Viruses, worms, and Trojan horses are types of malware that pose threats to computers and networks in different ways. Viruses require human action to spread, usually by infecting files, while worms can spread automatically through networks. Trojan horses conceal malicious functions within seemingly harmless programs. Cyberattacks have become easier to carry out remotely without risk of detection, as seen in ransomware attacks against organizations, while attribution of attacks to specific actors remains difficult.

1. Discuss similarities and differences between worms, viruses, and Trojan
horses.
Final Project3 Threat Factors—Computers as TargetsLearning ObjectivesDifferentiate
between viruses, worms, and Trojan horses.Explain the threat viruses pose to computers
and computer users.Explain the threat worms pose to computers and computer
users.Explain the threat Trojan horses pose to computers and computer users.Describe
countermeasures to threats that target computers and mobile devices.Cyberattacks are
cheap and unconstrained by geography and distance to the target. Let’s compare a bank
robbery with the ransomware attack on a bank. The goal of the attackers is the same: get
money from the bank and get away without leaving evidence. A bank robber has to stake
out the bank, learn about the employees’ behavior, learn about when money is taken to the
bank and picked up from the bank, and whether the bank has a security guard—and if so,
what the routine of the guard is. A bank robber often also needs an accomplice to stay
outside and check for police and/or drive the getaway car. The bank robber then has to plan
the attack, carry it out without any incidents, and get away with the money. The bank
robber has to stack the money in a safe but accessible place. The robber eventually starts
spending the money. Very often, banks now have money that is marked, which would make
it easier to catch the bank robber. The whole process is very time consuming and risky.
Bank robbery is a serious felony, and police will spend significant resources to catch the
criminal.Now compare the bank robbery with a ransomware attack on a bank. The attacker
does not need help from others. All that is needed is a computer and network connection.
The cyberthief hacks into the bank and encrypts the data. The bank now cannot operate its
business because they can’t access their data, including customer accounts. The cyberthief
sends a message to the bank manger telling him or her that if the bank wants their data
decrypted they must pay a ransom of $100,000 in bitcoins (a digital currency untraceable
by law enforcement). If the bank refuses to pay, the data will stay encrypted. Typically, the
cyberthief sets a deadline to put pressure on the victim. The bank can try to decrypt their
own data by hiring experts or with the help of law enforcement, but that may not be
possible. The cyberthief simply has to wait. He or she does not have to be physically present
or even near the bank and could be in a different country. There is also little risk of
detection because there are usually no traces. Attribution of the attack—that is, finding the
person who committed the attack—is very difficult and even in major attacks often not
possible with certainty. For instance, even though the U.S. government believes that Russia

2. hacked the Democratic Party during the 2016 election campaign and possibly interfered
with the election, there is no hard evidence linking Russia to the security breaches. Thus, in
a ransomware attack it is highly unlikely that the attacker will get caught. These differences
between a traditional bank robbery and a cyberattack on a bank demonstrate why
cybercrime has drastically increased and will likely continue to increase. They also
demonstrate the difficulty cybersecurity specialists in the government and private industry
face when dealing with cybercrime.Case Study 3.1: The Top 10 Data Breaches1Yahoo—
2014The hackers stole information from 500 million account holders.FriendFinder
Network—2016FriendFinder is the mother company of about 49,000 dating websites. In
2016, data from 412 million users was breached going back as far as 20 years.MySpace—
2016The company “lost” 360 million user passwords.Experian—2012More than 200
million Social Security numbers were breached after the credit reporting company acquired
the data firm Court Ventures.USA Voter Database—2015Voter information from 191
million people dating back to 1990 was stolen.LinkedIn—2012In 2016, LinkedIn admitted
that 165 million accounts had been breached.Nasdaq Stock Exchange—2012Attackers stole
more than 160 million credit and debit card numbers.eBay—2014Fraudsters gained access
to 145 million user accounts.Heartland Payment System—2009Magnetic strip information
from 100 million credit cards was stolen.VK—2016The Russian version of Facebook was
breached and 100 million accounts were breached.What Do You Think?Think about what
user information each of these companies hold. What are the negative consequences for the
victims of the data breach for the different companies?The Evolution of CybercrimePhases
of ConvergenceThere are three phases of convergence in the evolution of cybercrime. In
Phase 1 of convergence, technology is separate from people. It’s also referred to
as sneakerware because people had to physically take a floppy disk or other external hard
drive and walk to a computer to transfer a malware onto the computer. The first Macintosh
virus, Elk Cloner, was part of a video game for computers inserted via a floppy disk.In Phase
2 of convergence, man is leveraging technology—that is, man is using technology. In this
phase, fraudsters developed the first e-mail-born viruses, such as the ILOVEYOU and the
Melissa virus, which spread via e-mail attachment. Everyone who opened the attachment
infected their computer.In Phase 3 of convergence, technology replaces people. The first
malware that fell into this phase was Code Red discovered in 2001. Code Red attacked
Microsoft computer systems and spread to other systems by using HTTP requests. The Code
Red worm does not respond to the owner’s commands, but rather it operates independently
by creating a backdoor into the operating system of the computer. The computer owner
does not know what the worm will do with the computer. The original Code Red initiated a
denial-of-service (DoS) attack on the White House. All machines infected with the Code Red
virus started to send requests to the White House web server at the same time,
overwhelming the server. People who had computers infected with Code Red not only had
an infected machine but they were potentially also suspected of committing a crime (i.e., the
DoS attack) on the White House.2Phase 3 of convergence was also the beginning of the era
of cyberspying. People do not have to be physically present in one country to spy out
information on computers in another country; instead, they can infiltrate computers and
steal information by using computer programs such as Trojan horses. This chapter

3. discusses viruses, worms, and Trojan horses in detail and provides examples for
each.Reference Report: CIA Report on Russian Hacking of Democratic
Partyhttps://www.intelligence.senategov/sites/default/files/documents/ICA_2017_01.pdf
Main Targets in Information TechnologyCybercrimes are a growing problem in need of new
solutions. A whopping 74% of businesses are expected to be successfully hacked in 2017. By
2020, the economic cost of cybercrime is expected to go above $3 trillion. Increasingly,
nation-states are committing the attacks, which results in more sophisticated attacks and
attacks on important infrastructures.6 There are three main targets in information
technology: software, hardware, and the network. Table 3.1 provides some examples of the
vulnerabilities of software, hardware, and networks. Throughout this book we explain these
vulnerabilities and countermeasures in detail.