Main content
Course: Archived AP CSP content > Unit 1
Lesson 7: Archived Cybercrime and preventionComputer malware and attacks
Cybercrime can target a single computer or a network of computers. Malware is any malicious software that's unknowingly installed onto a computer. The most dangerous malware are self-replicating viruses and worms.
Once a cybercriminal successfully installs malware onto a massive number of machines, they can run a botnet and wreak havoc at scale. Many times, botnets are used to launch DDoS attacks on web servers and render the web server useless.
Malware
Malware can take many forms:
A Trojan horse is a harmful program that masquerades as a legitimate program, and is often downloaded onto computers by unknowing users. Once the user runs the program, it can start inflicting its damage.
A virus is a program that hides within the source code of a legitimate program. A virus is self-replicating: it contains code that copies itself into other files on the system.
A worm is also self-replicating, but it copies itself into entirely different computers within the network. It can travel along networked protocols like email, file sharing, or instant messaging. Many worms don't take any harmful action besides replicate themselves, but even those worms can disrupt a network by hogging bandwidth.
The effects of malware
Once malware gets onto a computer, it can cause damage in multiple ways:
- Spyware steals data and sends it back to the malware creators. A common form of spyware are keyloggers, programs that monitor everything a user types including, of course, their many passwords.
- Adware pops up advertising to users, which typically earns money for the malware creators.
- Ransomware holds a computer hostage (by encrypting user data or blocking access to applications), and demands the user pay a ransom to the anonymous malware creators.
- Cryptomining malware utilizes a computer's resources to mine for cryptocurrency. That allows the creators to earn cryptocurrency without spending any money on powering their own computers.
Botnets
A botnet is a collection of computers that are all infected by the same malware; all running the same "bot". The cyber criminal behind the botnet will often have the ability to remotely access the machines, and can use a botnet to launch a large-scale attack.
Botnets may be as small as a few hundred computers but can grow as large as thousands or millions of computers. The largest botnet so far was Conficker, affecting 10.5 million computers. At those scales, the damage caused by malware adds up fast - and for cyber criminals, damage often equals profit.
DDoS Attacks
A common use of botnets is to attack web servers with a Distributed Denial-of-Service (DDoS) attack.
A web server is any computer that's responsible for responding to HTTP requests from users. Web servers are typically set up to handle an expected number of requests per minute, and often struggle to handle much more than that.
A DDoS attack floods a web server with way more requests than expected, overwhelming the server so that it cannot respond to requests from legitimate users.
A DDoS attack can significantly slow down a website or bring it down entirely, which definitely distresses its users and can lose money for the company.
Why do cyber criminals launch DDoS attacks? Sometimes they are seeking revenge against a company or country for personal or political reasons. Other times, a DDoS attack can be used to distract a company while the cyber criminal infiltrates the systems in more sinister ways.
Protection
Cyber criminals are constantly finding new ways to compromise systems. Fortunately, at the same time, security engineers are coming up with protection mechanisms.
A security patch is an update to the code of an application or the entire operating system, and often fixes a bug that's been exploited by malware. Computers, including mobile phones and hardware devices, should always keep up to date with security patches to reduce the risk of malware.
A firewall is a system that monitors incoming and outgoing network traffic to a computer or internal network, and determines what traffic to allow. Firewalls can do automated detection of suspicious traffic and can also be configured manually. Firewalls cannot identify and block all malware, but they are a useful line of defense for what they can identify.
Antivirus software protects an individual computer by constantly scanning files and identifying malware. Once an antivirus program finds a piece of malware, it can guide the user through deleting or repairing the file to be safe again. Of course, cyber criminals come up with new malware all the time, so antivirus programs must constantly update their list of known malware.
Oftentimes, the best protection mechanism is a well-informed computer user. In the next article, we'll discuss the ways that cyber criminals trick users and the ways we can protect our computers and data.
Want to join the conversation?
- Can a web server protect itself from DDoS attacks?(9 votes)
- Pamela sent me here -- I work at Khan Academy on the Infrastructure team.
It depends on the exact type of attack. In general this is a pretty hard problem: I can describe some potential solutions but it's not something one can solve completely proactively, and people are still coming up with new mitigations as attackers come up with new and bigger DDoS attacks.
One solution is to simply start up more servers to handle the additional requests. For a small DDoS attack this may be a very practical approach that requires no special treatment and minimizes the impact on users, but for a large attack it can be very costly, or even impossible.
Another option is to try to notice as quickly during the processing of a request as possible that the request is a part of a DDoS attack, and ignore the request without further processing. For example, the attacker might drop all traffic from a certain IP address, or to a certain URL, or from a certain User-Agent. This way, the time that would have been spent responding to that request can be spent helping a real user. Attackers might respond to this by trying to make their traffic look a lot like real traffic; it can be hard to tell the difference. Or, attackers might try to send so much traffic that even that minimal processing takes up all the server's time.
Many modern websites outsource all this work to third parties: for example Content Delivery Networks (CDNs) and cloud providers often provide a DDoS mitigation service which uses one or more of the above strategies, but attempts to handle the traffic before it reaches the backend web server at all.
This is just a really brief sample, though: check out other sources to get much more into the details!(13 votes)
- The WanaCry virus is a really powerful Ransomware. Could You somehow recover from it without paying?(3 votes)
- From the author:Good question. The WanaCry virus encrypted the files on a machine and demanded ransom to decrypt the files. According to an article by Symantec, the majority of files cannot be decrypted by anyone other than the attackers:
https://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b
That virus is a good motivation to periodically backup your computer and/or use a cloud storage product to store files both on your computer and online.(4 votes)
- How could we know someone hack our computers?(2 votes)
- In general, this is quite challenging. One common technique is to look for suspicious behavior such as unknown files being created or high resource usage (CPU or memory or network). I'd also recommend applying the suggestions from the Protection section above.(4 votes)
- What is uses of Anti virus?(1 vote)
- An anti-virus can scan files on your computer for viruses and help you get rid of them before they can do harm.(2 votes)
- What is the difference between a virus and a worm? I can only see that they both self-replicate. Which is more dangerous and why?(1 vote)
- Viruses and worms are pretty similar; in fact worms are actually a type of virus. Though the main difference between them is that worms will look for system vulnerabilities, whereas viruses often will be attached to downloaded files. Worms are also self-replicating. Which one is more dangerous really depends on the exact software and what it does. Although I'd say that worms can be generally more scary because they don't require you to download anything. Hope this helps! (:(1 vote)
- which is the best cyber attack happened in india?(0 votes)
- https://en.wikipedia.org/wiki/2016_Indian_Banks_data_breach
An estimated 3.2 million debit cards were stolen in 2016. There are others that might be worse though.(0 votes)