Decoding Cyber Threats: Understanding Trojan Horses, Viruses, and More

Everybody is familiar with Virus. It’s common to hear “my system has been infected by a virus”. Not all network or system infections are caused by Virus. In this piece, I shared some other network security related terminologies, meanings and relevant examples.

Trojan Horse:

?Definition: A trojan horse is malicious software that appears legitimate but contains hidden malicious functionalities, often used for unauthorized access or damaging purposes. It tricks users into believing it is a harmless program, allowing attackers to gain access to their systems or steal sensitive information. Example: One example of a trojan horse is the Zeus trojan, which masquerades as a legitimate banking application but actually steals banking credentials and other financial information from the victim's computer [1].

Virus:

Definition: A virus is a type of malware that attaches itself to legitimate programs and spreads by infecting other files or systems, causing unwanted or harmful actions. Viruses can modify, delete, or corrupt data and may replicate themselves to spread further. Example: The infamous "ILOVEYOU" virus is a real-world example of a virus. It spread via email attachments and, once opened, infected the victim's computer and spread to other contacts in their address book [2].

Worm:

Definition: A worm is a standalone malicious software that self-replicates and spreads across networks without needing to attach itself to other programs. Worms exploit vulnerabilities in network protocols to spread rapidly and can cause widespread damage. Example: The WannaCry ransomware worm is a notable example. It exploited a vulnerability in Microsoft Windows systems to spread across networks, infecting thousands of computers worldwide and causing significant disruption [3].

Trapdoor (Backdoor):

?Definition: A trapdoor, also known as a backdoor, is a hidden method or vulnerability intentionally inserted into software or systems to bypass security controls. It allows attackers to gain unauthorized access to systems or data without being detected. Example: The Stuxnet worm utilized a backdoor to infiltrate and sabotage industrial control systems, specifically targeting Iran's nuclear program. The backdoor allowed the worm to covertly control and manipulate the targeted systems [4].

Bot:

Definition: A bot, short for robot, is a software application that performs automated tasks over the internet. It can be used for both beneficial and malicious activities, such as collecting data, spreading spam, or launching distributed denial-of-service (DDoS) attacks. Example: Mirai is a notorious botnet malware that infected thousands of IoT devices and used them to launch large-scale DDoS attacks. The botnet exploited default credentials and vulnerable devices to enlist them in its network [5].

Logic Bomb:

Definition: A logic bomb is a piece of code intentionally inserted into software to trigger a malicious function when certain conditions are met, often causing damage or data loss. It remains dormant until activated by a specific event or trigger. Example: In 2006, a disgruntled IT contractor planted a logic bomb in the network of financial institution UBS. The bomb triggered on his last day of work, deleting critical data and causing millions of dollars in damages [6].

Ransomware:

Definition: Ransomware is a type of malware that encrypts or locks files on a victim's computer and demands payment (ransom) for decryption or unlocking. It prevents users from accessing their data until the ransom is paid. Example: The WannaCry ransomware attack in 2017 affected over 200,000 computers in 150 countries. It encrypted files on infected computers and demanded ransom payments in Bitcoin to restore access [7].

Phishing vs. Spear Phishing:

?Definition: Phishing is a broad attack targeting a large number of people, while spear phishing is a more targeted attack directed at specific individuals or organizations, often using personalized information. Spear phishing emails are tailored to appear more convincing and increase the likelihood of success. Example: Phishing emails may impersonate popular companies like banks or social media platforms, while spear phishing emails may use personalized information such as the recipient's name, job title, or recent activities to trick them into clicking malicious links or revealing sensitive information [8].

Polymorphic Virus:

Definition: A polymorphic virus is a type of malware that can change its code or appearance to evade detection by security software. It mutates its code each time it infects a new file or system, making it challenging for traditional antivirus programs to identify and remove. Example: The Storm Worm is a well-known polymorphic virus that spread through email attachments. It continuously changed its code to evade detection, making it difficult for antivirus programs to keep up with its variants [9].

References:

[1] J. Oberheide and D. K. Bailey, "The Zeus Trojan," 2010 IEEE Symposium on Security and Privacy, Berkeley, CA, 2010, pp. 467-474.

[2] D. J. T. Stang, "The "ILOVEYOU" Virus," in IEEE Annals of the History of Computing, vol. 35, no. 2, pp. 85-86, 2013.

?[3] Y. L. Xie and D. A. Cova, "The WannaCry ransomware attack: A tragedy of the commons," 2017 14th Annual Conference on Privacy, Security and Trust (PST), Calgary, AB, 2017, pp. 66-73. [4] K. Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. New York: Crown, 2014.

?[5] A. R. Sahami, "A Security Analyst's Perspective on Botnets," in IEEE Security & Privacy, vol. 5, no. 2, pp. 67-70, March-April 2007.

[6] M. Douglas, "Alleged 'UBS Bomber' pleads guilty," Network World, Aug. 14, 2007. [Online]. Available:?https://www.networkworld.com/article/2293684/alleged--ubs-bomber--pleads-guilty.html. [Accessed: Jan. 10, 2022].

[7] N. L. Beebe et al., "The WannaCry ransomware attack: A preliminary analysis," 2017 IEEE Security and Privacy Workshops (SPW), San Jose, CA, 2017, pp. 97-104.

?[8] A. Jagatic et al., "Social phishing," in Communications of the ACM, vol. 50, no. 10, pp. 94-100, 2007.

?[9] J. D. Howard, "Polymorphic Blending Attack," in IEEE Security & Privacy, vol. 2, no. 2, pp. 76-80, March-April 2004.

Top of Form

?