PerfectNotes
Back to Cybersecurity

Threat Landscape and Malware

18 min read IntermediateVulnerability Management

2.2 The Threat Landscape

Threats exploit vulnerabilities. Understanding the technical mechanisms of these threats is crucial for implementing effective defenses and incident response strategies.

Malware: Malicious Software

Malware (malicious software) is any software intentionally designed to cause damage to a computer, server, client, or computer network. The term encompasses a wide range of hostile, intrusive, or annoying software programs.

1. Viruses

Computer Viruses

Definition: Self-replicating code that attaches to a host file. They require user action (execution) to spread.

Infection Process:

  1. 1. User downloads infected file (game.exe)
  2. 2. User executes the file
  3. 3. Virus code runs, infects other .exe files
  4. 4. User shares infected files → virus spreads

Characteristics:

  • • Needs host file to attach to
  • • Requires user to execute
  • • Can corrupt or delete data
  • • Spreads through file sharing

Examples:

  • • ILOVEYOU (2000)
  • • Melissa (1999)
  • • MyDoom (2004)

2. Worms

Network Worms

Definition: Self-propagating malware that moves across networks automatically, without user intervention, often exploiting network vulnerabilities.

Propagation Process:

  1. 1. Worm infects Computer A
  2. 2. Scans network for vulnerable machines
  3. 3. Exploits vulnerability on Computer B
  4. 4. Self-replicates to Computer B
  5. 5. Process repeats exponentially

Key Differences from Viruses:

  • • Standalone (no host file needed)
  • • Spreads automatically
  • • Exploits network vulnerabilities
  • • Can spread within minutes

Famous Examples:

  • • Morris Worm (1988)
  • • Conficker (2008)
  • • WannaCry (2017)

3. Trojans (Trojan Horses)

Trojan Horses

Definition: Malware disguised as legitimate software to trick users into installation, creating backdoors for remote access.

Attack Scenario:

User downloads "FreeGameCrack.exe"

→ Appears as game installer

→ Actually installs backdoor

→ Attacker gains remote control

→ Can steal data, install more malware

Types of Trojans:

  • Backdoor Trojans: Remote access to system
  • Banking Trojans: Steal financial credentials
  • RAT (Remote Access Trojan): Full system control
  • Downloader Trojans: Download additional malware

4. Ransomware

Ransomware: The Modern Extortion

Definition: Encrypts victim's data and demands payment (usually cryptocurrency) for the decryption key. One of the most financially damaging malware types.

Attack Flow:

1. Infection (phishing email, exploit)

2. Encryption (AES-256 on all files)

3. Ransom Note displayed

4. Payment demand (Bitcoin)

5. Deadline with increasing price

6. Decryption IF payment made (not guaranteed)

Notable Attacks:

  • • WannaCry (2017) - 200,000+ victims
  • • NotPetya (2017) - $10B damage
  • • Colonial Pipeline (2021)

Defense:

  • • Regular backups (offline)
  • • Patch management
  • • Email filtering
  • • User training

Network Attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS)

Goal: Overwhelming a system with traffic to deny service to legitimate users.

DoS Attack

Single source attacking target

Attacker → Floods → Target Server

Result: Server crashes

DDoS Attack

Multiple sources (botnet)

Bot1, Bot2, Bot3...BotN

All → Flood → Target Server

Harder to block/trace

Common DDoS Types:

  • Volume-based: Saturate bandwidth (UDP flood, ICMP flood)
  • Protocol-based: Exhaust server resources (SYN flood)
  • Application-layer: Target web applications (HTTP flood)

Man-in-the-Middle (MitM) Attacks

Definition: Intercepting communications between two parties without their knowledge.

Attack Scenario:

User ←→ [Attacker intercepts] ←→ Bank Website

User thinks: talking directly to bank

Reality: attacker reads/modifies all data

Attack Methods:

  • • ARP spoofing
  • • DNS hijacking
  • • SSL stripping
  • • Evil twin WiFi

Prevention:

  • • Use HTTPS everywhere
  • • Verify SSL certificates
  • • Avoid public WiFi
  • • Use VPNs

Malware Comparison Table

TypeRequires Host?User Action?Primary Goal
VirusYes (attaches to file)Yes (execute file)Damage/spread
WormNo (standalone)No (auto-spreads)Rapid propagation
TrojanNo (disguised app)Yes (install fake app)Backdoor access
RansomwareNoInitially yesFinancial extortion

Key Takeaways

  • ✓ Viruses require host files and user action; worms self-propagate automatically
  • ✓ Trojans disguise themselves as legitimate software to gain initial access
  • ✓ Ransomware encrypts data for extortion, causing massive financial damage
  • ✓ DDoS attacks overwhelm systems using botnets of compromised devices
  • ✓ MitM attacks intercept communications, often on insecure networks
  • ✓ Defense requires layered security: antivirus, firewalls, patching, and user training

Frequently Asked Questions

Should I pay a ransomware demand?

Law enforcement agencies and security experts strongly advise against paying ransoms. Payment doesn't guarantee data recovery, encourages more attacks, and funds criminal operations. Instead, restore from backups and report the incident to authorities.

Can antivirus detect all malware?

No. Antivirus software primarily detects known malware using signatures. Zero-day malware and advanced threats can evade detection. This is why layered security (firewalls, behavior analysis, patch management) is essential, not just antivirus alone.

Previous: Anatomy of VulnerabilitiesNext: Vulnerability Management