Malware Threats by Saiful Hassan - Free Chapter Included

Malware Threats by Saiful Hassan is a new book (published June 2017) that takes you through various security threats – from social media to your bank account – and how you can protect yourself from them.

We sat down with the author, Saiful Hassan, to see why he wrote this book and how it can help your average day person protect themselves against malware threats.

vpnMentor: What made you write this book?

Hassan: Hundreds of thousands of malware attacks happen every year. While most people (and even many companies) think they won't be attacked, chances are they will. This book will help them prepare for the majority of attacks with quick, easy-to-understand descriptions and by explaining how to protect themselves.

vpnMentor: What new knowledge did you gain whilst writing this book?

Hassan: I actually learned a lot about new technology that can present malware attacks (which is included in my book). It's really amazing to write a book on a topic that's constantly evolving and to learn something unique that could be helpful for everyone.

Malware Threats by Saiful Hassan is available for purchase on Amazon. Below is an excerpt from Chapter 1. 

Chapter  1 - The concept of malware

It is really important to know about the concept of malware. So, let us start from the basic. The malware is the virus to create the multiple file or changes in the homepage of your browser that is enough to make the essential effects on your PC or system.

Type of Malware

There are different kinds of malware like Trojans, spyware, Botnet, Crypter, and Rootkit etc. These all are essentially harmful to the system.

Malware Propagation Techniques

There are some different- different techniques of malware like Blackhat search engine optimization, social engineered click-jacking and malvertising which cause the high traffic on the website as advertising etc.Countermeasure malware

Countermeasure malware

It is the special type of program to hack the computer data and to provide the big harms to any computer or system. This is used through the external hard drive storage or external network.

Introduction to malware

There is a single but very dangerous purpose behind the creativity of malware. It is developed by the developer to steal your each and every data and snatch the command of your system from your hand. The hacker is able to found everything from your system as he got the full command through the malware. So, it is really dangerous for the system and data.

There are some famous examples of the malware as it has so many forms.

• Trojan House
• Virus
• Backdoor
• Worms
• Rootkit
• Spyware
• Ransomware
• Botnet
• Adware
• Crypter

Common Malware Distribution Techniques Used By Attackers:

Attackers might choose many different techniques to distribute Malwares across platforms to the users in various forms and ways, such as –

1. Blackhat Search Engine Optimisation (SEO) – By ranking the Malware containing pages or sites on top ranks or the first page of the search engine through Blackhat Search Engine Optimization, making more number of visitors vulnerable to click on it.
2. Malvertising – Embedding Malware in Ad-networks which gets displayed in hundreds of legitimate high-traffic websites.
3. Compromised Legitimate Websites – Hosting embedded Malware that spreads to unsuspecting visitors.
4. Social- Engineered Click-Jacking – Tricking users into clicking on genuine looking links or sites.
5. Spearphishing Sites – Mimicking legitimate and famous websites or institutions in an attempt to steal login credentials and/or other valuable information from the users.
6. Drive-By Downloads – Exploiting flaws in browser software to install Malware by just visiting the website or that particular page.

Trojan concept

The financial and economic damage caused by Trojan malware is extensive. According to the 2014 NortonLifeLock survey report, it was challenging to find any economic or business sector that was not targeted by Trojans.

The ways that used by the hackers to enter the Trojan into your the system

There are few ways to protect your system with all the instructions. It is sufficient to know about the ways of Trojan entry.

Countermeasures for Not Getting victimized By a Malware:

• Avoid opening Email attachments from unknown sources
• Block all unnecessary ports at the host and the firewall
• Avoid accepting programs transferred by Instant Messengers
• Tighten your weak and default settings and disable unused functionality including protocols and services
• Monitor the internal network traffic for odd ports or encrypted traffics
• Avoid downloading and installing programs and applications from unknown sources
• Install patches and other security updates for the operating system and application regularly
• Do scan removable devices such as CDs and DVDs before using them
• Restrict permission within your desktop environment to prevent malicious application or software installation.
• Avoid typing the commands blindly and implementing pre-fabricated scripts and programs
• Manage local-workstation file integrity through checksums, auditing and port scanning
• Run host based antivirus, firewall and intrusion detecting software.
• They always trying to change the typical operating files in your system
• They constructs the fake and undesired traffic on the website to hack your system
• The recording of the audio, video and the pictures as the screenshot of that computer on which they attacks is helpful for the hackers

There are so many ways to harm the system using Trojan

The Trojan horse construction kit is the best tool for the hackers to construct the Trojan. They need to develop a dropper that’s required to install the malware system.

Example:

Code of the malicious code is the first step after the basic programming as

(Installation path: c\windows\system64\synchosts.exe

Autostarts: HKIN\Software\Mic\...\run\Explorer.exe)

Client address: client.attacker.com

Drop zone: Dropzone.attacker.com

An application as the original and certified appearance is needed:

File name: Chess.exe

Wrapper data: Executable file.