Discussion I
Career Relevancy
A network analyst will have experience with knowing the concepts of malware and how the propagation techniques work. The analyst will perform malware penetration testing and know how to use different techniques to detect malware.
Background
To understand various types of malware and their impact on network and system resources, we will begin with the basic concepts of malware.
Malware is malicious software that damages or disables computer systems and gives limited or full control of the systems to its creator for theft or fraud. Examples of malware include: viruses, worms, Trojans, rootkits, backdoors, botnets, ransomware, spyware, adware, scareware, crapware, roughware, crypters, and keyloggers. Each of these types function differently, though the outcome for the target organization is often the same: a disruption to the organization’s operations, the compromising of sensitive information, and a public perception of distrust. Malware may erase files from a hard drive undetected, cause machines to slow down, steal personal information, send spam via email or instant message, or commit fraud. Malware can also perform malicious activities that range from simple email advertising to complex identity and password theft. Malware can affect all organizations, regardless of system type or size; PC users, Mac users, sole-proprietorships, and large corporations all fall under the same level of risk.
Every day, attackers discover or create new malware known as “Trojan horses,” or simply “Trojans” for short. Trojans are designed to discover vulnerabilities of target systems and are often categorized by how they enter and what they do to target systems.
In Greek mythology, the Greeks won the Trojan War with the aid of a giant wooden horse, built for their soldiers to hide inside of. The Greeks left the Trojan horse at the gates of Troy in anticipation for an ambush. The Trojans thought that the horse was a gift from the Greeks, proceeding without caution. When the time was right, Greek soldiers broke out of the wooden horse to attack, eventually destroying the city of Troy.
Like the myth, Trojan horses in malware present themselves as seemingly innocuous pieces of software components. A computer Trojan is a program in which the malicious or harmful code is contained inside what appears to be harmless programming or data in such a way that it can gain control over the system, resulting in widespread damage. Attackers use computer Trojan horses to trick the victim into performing a predefined action. Trojans get activated upon a user’s specific predefined actions such as installing a malicious software unintentionally or clicking on a malicious link. Upon activation, it can grant attackers unrestricted access to all data stored on compromised systems, causing potentially immense damage. For example, a user could download a file that appears to be a movie, but when executed, that “movie” file unleashes a dangerous program that erases the hard drive or sends credit card numbers and passwords to the attacker.
A Trojan is wrapped within or attached to a legitimate program, meaning that the program may have functionality that is not apparent to the user. Also, attackers use victims as unwitting intermediaries to attack others. They can use a victim’s computer to commit illegal denial-of-service attacks.
Trojan horses work on the same level of privileges as victims. For example, if a victim has the administrative privilege to delete files, transmit information, modify existing files, or install other programs (such as programs that provide unauthorized network access and execute privilege elevation attacks), once the Trojan infects that system, it will mimic those same privileges. Furthermore, it can attempt to exploit vulnerabilities to increase the level of access, even beyond the user running it. If successful, the Trojan can use those increased privileges to install other malicious code on the victim’s machine.
A compromise of any network system can affect other such systems. Those that transmit authentication credentials, such as passwords over shared networks in clear text or a trivially encrypted form are particularly vulnerable. If an intruder compromises a system on such a network, he or she may be able to record usernames and passwords or other sensitive information.
Additionally, depending on the actions the Trojan performs, it may falsely implicate the remote system as the source of an attack by spoofing, thereby causing the remote system to incur liability. Trojans enter the system by means such as email attachments, downloads, and instant messages.
Ports represent entry and exit points of data traffic. There are two types of ports: hardware ports and software ports. Those within the OS are software ports and are usually entry and exit points for application traffic (for example, port 25 is associated with SMTP for e-mail routing between mail servers). Many ports exist that are application-specific or process-specific. Various Trojans uses some of these ports to infect target systems.
To gain control over the victim’s machine, an attacker creates a Trojan server, and then sends an email that lures the victim to click on a link provided within the mail. As soon as the victim clicks the malicious link sent by the attacker, it connects directly to the Trojan server. The Trojan server then sends a Trojan to the victim system that undergoes automatic installation on the victim’s machine and infects it.
As a result, the victim’s device establishes a connection to the attack server unknowingly. Once the victim connects to an attacker’s server, the attacker can take complete control over the victim’s system and perform any selective action. If the victim carries out an online transaction or purchase, then the attacker can easily steal sensitive information such as credit card details and account information. In addition, an attacker can also use the victim’s machine to launch attacks on other systems.
The Trojan may infect the computers when a user opens an email attachment that installs a Trojan on their computers that might serve as a backdoor for criminals for later access of the system.
Prompt
If your network has been infected by malware or Trojans is it ever appropriate to pay a ransom to have the system released from the attacker? Explain your answer.
For your citation, you might use articles that show examples of the threat’s malware has caused in the past. Consider notable news stories on the subject.
Institution Writing Guidelines 300-400 LVL
Purpose: The Institution Writing Guidelines (IWG) exist to simplify student writing requirements and instructor grading, clarify and standardize writing expectations, focus instructor grading and student effort on content, and gradually introduce students to more complex and restrictive writing guidelines over time.
Below you will find the detailed information for your 300 and 400 level courses:
· Formatting (Specific to 300-400 level courses)
· Grammar/Spelling
· Sources (Specific to 300-400 level courses)
· Plagiarism
Formatting
· The top of the paper needs:
· Student name
· Date of submission or writing
· Course name
· Title of the paper
· It is recommended the paper identification information be placed at the top right. What matters is the information is present. Example:
· The paper should be set with one-inch margins all around
· 12-point font sans serif or serif, no decorative fonts. Recommended—but not mandatory—fonts include: Serif family (Times New Roman, Book Antiqua, Minion Pro), Sans Serif family (Calibri, Arial, Verdana)
· Double spacing lines is required
Grammar/Spelling
· General spelling, grammar, and punctuation expectations apply. The focus of the writing must address the issues raised by the prompt, emphasized in the rubric, and the learning objective(s) covered by the writing task
· The serial comma is expected (example: word, word, word, and word)
· Double-spacing after sentences is discouraged
Sources
· Students are expected to use citations, including in-text citations as needed. The guidelines are:
· In Text
· The Author, Year, page number (for quotes) format. Ex: (Doe, 2016, pp. 23-25)
· Sentence punctuation follows the in-text citation
· Reference Citation
· Example 1: Martinez, A. (2016). The way things should be. Harper.
· Example 2: Martinez. (2016). The way things should be. Retrieved, March 4, 2018, from
https://worldswisdom.com
· References are not to be graded on punctuation, italics, inclusion of initials, date format, etc. Grading for references will focus on the required basic elements not the presentation of the elements.
· Rubrics will be followed and the focus remains on content, not style
Plagiarism
Plagiarism is not acceptable. Instructors should follow the academic policy on plagiarism. Egregious examples of plagiarism or repetitive plagiarism will be referred to the student’s dean for additional evaluation.