U.S.T.H.B / C.E.I.

L Master 2
Computer Science department UNIT 1

IT Security
1 Internet threats

 Read the following text and answer the questions that follow.
MALICIOUS SOFTWARE

Viruses, worms, Trojans, and bots are all part of a class of software called malware (malicious software).
It is software that is specifically designed to damage, disrupt, steal, or inflict some other bad action on
data, computers, or networks.
There are many different types of malware that have varying ways of infecting systems and spreading
themselves. Malware can infect systems by being bundled with other programs. Others are installed by
exploiting a known vulnerability in a computer system. The vast majority, however, are installed by some
action from a user, such as clicking an e-mail attachment or downloading a file from the Internet.
Two of the most common types of malware are viruses and worms. These programs are able to self-
replicate and can spread copies of themselves. To be classified as a virus or worm, malware must have
the ability to propagate. The difference is that a worm operates more or less independently of other files,
whereas a virus depends on a host program to spread itself.
A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming
part of another program. It spreads from one computer to another, leaving infections as it travels.
Viruses can range in severity from causing mildly annoying effects to damaging data or software and
causing denial-of-service (DoS) conditions. Almost all viruses are attached to an executable file, which
means the virus may exist on a system but will not be active until a user opens the file. Viruses spread
when the software or document they are attached to is transferred from one computer to another using a
network, disk, file sharing, or infected e-mail attachments.
Computer worms are similar to viruses in that they replicate functional copies of themselves and can
cause the same type of damage. In contrast to viruses, which require the spreading of an infected host
file, worms are standalone software and do not require a host program or human help to propagate. To
spread, worms either exploit a vulnerability on the target system or trick users into executing them.
A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It
is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing
it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating
the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data,
or activating and spreading other malware).
Trojans are also known to create back doors to give malicious users access to the system. Unlike
viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans
must spread through user interaction such as opening an e-mail attachment or downloading and running
a file from the Internet.
Bots can be used for either good or malicious purposes. "Bot" is derived from the word "robot". “Good”
bots are often used to automate tasks and provide information or services that would otherwise be
conducted by a human being. A typical example is to interact automatically with instant messaging (IM)
software like Windows Live Messenger.
A malicious bot is self-propagating malware designed to infect a computer and connect back to a central
server or servers that act as a command and control (C&C) center for an entire network of compromised
devices, also called a "botnet." With a botnet, attackers can launch remote-controlled flood-type attacks
against their target(s). In addition to the worm-like ability to self-propagate, other bots abilities include
keystroke logging, gathering passwords, capturing and analysing data, and opening back doors on the
infected computer or network

1
A Answer the following questions about Malware .

1. How are viruses and worms similar?

2. What is the main difference between viruses and worms?

3. How are Trojans spread across networks?

4. What are bots typically used for?

5. How can bots be used for malicious intent?

B Find in the text words corresponding to the following definitions.

1. A weakness in a computer system which can be taken advantage of by an attacker …

vulnerability…………..

2. A computer program to which a virus attaches itself in order to spread itself host program…….

3. An attempt to make a computer resource unavailable to its intended users denial of service…
DOS…………….

4. Holes in the security of a computer system deliberately left in place, to be used for illegal access
later ………back doors…………………..
5. A collection of infected computers that have been taken over by attackers and are used to
perform malicious tasks or functions ………botnet…………………

6. Attempts to send more data to a server than it can handle, so that it crashes …flood-types
attacks…………………

7. The practice of tracking the keys struck on a keyboard keystrockes logging…………………….

2 Internet Crimes

A Choose the right answer to identify the following internet crimes.

1 Which of the following refers to the forging of the return address on an email so that the email
message appears to come from someone other than the actual sender?
a Spamming b Spoofing c spooling d None of these

2 Which of the following refers to blacking out portions of the document, usually to protect
confidential information, so that it cannot be recovered later?
a Encrypting b Botnet c Redacting d Defacing

2
 3 In which type of malicious act, a hacker contacts you by phone or email and attempts
to acquire your password?
a Spamming b Phishing c Bugging d None of these

4 Which of the following refers to any fraudulent business or scheme that take money or other
goods from an unsuspecting person?
a Hacking b Spamming c Scamming d Pharming

5 Which of the following involves the repeated use of the Internet or other electronic means
to harass, intimidate or frighten a person or group?
a cyberbullying b cyberslaking c cyberstalking d Both a and c

3 Safe Data Transfer

 Read the following text, and then deal with the related exercises:
Secure transactions across the Internet have three goals. First, the two parties engaging in a
transaction (say, an email or a business purchase) don’t want a third party to be able to read their
transmission. Some form of data encryption is necessary to prevent this. Second, the receiver of
the message should be able to detect whether someone has tampered with it in transit. This calls
for a message-integrity scheme. Finally, both parties must know that they’re communicating with
each other, not an imposter. This is done with user authentication.
Today’s data encryption methods rely on a technique called public-key cryptography. Everyone
using a public-key system has a public key and a private key. Messages are encrypted and

decrypted with these keys. A message encrypted with your public key can only be decrypted by a
system that knows your private key.

For the system to work, two parties engaging in a secure transaction must know each other’s
public keys. Private keys, however, are closely guarded secrets known only to their owners. When
I want to send you an encrypted message, I use your public key to turn my message into gibberish.
I know that only you can turn the gibberish back into the original message, because only you know
your private key. Public-key cryptography also works in reverse – that is, only your public key can
decipher your private key’s encryption.
To make a message tamper-proof (providing message integrity), the sender runs each message
through a message-digest function. This function within an application produces a number called a
message-authentication code (MAC). The system works because it’s almost impossible for an
altered message to have the same MAC as another message. Also, you can’t take a MAC and turn
it back into the original message.
The software being used for a given exchange produces a MAC for a message before it‘s
encrypted. Next, it encrypts the MAC with the sender’s private key. It then encrypts both the
message and the encrypted MAC with the recipient’s public key and sends the message.
When the recipient gets the message and decrypts it, they also get an encrypted MAC. The
software takes the message and runs it through the same message-digest function that the sender
used and creates its own MAC. Then it decrypts the sender’s MAC. If the two are the same, then
the message hasn’t been tampered with.
The dynamics of the Web dictate that a user-authentication system must exist. This can be done
using digital certificates.

3
 A server authenticates itself to a client by sending an unencrypted ASCII-based digital
certificate. A digital certificate contains information about the company operating the server,
including the server’s public key. The digital certificate ‘is signed’ by a trusted digital –certificate
issuer, which means that the issuer has investigated the company operating the server and
believes it to be legitimate. If the client trusts the issuer, then it can trust the server. The issuer
‘signs’ the certificate by generating a MAC for it, then encrypts the MAC with the issuer’s private
key. If the client trusts the issuer, then it already knows the issuer’s public key.
The dynamics and standards of secure transactions will change, but the three basic tenets of
secure transactions will remain the same. If you understand the basics, then you’re already three
steps ahead of everyone else.

A Find answers to these questions in the text.

1. What does data encryption provide?
a- privacy b- integrity c- authentication

2. A message encrypted with the recipient’s public key can only be decrypted with…….
……recipient’s private key……………………………..

3. What information does a digital certificate give to a client?

4. Which keys are used for the following instructions?

a. to encrypt a message for sending recipient’s public key

b. to decrypt a received message recipient’s private key
c. to encrypt the MAC of a message sender’s private key
d. to encrypt the MAC of a digital signature issuer’s private key

B Find in the text terms related to the following statements:

a. make unauthorized changes c. meaningless data gibberish

tampered with
b. convert to meaningful data d. principle features basic tenets
decipher

C Mark each of the following statements with true or false:

a. A message encrypted with a public key can be decrypted by anyone. false
b. To send a secure message you must know the recipient’s public key. true
c. Secure messages are normally encrypted using a private key before they are sent. false
d. A message can be reconstructed from its MAC. false
e. Two messages can often have the same MAC. false
f. A digital certificate is sent to a client in an encrypted form. false

4 Language Work : Revising compound words

A Match two words from the box to form the missing compounds in the following
sentences:

4
 data hacking cyber warehouse password threat
human cloud powered protected recreational based

1 …password-protected…… sites are accessible only to users entering the correct password

2 ........cloud-based............... services or resources made available to users on- demand via the
Internet from a cloud.

3 .......cyber-threat.............. refers to malicious attempts to gain access to a computer network.

4 ......recreational haking......is done to impress cyber intruders with a skilful exploit rather than to
make money.

5 ....human-powered....... search engines rely on human intervention to submit

information.

6 .........data warehouse........= a large store of data accumulated from a wide range of sources used
to guide management decisions.

B Read the following sentences, and then form compounds that refer to them:
1 A website which is designed in a good way. Well-designed website
2 A software designed to work across multiple platforms. Cross-platform software
3 An operation which doesn’t require hands. Hands-free operation
4 A computer which runs on batteries. Battery-powered computer
5 A hard drive which integrates two different technologies. Hybrid hard drive
6 A special file which redirects to another file or program. Shortcut file
7 A peripheral device which reads and writes flash memory. Flash memory reader
8 A file which can be retrieved and displayed, but not changed or deleted. Read-only file
9 A content created by users of a service. User-generated contents
10 An unauthorized access of a website. Website intrusion
11 Strategies against malware. Anti-malware strategies

5 Hackers can figure out a person’s password

Complete the following passage with words from the box

decipher victim malicious decode struck holes carried out wave

sensed privacy hijack analysing hacked permission crack listening

Hackers can figure out a person’s password by simply 1 listening. to them type on a keyboard, 
Using the microphone found on a smartphone, the new method is so effective that it can be 2 carried
out in a noisy public space where multiple people are typing, researchers at Southern Methodist
University in Texas found. 
They discovered the technique by 3 analysing the different sound waves produced when a key on a
keyboard is 4 struck .
After processing the acoustic signals, they were able to 5 decode which keys were struck and in
which order. This method could be used not only to 6 crack a person’s password, but also 7 decipher
someone’s private emails or messages.
5
 “Based on what we found, I think smartphone makers are going to have to go back to the drawing
board and make sure they are enhancing the 8 privacy with which people have access to these
sensors in a smartphone,” said Eric Larson, an assistant professor at SMU who helped lead the
study.
Smartphone apps often require users to accept 9 permission for the app to access the device’s
microphone as part of their terms of service.
This is usually to facilitate certain functions of the app, however it is conceivable that hackers could
either create 10 malicious apps for the purpose of spying, or hack existing apps in order to secretly 11
hijack a phone’s microphone.
“We were looking at security 12 holes that might exist when you have these ‘always-on’ sensing
devices – that being your smartphone,” Dr Larson said. "We wanted to understand if what you’re
typing on your laptop, or any keyboard for that matter, could be 13 sensed by just those mobile
phones that are sitting on the same table. The answer was a definite, ‘yes’.”
The researchers warned that the victim would have no idea that they are being 14 hacked, however
there are certain caveats to the method.
The attacker would need to know the material type of the table that the 15 victim is typing on, as metal
and wood surfaces produce different sound 16 wave patterns.

6 Listening: Is the cloud secure?

 Listen and complete the following extract with the missing words.
We all know that cloud-based platforms like 1 MS 365 and Google GSuite can be

great for collaboration and efficiency, but have you ever considered that in the wrong hands your cloud

account can also be a 2 weapon .

A cyberattacker who takes over your cloud account has 3 free reign over all the sensitive data

you have access to. Anyone who controls your email account can exploit everyone who trusts it. Once

your cloud account is 4 hijacked, it can lead to 5 wire fraud, data breaches and

more. Attackers target all sorts of accounts: you might expect some targets such as executives but

there are many other more desirable targets like 6 privileged users, users with access to

7 regulated data, finance departments, and service accounts that access valuable information.

How do attackers get into a cloud account in the first place? Here are the most common ways:

Attackers can get your credentials in the 8 data breach or they can trick you in the providing

account logging details through a 9 credential phishing attack In a 10 brut force attack,

they try hundreds of thousands of character and word combinations until they find your password. It's a
6
 bad practice, but many people use the same passwords for different accounts.

In a 11 credential stuffing attack, the attacker will try a large set of stolen passwords to see if any

would 12 get them in .

We all love add-ons that give us new features 13 in our apps , but attackers can create

seemingly helpful add-ons to 14 compromise your apps and give them access to your cloud

account. Cyberattackers are increasingly focusing on people not infrastructure.

7 Ransomeware
 Read the following passage carefully and answer the questions given below it.

Twice in the space of six weeks, the world has suffered major attacks of ransomware malicious software
that locks up photos and other files stored on your computer, then demands money to release them. It’s
clear that the world needs better defenses, and fortunately those are starting to emerge, if slowly and in
patchwork fashion. When they arrive, we may have artificial intelligence to thank. Ransomware isn’t
necessary trickier or more dangerous than other malware that sneaks onto your computer, but it can be
much more aggravating, and at times devastating. Most such infections don’t get in your face about
taking your digital stuff away from you the way ransomware does, nor do they shake you down for
hundreds of dollars or more. Despite those risks, many people just aren’t good at keeping up with
security software updates. Both recent ransomware attacks walloped those who failed to install a
Windows update released a few months earlier. Watchdog security software has its problems, too. With
this week’s ransomware attack only two of about 60 security services tested caught it at first, according
to security researchers. “A lot of normal applications, especially on Windows, behave like malware, and
it’s hard to tell them apart,” said, an expert at the California security vendor Proofpoint. In the early days,
identifying malicious programs such as viruses involved matching their code against a database of
known malware. But this technique was only as good as the database; new malware variants could
easily slip through. So security companies started characterizing malware by its behaviour. In the case of
ransomware, software could look for repeated attempts to lock files by encrypting them. But that can flag
ordinary computer behaviour such as file compression. Newer techniques involve looking for
combinations of behaviours. For instance, a program that starts encrypting files without showing a
progress bar on the screen could be flagged for surreptitious activity, said the chief technology officer at
the New Zealand security company Emsisoft. But that also risks identifying harmful software too late,
after some files have already been locked up. An even better approach identifies malware using
observable characteristics usually associated with malicious intent for instance, by quarantining a
program disguised with a PDF icon to hide its true nature. This sort of malware profiling wouldn’t rely on
exact code matches, so it couldn’t be easily evaded. And such checks could be made well before
potentially dangerous programs start running. Still, two or three characteristics might not properly
distinguish malware from legitimate software. But how about dozens? Or hundreds? Or even thousands?
For that, security researchers turn to machine learning, a form of artificial intelligence. The security
system analyses samples of good and bad software and figures out what combination of factors is likely
to be present in malware. As it encounters new software, the system calculates the probability that it’s
malware, and rejects those that score above a certain threshold. When something gets through, it’s a
matter of tweaking the calculations or adjusting the threshold. Now and then, researchers see a new
behaviour to teach the machine. On the flip side, malware writers can obtain these security tools and
7
tweak their code to see if they can evade detection. Some websites already offer to test software against
leading security systems. Eventually, malware authors may start creating their own machine-learning
models to defeat security-focused artificial intelligence.

Q.1. Which kind of people were walloped by recent ransomware attacks?

(1) who flagged for surreptitious activity (2) who failed to install a Windows update.
(3) who failed to install a new software. (4) who failed to post at a new cybersecurity wall.
(5) who failed to install a progress bar.

Q.2. What does a ransomware malicious software do according to the passage?

(A) It locks up photos.
(B) It locks up other files stored on your computer.
(C) After locking up files and photos it demands money to release them.
(1) Only A (2) Both A and B (3) Only C (4) Both A and C (5) All A, B and C

Q.3. How many security services tested caught ransomware’s attack at first?
(1) only three of about 30 (4) only seven of about 60
(2) only two of about 40 (5) only nine of about 60
(3) only two of about 60

Q.4. In which way ransomware attack is different from all other cyber attacks?
(A) They don’t harass you about taking your digital stuff away from you.
(B) They don’t they shake you down for hundreds of dollars or more.
(C) They don’t demand money or so called ransom.
(1) Only A (2) Both A and B (3) Only C (4) Both A and C (5) All A, B and C

Q.5. In the early days, What was involved in identifying malicious programs?
(1) deviating attack percent to get that 1 percent (4) employing machine learning
(2) behavioural-detection. (5) blocking new forms of malware.
(3) matching their code against a database
of known malware.

Q.6. As per the passage given above to do what the software could look for repeated attempts?
(1) to flag ordinary computer behaviour by encrypting them. (4) to lock files by encrypting them
(2) to decrypt files. (5) to launch the same update twice
(3) to enable passcodes of files.

Q.7. Choose the word which is most nearly the OPPOSITE in meaning as the word printed in bold as
used in the passage. Observable
(1) Compromising (2) Bullying (3) Emerging (4) Obscure

Q.8. Choose the word most SIMILAR in meaning to the word printed in bold, as used in the passage.
Tweak
(1)Adjust (2) Explosion (3) Exonerate (4) Alleviate

Q.9. Choose the word which is most nearly the OPPOSITE in meaning as the word printed in bold as
used in the passage. Probability
(1)Viability (2) Assurance (3) Certainty (4) Fidelity

Q.10. Choose the word most SIMILAR in meaning to the word printed in bold, as used in the passage.
Defeat
(1) Overflow (2) Oerwhelm (3) Overthrow (4) Oversight

8
9