Government Polytechnic Mumbai

Department of Computer Engineering

Lab Manual

Computer Security (CO19313)

Computer Security (CO19313)

 Experiment No.1
Title: 1. Identify different types of Malware& vulnerability.

2. Install a rootkit hunter and find the malwares in a computer. (Write stepwise

Procedure with screenshots).

Description:

 Malware: Malware refers to any software or code specifically designed to harm,

exploit, or compromise computer systems, networks, or devices without the knowledge
or consent of the user. It is a broad term that encompasses various types of harmful
software, such as viruses, worms, Trojans, ransom-ware, spyware, adware, and more.
The primary intent of malware is to gain unauthorized access to sensitive information,
disrupt computer operations, steal data, extort money (e.g., through ransomware), and
cause other forms of damage to individuals, organizations, or systems.
 Types of Malware:

a) Viruses: A Virus is a malicious executable code attached to another executable file.

The virus spreads when an infected file is passed from system to system. Viruses
can be harmless or they can modify or delete data. Opening a file can trigger a
virus. Once a program virus is active, it will infect other programs on the computer.
b) Worms: Worms replicate themselves on the system, attaching themselves to
different files and looking for pathways between computers, such as computer
network that shares common file storage areas. Worms usually slow down
networks. A virus needs a host program to run but worms can run by themselves.
After a worm affects a host, it is able to spread very quickly over the network.
c) Trojan horse: A Trojan horse is malware that carries out malicious operations
under the appearance of a desired operation such as playing an online game. A
Trojan horse varies from a virus because the Trojan binds itself to non-executable
files, such as image files, and audio files.
d) Adware: It displays unwanted ads and pop-ups on the computer. It comes along
with software downloads and packages. It generates revenue for the software
distributer by displaying ads.
e) Spyware: Its purpose is to steal private information from a computer system for a
third party. Spyware collects information and sends it to the hacker.

Computer Security (CO19313)

 f) Logic Bombs: A logic bomb is a malicious program that uses a trigger to activate
the malicious code. The logic bomb remains non-functioning until that trigger event
happens. Once triggered, a logic bomb implements a malicious code that causes
harm to a computer. Cyber security specialists recently discovered logic bombs that
attack and destroy the hardware components in a workstation or server including the
cooling fans, hard drives, and power supplies. The logic bomb overdrives these
devices until they overheat or fail.
g) Backdoors: A backdoor bypasses the usual authentication used to access a system.
The purpose of the backdoor is to grant cyber criminals future access to the system
even if the organization fixes the original vulnerability used to attack the system.
h) Rootkits: A rootkit modifies the OS to make a backdoor. Attackers then use the
backdoor to access the computer distantly. Most rootkits take advantage of software
vulnerabilities to modify system files.

 Vulnerabilities: Vulnerabilities are weaknesses in a system that gives threats the

opportunity to compromise assets. All systems have vulnerabilities. Even though the
technologies are improving but the number of vulnerabilities are increasing such as
tens of millions of lines of code, many developers, human weaknesses, etc.
Vulnerabilities mostly happened because of Hardware, Software, Network and
Procedural vulnerabilities. Vulnerabilities are weaknesses or flaws in software,
hardware, networks, or configurations that can be exploited by attackers to gain
unauthorized access, cause disruption, steal data, or perform other malicious activities.
 Types of Vulnerabilities:

a) Hardware Vulnerabilities: These vulnerabilities affect the physical components

of computer systems, such as processors, memory modules, or other integrated
circuits. Examples include hardware backdoors or security flaws in the design.
For examples: 1. Old version of systems or devices.
2. Unprotected storage.
3. Unencrypted devices.
b) Software Vulnerabilities: These are weaknesses in software applications,
including operating systems, web browsers, and other programs. They may arise
due to coding errors, buffer overflows, privilege escalation issues, or insufficient
input validation.
For examples:1. Lack of input validation.
2. Unverified uploads.

Computer Security (CO19313)

 3. Cross-site scripting.
4. Unencrypted data, etc.
c) Network Vulnerabilities: Network vulnerabilities involve weaknesses in
network infrastructure, devices, or protocols. Examples include open ports, weak
encryption, misconfigurations, and insecure wireless connections.
For examples: 1. Unprotected communication.
2. Malware or malicious software.
3. Social engineering attacks.
4. Misconfigured firewalls.
d) Web Application Vulnerabilities: These are specific vulnerabilities in web
applications that can be exploited by attackers to compromise the application or
its users. Common web application vulnerabilities include Cross-Site Scripting
(XSS), SQL injection, and Cross-Site Request Forgery (CSRF).
For examples: 1. Injection Flaws.
2. Broken Authentication.
3. Cross-Site Scripting (XSS).

 Steps to install Rootkit Hunter :

i. Rootkit Hunter, is an open-source security tool that scans Linux and Unix
systems for rootkits, backdoors, and other possible security threats. It is an
essential addition to any security-conscious user’s toolkit. This article will
provide a step-by-step guide on how to install and use Rkhunter on Ubuntu
22.04 and Ubuntu 20.04 LTS Linux systems.
ii. In Linux, install rootkit hunter scanner tool if you are using Ubuntu, we are
using below command to install Rootkit Hunter.
Command: - “sudo apt install rkhunter”.
iii. To configure Rkhunter, edit its configuration file located at /etc/rkhunter.conf.
Then we are looking at main configuration file by below command.
Command: -“sudo nano /etc/rkhunter.conf”.
iv. Then, Enable automatic updates by uncommenting and
setting UPDATE_MIRRORS to 1.
v. Configure the download mirrors by uncommenting and
setting MIRRORS_MODE to 0.

vi. Save and close the file once you have made the necessary changes.

Computer Security (CO19313)

 vii. To run an initial system scan, execute the following command.

Command: -“sudo rkhunter –check”.

This command will run Rkhunter with a check option, scanning your system for
potential threats. Once the scan is complete, you can view the results in the log file
at /var/log/rkhunter.log.

viii. Rkhunter will show result based on your system performance, at the end of
result it will show summary which is related to result.

Output:

Computer Security (CO19313)

Computer Security (CO19313)
Computer Security (CO19313)
Computer Security (CO19313)
Computer Security (CO19313)
Computer Security (CO19313)
Computer Security (CO19313)
Computer Security (CO19313)
Conclusion: From this experiment, we have learnt that how to identify various malwares and

the vulnerabilities of our system which allow to enter various malware and how

to use rkhunter tool to identify vulnerabilities.

Computer Security (CO19313)