses on the methods for delivering data blocks.
⢠Normally, this consists of switches utilising protocols such as the Spanning Tree Protocol (STP) and the Dynamic Host
Configuration Protocol (DHCP), which is used throughout networking for dynamic IP assignment.
⢠Attacks at this layer can focus on the insecurity of the protocols used or the lack of hardening on the routing devices
themselves.
⢠As switches focus is on providing LAN connectivity, the majority of threats come from inside the organisation itself.
⢠Layer 2 attacks may also include MAC flooding or ARP poisoning.
⢠In order to mitigate these risks, it is imperative network switches are hardened.
⢠Additional controls may include ARP inspection, disabling unused ports and enforcing effective security on VLANâs to
prevent VLAN hopping.
OSI model Layer 3 attacks
⢠Layer 3 is the network layer and utilises multiple common protocols to perform routing on the network.
⢠Protocols consist of the Internet Protocol (IP), packet sniffing and DoS attacks such as Ping floods and ICMP attacks.
Because of their layer 3 nature, these types of attacks can be performed remotely over the Internet while layer 2
attacks primarily come from the internal LAN.
⢠To reduce the risk of these types of attacks, routers should be hardened, packet filtering controls should be used and
routing information should be controlled.
24
25. OSI model attacks by Layers
OSI model Layer 4 attacks
⢠Layer 4 is the transport layer and utilises common transport protocols to
enable network communications. This may include the Transport Control
Protocol (TCP) and Universal Data Protocol (UDP).
⢠Port scanning, a method by which to identify vulnerable or open network
ports, operates at layer 4 of the OSI model. Implementing effective
firewalls and locking down ports only to those required can mitigate risks at
this level.
OSI model layer 5-7
⢠Above layer 4, we are looking primarily at application level attacks which
result from poor coding practices. Vulnerabilities in applications can be
exploited through attacks such as SQL injection, where the developer has
failed to ensure that user input is validated against a defined schema.
⢠The attacker would then input code to extract data from the database (e.g.
SELECT * from USERS). As the application fails to validate this input, the
command is run and data extracted. To reduce this risk, developers must
ensure that best practice development guides are adhered to.
25
27. Firewall
⢠Firewall is a network device that isolates organizationâs internal network from larger
outside network/Internet. It can be a hardware, software, or combined system that
prevents unauthorized access to or from internal network.
⢠All data packets entering or leaving the internal network pass through the firewall, which
examines each packet and blocks those that do not meet the specified security criteria.
⢠Deploying firewall at network boundary is like aggregating the security at a single point. It
is analogous to locking an apartment at the entrance and not necessarily at each door.
⢠Firewall is considered as an essential element to achieve network security for the
following reasons âInternal network and hosts are unlikely to be properly secured
⢠Internet is a dangerous place with criminals, users from competing companies,
disgruntled ex-employees, spies from unfriendly countries, vandals, etc.
⢠prevents an attacker from launching denial of service attacks on network resource.
⢠prevents illegal modification/access to internal data by an outsider attacker.
27
28. Firewall
Firewall is categorized into three basic types
1.Packet filter (Stateless & Stateful)
2. Application-level gateway
3. Circuit-level gateway
These three categories, however, are not
mutually exclusive. Modern firewalls have
a mix of abilities that may place them in
more than one of the three categories.
28
29. Packet Filtering Firewall
⢠In this type of firewall deployment, the internal network is connected to the external
network/Internet via a router firewall. The firewall inspects and filters data packet-by-
packet.
⢠Packet-filtering firewalls allow or block the packets mostly based on criteria such as
source and/or destination IP addresses, protocol, source and/or destination port numbers,
and various other parameters within the IP header.
⢠The decision can be based on factors other than IP header fields such as ICMP message
type, TCP SYN and ACK bits, etc.
Packet filter rule has two parts â
1.Selection criteria â It is a used as a condition and pattern matching for
decision making.
2. Action field â This part specifies action to be taken if an IP packet meets the
selection criteria. The action could be either
block (deny) or permit (allow) the packet across the firewall.
⢠Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on
routers or switches. ACL is a table of packet filter rules.
⢠As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each
incoming packet, finds matching criteria and either permits or denies the individual
packets.
29
31. Packet Filtering Firewall
Stateless firewall & Stateful firewalls
⢠is a kind of a rigid tool. It looks at packet and allows it if its meets the criteria even if it is
not part of any established ongoing communication.
⢠Hence, such firewalls are replaced by stateful firewalls in modern networks.
⢠This type of firewalls offer a more in-depth inspection method over the only ACL based
packet inspection methods of stateless firewalls.
⢠Stateful firewall monitors the connection setup and teardown process to keep a check on
connections at the TCP/IP level. This allows them to keep track of connections state and
determine which hosts have open, authorized connections at any given point in time.
⢠They reference the rule base only when a new connection is requested. Packets
belonging to existing connections are compared to the firewall's state table of open
connections, and decision to allow or block is taken. This process saves time and
provides added security as well. No packet is allowed to trespass the firewall unless it
belongs to already established connection. It can timeout inactive connections at firewall
after which it no longer admit packets for that connection
31
33. Application Gateways
⢠An application-level gateway acts as a relay node for the application-level traffic. They intercept incoming and outgoing packets, run
proxies that copy and forward information across the gateway, and function as a proxy server, preventing any direct connection
between a trusted server or client and an untrusted host.
⢠The proxies are application specific. They can filter packets at the application layer of the OSI model.
Application-specific Proxies
⢠An application-specific proxy accepts packets generated by only specified application for which they are designed to copy, forward, and
filter. For example, only a Telnet proxy can copy, forward, and filter Telnet traffic.
⢠If a network relies only on an application-level gateway, incoming and outgoing packets cannot access services that have no proxies
configured. For example, if a gateway runs FTP and Telnet proxies, only packets generated by these services can pass through the
firewall. All other services are blocked.
Application-level Filtering
⢠An application-level proxy gateway, examines and filters individual packets, rather than simply copying them and blindly forwarding
them across the gateway. Application-specific proxies check each packet that passes through the gateway, verifying the contents of the
packet up through the application layer. These proxies can filter particular kinds of commands or information in the application
protocols.
⢠Application gateways can restrict specific actions from being performed. For example, the gateway could be configured to prevent users
from performing the âFTP putâ command. This can prevent modification of the information stored on the server by an attacker.
Transparent
⢠Although application-level gateways can be transparent, many implementations require user authentication before users can access an
untrusted network, a process that reduces true transparency. Authentication may be different if the user is from the internal network or
from the Internet. For an internal network, a simple list of IP addresses can be allowed to connect to external applications. But from the
Internet side a strong authentication should be implemented.
⢠An application gateway actually relays TCP segments between the two TCP connections in the two directions (Client â Proxy â
Server). For outbound packets, the gateway may replace the source IP address by its own IP address. The process is referred to as
Network Address Translation (NAT). It ensures that internal IP addresses are not exposed to the Internet.
33
34. Circuit-Level Gateway
⢠The circuit-level gateway is an intermediate solution
between the packet filter and the application gateway.
⢠It runs at the transport layer and hence can act as
proxy for any application.
⢠Similar to an application gateway, the circuit-level
gateway also does not permit an end-to-end TCP
connection across the gateway.
⢠It sets up two TCP connections and relays the TCP
segments from one network to the other. But, it does
not examine the application data like application
gateway. Hence, sometime it is called as âPipe Proxyâ.
34
35. Firewall Deployment with DMZ
⢠The firewall process can tightly control what is allowed to traverse from one side to the other. An organization that
wishes to provide external access to its web server can restrict all traffic arriving at firewall expect for port 80 (the
standard http port). All other traffic such as mail traffic, FTP, SNMP, etc., is not allowed across the firewall into the
internal network. An example of a simple firewall is shown in the following diagram.
⢠In the above simple deployment, though all other accesses from outside are blocked, it is possible for an attacker
to contact not only a web server but any other host on internal network that has left port 80 open by accident or
otherwise.
⢠Hence, the problem most organizations face is how to enable legitimate access to public services such as web,
FTP, and e-mail while maintaining tight security of the internal network. The typical approach is deploying firewalls
to provide a Demilitarized Zone (DMZ) in the network.
⢠In this setup (illustrated in following diagram), two firewalls are deployed; one between the external network and
the DMZ, and another between the DMZ and the internal network. All public servers are placed in the DMZ.
⢠With this setup, it is possible to have firewall rules which allow public access to the public servers but the interior
firewall can restrict all incoming connections. By having the DMZ, the public servers are provided with adequate
protection instead of placing them directly on external network.
35
36. Firewall Identification
⢠Normally, firewalls can be identified for offensive purposes. Because
firewalls are usually a first line of defense in the virtual perimeter, to
breach the network from a hacker perspective, it is required to
identify which firewall technology is used and how itâs configured.
Some popular tactics are:
⢠Port scanning
Hackers use it for investigating the ports used by the victims.
Nmap is probably the most famous port-scanning tool available.
⢠Firewalking
The process of using traceroute-like IP packet analysis in order to
verify if a data packet will be passed through the firewall from source
to host of the attacker to the destination host of the victim.
⢠Banner grabbing
This is a technique to enable a hacker to spot the type of operation
system or application running on a target server. It works through a
firewall by using what looks like legitimate connections.
36
38. Firewall Audit
Firewall Log Analyzer
⢠A firewall is an important component in your organization's network.
It provides network administrators with the ability to control the flow
of traffic into and out of the network.
⢠Analyzing firewall logs keeps you up to date on all transactions
between your organization's intranet and the internet, or any other
external network.
Here are a few possible uses for analyzing firewall logs:
⢠List all connections denied by the firewall and flag the odd ones.
⢠Show all remote and VPN connections to your network.
⢠Monitor any changes to the rules on which the firewall is based.
⢠Pick up and preempt any potential security attacks.
38
40. Intrusion Detection / Prevention System
⢠The packet filtering firewalls operate based on rules involving
TCP/UDP/IP headers only. They do not attempt to establish
correlation checks among different sessions.
⢠Intrusion Detection/Prevention System (IDS/IPS) carry out
Deep Packet Inspection (DPI) by looking at the packet
contents. For example, checking character strings in packet
against database of known virus, attack strings.
⢠Application gateways do look at the packet contents but only
for specific applications. They do not look for suspicious data
in the packet.
⢠IDS/IPS looks for suspicious data contained in packets and
tries to examine correlation among multiple packets to
identify any attacks such as port scanning, network mapping,
and denial of service and so on.
40
41. Basic variations of IDS
Signature-based IDS
⢠It needs a database of known attacks with their signatures.
⢠Signature is defined by types and order of packets characterizing
particular attack.
⢠Limitation of this type of IDS is that only known attacks can be detected.
This IDS can also throw up a false alarm. False alarm can occur when a
normal packet stream matches the signature of an attack.
⢠Well-known public open-source IDS example is âSnortâ IDS.
Anomaly-based IDS
⢠This type of IDS creates a traffic pattern of normal network operation.
⢠During IDS mode, it looks at traffic patterns that are statistically unusual.
For example, ICMP unusual load, exponential growth in port scans, etc.
⢠Detection of any unusual traffic pattern generates the alarm.
The major challenge faced in this type of IDS deployment is the difficulty
in distinguishing between normal traffic and unusual traffic
41
42. Types of IDS
Network intrusion detection system (NIDS)
⢠It is an independent platform that identifies intrusions by examining network traffic and
monitors multiple hosts. Network intrusion detection systems gain access to network
traffic by connecting to a network hub, a network switch configured for port mirroring, or
a network tap. In a NIDS, sensors are placed at choke points in the network to monitor,
often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network
traffic and analyze the content of individual packets for malicious traffic. An example of a
NIDS is Snort.
Host-based intrusion detection system (HIDS)
⢠It consists of an agent on a host that identifies intrusions by analyzing system calls,
application logs, file-system modifications (binaries, password files, capability
databases, Access control lists, etc.) and other host activities and state. In a HIDS,
sensors usually consist of a software agent. Some application-based IDS are also part of
this category. An example of a HIDS is OSSEC.
⢠Intrusion detection systems can also be system-specific using custom tools
and honeypots.
42
43. Types of IDS
Perimeter Intrusion Detection System (PIDS)
⢠Detects and pinpoints the location of intrusion attempts on
perimeter fences of critical infrastructures. Using either
electronics or more advanced fiber optic cable technology
fitted to the perimeter fence, the PIDS detects disturbances
on the fence, and if an intrusion is detected and deemed by
the system as an intrusion attempt, an alarm is triggered.
VM based Intrusion Detection System (VMIDS)
⢠It detects intrusions using virtual machine monitoring. By
using this, we can deploy the Intrusion Detection System with
Virtual Machine Monitoring. It is the most recent type and itâs
still under development. Thereâs no need for a separate
intrusion detection system since by using this, we can
monitor the overall activities.
43
44. IPS
Intrusion Prevention Systems (IPS):
⢠Fights for the same cause like firewall set
up for any network that detects and
prevents users from threats involving the
external world and the internal network.
⢠Intrusion Prevention Systems proactively
rejects those traffics which do not meet
the security profile and policies, or the
data packets are malicious by nature. 44
45. Two types of IPS
Currently, there are two types of IPSs that
are similar in nature to IDS. They consist
of
1. Host-based intrusion prevention
systems (HIPS)
2. Products and network-based intrusion
prevention systems (NIPS)
45
46. Classification of Intrusion
Prevention System (IPS):
Intrusion Prevention System (IPS) is classified into 4 types:
⢠Network-based intrusion prevention system (NIPS):
It monitors the entire network for suspicious traffic by analyzing
protocol activity.
⢠Wireless intrusion prevention system (WIPS):
It monitors a wireless network for suspicious traffic by analyzing
wireless networking protocols.
⢠Network behavior analysis (NBAIPS):
It examines network traffic to identify threats that generate unusual
traffic flows, such as distributed denial of service attacks, specific
forms of malware and policy violations.
⢠Host-based intrusion prevention system (HIPS):
It is an inbuilt software package which operates on host for
doubtful activity by scanning events that occur within that host.
46
47. Detection Method of Intrusion Prevention System (IPS):
⢠Signature-based detection:
Signature-based IPS operates on packets in the network and
compares with pre-built and preordained attack patterns
known as signatures.
⢠Statistical anomaly-based detection:
Anomaly based IPS monitors network traffic and compares it
against an established baseline. The baseline will identify
what is normal for that network and what protocols are used.
However, It may raise a false alarm if the baselines are not
intelligently configured.
⢠Stateful protocol analysis detection:
This IPS method recognizes divergence of protocols stated
by comparing observed events with pre-built profiles of
generally accepted definitions of not harmful activity.
47
48. Honeypot-Based IDS/IPS Systems
⢠The purpose of the honeypot approach
is to distract attacks away from real
network devices.
⢠By staging different types of
vulnerabilities in the honeypot server,
you can analyze incoming types of
attacks and malicious traffic patterns
48
49. Honeypots
Decoy systems-
⢠appears to be the real system with valuable info
⢠legitimate users would not access
⢠filled with fabricated info
⢠instrumented with monitors and event loggers
⢠divert and hold attacker to collect activity info
without exposing production (real) systems
⢠If there is somebody in, then there is an attack
benign or malicious
⢠Initially honeypots were single computers
⢠now network of computers that emulate the entire enterprise network
49
50. 1.Outside firewall:
⢠good to reduce the burden on
the firewall; keeps the bad
guys outside
2. As part of the service (DMZ)
network:
⢠firewall must allow attack
traffic to honeypot (risky)
3. As part of the internal
network:
⢠same as 2; if compromised
riskier; advantage is insider
attacks can be caught
Honeypot
Deployment
50
52. To be turned in in 7 days
Assignment 1
1.Conduct a Search of Recent Malware Using your favorite search engine,
conduct a search for recent malware. During your search,
a) choose four examples of malware, each one from a different malware
type, and be prepared to discuss details on what each does, how it
each is transmitted and the impact each causes. Examples of malware
types include: Trojan, Hoax, Adware, Malware, PUP, Exploit, and
Vulnerability. Some suggested web sites to search malware are listed
below:
McAfee ,Malwarebytes, Security Week, TechNewsWorld
b)Read the information about the malware found from your search choose one
and write a short summary that explains what the malware does, how it is
transmitted, and the impact it causes.
2.Write a key logger in any language you knowâŚ
3.Set audit policeies in your windows system, and get the snap shot, and
explain the events..
52