IAS Homework
IAS Homework
IAS Homework
BSIT 511
PART I
ADWARE
180solutions assistant - In 1999, company “ePIPO” was founded by Keith and Ken Smith. It was
a kind of pay-to-surf company that displays banner ads. And later, they changed their name into
180 Solutions that also goes with the changes in their technology like using pop-up ads instead
of banner ads. Then in about June 2006, 180 solutions collaborated with Hotbar and they
established "zango". 180 solutions assistant is a product of 180 solutions. It displays pop-up ads
that came from the user's web-searches and surfing habits. Once it is in the system, continues
pop-up ads will flood your computer and may slow down your system.
https://www.f-secure.com/sw-desc/adware_w32_180solutions.shtml
https://en.m.wikipedia.org/wiki/Zango_(company)
https://www.2-spyware.com/remove-coolwebsearch.html#:~:text=CoolWebSearch%20is%20a
%20notorious%20potentially,modify%20their%20settings%20without%20warning.
https://en.m.wikipedia.org/wiki/CoolWebSearch
ROOTKIT
Vanquish - It is a type of user-mode rootkit. When we say User-mode rootkit, it means that it
will be able to modify the processes, network connections, security, and others without the risk
of being detected. Another, it can impede the system calls and be able to process the output.
And because of this processes, the files, system drivers, network ports, registry keys and paths,
and system services were able to hid by the hacker. Vanquish was created by XShadow on 2003-
2004. This works on windows 2000, XP, and 2003. Vanquish rootkit can hide files, folders,
registry entries, and log passwords following what was described to user-mode rootkit.
https://www.esecurityplanet.com/networks/rootkit-threats/
https://greatis.com/unhackme/vanquishrootkitremoval.htm#:~:text=Vanquish%20is%20a%20DLL-
Injection,registry%20entries%20and%20logs%20passwords.
rootkit that also make adjustments to the data structures of a computer which in return hide
some processes.
https://www.aldeid.com/wiki/FU-Rootkit#:~:text=5%20Comments-,Description,fu.exe%20and
%20msdirectx.
https://www.esecurityplanet.com/networks/rootkit-threats/
RANSOMWARE
WannaCry - In 2017, a ransomware attack called "wannacry" were created which caused havoc.
This particular attack used email scams and phishing. About 150 countries, 230,000 computers
around the globe, and 200,000 people specifying companies like FedEx, Telefonica, Nissan and
Renault were greatly affected. It was suspiciously created by United States National Security
Agency and leaked by the Shadow Brokers group. The 'ransom' for release was priced around
USD 300. Global financial losses was said to be an estimated total of $4 billion dollars.
Cryptolocker - it is one of the famous ransomware attack that was first seen in 2007 and was
actually launched in 2013. This type of malware if it infects your computer, will encrypt
important files or data and will hold it against you for ransom. This was spread by using email
attachment carrying infected or malicious files. An estimation of 200,000 - 500,000 computers
(windows-based) were infected and a financial loss of more than USD 3 million.
https://gatefy.com/blog/real-and-famous-cases-ransomware-attacks/
https://www.kaspersky.com/resource-center/threats/ransomware-examples
WORM
The morris worm - this is among the well-known computer worm in the early times. It is
launched by a student named Robert Morris on 1988, hence it was called morris worm. He just
wanted to test out the vastness of the internet and not intending to be destructive. However,
when he released the program to the internet he had not anticipated the fast spreading of what
he created. It’s self-replicating, infecting, and reinfecting computers 1-7 times went out of
control. Which is why 10% of the 60,000 internet-connected computers were affected in the
united states and cost about $200 - $53,000 to remove the worm and prevent reinfection. It was
also said that around $100 million were lost due to Morris worm.
https://www.exabeam.com/information-security/cybersecurity-calendar-morris-worm/
https://searchsecurity.techtarget.com/definition/Robert-Morris-worm
ILOVEYOU – this is a type of computer virus or worm that spreads through a chain email,
specifically in Outlook. The outbreak started on May 4, 2000 created by a college student at that
time Onel De Guzman. He just intended to make use of computer worm to steal passwords so
he could access the internet for free. But this creation of him, had a flaw in the code which
happened to get uncontrollable in spreading. And with its title “ILOVEYOU” and an attachment
of LOVE-LETTER-FOR-YOU, surely lots of people are intrigued to open it and later fell into the
virus trap causing it to spread even more. This infected over 45 million of computers in just two
days and estimatedly cost over $15 billion damages.
Rizzi, Clifford Chazz L.
BSIT 511
https://searchsecurity.techtarget.com/definition/ILOVEYOU-virus
https://www.computerweekly.com/news/252481937/Revealed-The-man-behind-the-first-major-
computer-virus-pandemic
BACKDOOR
CoinTicker – this is a MAC application which is used to show the updated prices of Bitcoins and
other cryptocurrencies in the menu bar. It was found out that this application is installing two
backdoors, specifically, EvilOSX and EggShell. Although the purpose are not yet clear, it is
suspiciously not legit. According to Thomas Reed of Malwarebytes, it appears that this malware
is trying to gain access to the users’ cryptocurrency wallets so they can steal coins. There are
also no authentication to root, which is why the user wouldn’t think something’s wrong. He also
conveyed that this app is “never legitimate to begin with”. Because it was suspiciously
“registered just months ago on July 13”, Thomas Reed on his post.
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-
backdoors/
https://9to5mac.com/2018/10/30/cointicker/
Wordpress – In 2017, an SEO scam or search engine optimization scam were revealed by
security researchers. This certain scam were said to affect more than 300,000 WordPress
websites. In a blogpost of Yash Mehta on August 2020, he said that a wordpress backdoor allows
an attacker to access persistently a server and note that this is unauthorized. Oftenly, he said
that this is through a malicious files that are hidden somewhere or through an infected plug-ins.
https://www.malwarebytes.com/backdoor/
https://www.getastra.com/blog/911/wordpress-backdoor-hack/
PART II
Rizzi, Clifford Chazz L.
BSIT 511
with human resilience” he also recognized the heroic deeds of the IT rescue team as
well as the other people who went extramiles to aid the business. And because of what
happened, the company not just work on how to improve their cybersecurity but also to
make it a “competitive advantage”. After that, most of the security features that the IT
department asked was immediately approved. The company took a great importance to
the cybersecurity to not let such cyberattack from happening again.