Overview

Introduction

The Performing Malware Attacks module provides you with the instructions and devices to develop your hands-on skills in the following topics:

  • Creating a simple virus
  • Determining open ports
  • Tracking port usage
  • Performing port redirection

Lab time: It will take approximately 70 minutes to complete this lab.

Objectives

The following objectives are covered in this lab:

  • Malware threats

Exercise 1 - Creating a Simple Virus

A fork bomb is an attack where a process continuously repeats itself and consumes the system’s resources. A fork bomb does not harm any files on the system. However, it slows down or crashes the system. You can create a fork bomb using a batch file and execute it. You can create batch files to perform malicious tasks such as deleting system files, creating backdoors, and so on.

Consider an example of a batch file that will delete all the files in the Windows operating system’s System32 directory. The given code on execution can result in damage to your system and it may require extensive time and skill to fix the system.

The @echo off command will disable the Command Prompt from being shown and will execute the batch file in the back end.

In this exercise, you will learn to create a fork bomb and execute it.

Exercise 2 - Determining Open Ports

The netstat command enables you to identify open ports on the system. You can use this command to determine live connections that are active on the system. In other words, you will be able to see the IP addresses of other systems to which your system is connected.

The netstat command lists the ports that are open and listening for connections on the system. You can use this command to detect and identify Trojans/backdoors since these attacks usually connect outside the system to transfer data.

In this exercise, you will determine open ports.

Exercise 3 - Tracking Port Usage

You can track the port usage of devices using a Windows program known as TCPView. This program displays the entire list of all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) endpoints on the devices. The list also includes the local and remote addresses and state of TCP connections.

TCPView provides a real time output as compared to the netstat command.

In this exercise, you will learn to track the port usage

Exercise 4 - Performing Port Redirection

You can perform port redirection using the netcat command-line utility available for Linux, UNIX, and Windows platforms. This command-line utility reads information from connections using TCP or UDP to perform simple port redirection.

There are two entities in the process of port redirection, the attacker and the victim. The first step is for the attacker to listen on a port to send and receive data. The attacker will drop a malicious payload on the victim’s system to execute system level commands and redirect the traffic to the concerned port on the attacker system. Payloads can be delivered via email, crafted scripts, malicious files, and so on. The payload can also be delivered via a batch script.

In this exercise, you will perform port redirection using the ncat command.