NWS MODULE - 3

🫶🏻
CURATED FOR MY FRIENDS WITH by AJ

PART A

Q.1 "Viruses use infection methods whereas spyware

uses web traffic for spreading the fake information?
Do you think computer virus is more dangerous than
spyware? If yes, Why. Remember The learner will try
to recall virus explain a virus is a living thing?"
Ans: Yes, a computer virus is generally more dangerous than spyware. A
computer virus is a malicious program that can replicate itself and spread to other
files or computers, often causing direct harm such as deleting files, corrupting
data, or making a system unusable. In contrast, spyware mainly focuses on
secretly collecting information about the user without causing direct damage to
files or the system. While spyware is a serious privacy risk, viruses can cause
more immediate and widespread harm to computer systems and networks.
A computer virus is not a living thing. Unlike biological viruses, a computer virus is
just a piece of code created by humans. It cannot grow, reproduce, or respond to
its environment on its own; it only acts when executed by a computer.

NWS MODULE - 3 1
 Q.2 "Spyware is loosely defined as malicious software
designed to enter your computer device, gather data
about you, and forward it to a third-party without your
consent. List the types of spyware? Illustrate it."
Ans: The main types of spyware are:

Keyloggers: Record every keystroke you type, capturing sensitive information

like passwords.

Infostealers: Collect a wide range of data such as usernames, passwords,

and browser history.

Password Stealers: Specifically target saved passwords in browsers and

applications.

Banking Trojans: Target online banking sessions to steal financial information.

Adware: Shows unwanted advertisements and tracks your browsing habits.

For example, keyloggers record everything you type, while banking trojans
may change your online banking page to steal your credentials.

Q.3 "A keylogger (short for keystroke logger) is

software that tracks or logs the keys struck on your
keyboard. List out the different approaches and types
of keylogger? Interpret it."
Ans: Keyloggers can be:

Software-based keyloggers: Installed as programs on the computer, they

record keystrokes and sometimes take screenshots or capture clipboard data.

Hardware-based keyloggers: Physical devices placed between the keyboard

and computer or built into the keyboard itself.
Approaches include:

API-based keyloggers: Use system APIs to capture keystrokes.

Kernel-based keyloggers: Operate at the system kernel level, making them

harder to detect.

NWS MODULE - 3 2
 Form-grabbing keyloggers: Capture data entered into web forms before it is
encrypted.
Keyloggers are important because they can be used for both legitimate
monitoring and malicious purposes like stealing sensitive information.

Q.4 "A Keylogger is one of the type of spyware.

Extend why is keylogger is useful in spyware?"
Ans: Keyloggers are useful in spyware because they can secretly record
everything a user types, including passwords, credit card numbers, and personal
messages. This information is very valuable to cybercriminals for identity theft,
financial fraud, or unauthorized access to accounts. Since keyloggers work
silently in the background, they can collect a lot of sensitive data without the user
knowing.

Q.5 "A botnet is a network of physical devices that are

connected to the internet and controlled by malware,
leaving the owner of the device unbeknownst of
anything. Extend the purpose and working process of
botnet with neat diagram?"
Ans:
Purpose: Botnets are used for large-scale attacks like sending spam, launching
Distributed Denial of Service (DDoS) attacks, stealing data, or spreading more
malware.
Working Process:

1. Infection: Malware infects a device, making it a "bot."

2. Connection: The bot connects to a command-and-control (C&C) server

controlled by the attacker.

3. Coordination: The attacker sends commands to all bots via the C&C server.

4. Execution: Bots perform tasks like sending spam or launching attacks.

Diagram (Text Representation):

NWS MODULE - 3 3
 text[Attacker]
|
[Command & Control Server]
|
[Bot 1] [Bot 2] [Bot 3] ... [Bot N]
(Compromised Devices)

Q.6 "A botnet is a network of physical devices that are

connected to the internet and controlled by malware,
leaving the owner of the device unbeknownst of
anything. List the different types of attacks in botnet?
Illustrate each type of attack briefly"
Ans: The main types of botnet attacks are:

Distributed Denial of Service (DDoS): Overloads a target server with traffic,

making it unavailable.

Spam Campaigns: Uses bots to send large amounts of spam emails, often
with phishing or malware links.

Data Theft: Bots steal personal or business data from infected devices.

Click Fraud: Bots simulate clicks on ads to generate fake revenue.

Credential Stuffing: Bots use stolen usernames and passwords to try to log in
to various websites.

Each attack uses the combined power of many infected devices to have a
bigger impact.

Q.7 "A buffer overflow (or buffer overrun) occurs

when the volume of data exceeds the storage
capacity of the memory buffer. Which attack uses this
buffer overflow technique."
Ans: Buffer overflow techniques are used in control hijacking attacks,
especially stack-based buffer overflow attacks. In these attacks, attackers send
more data than expected, overwriting important memory areas and gaining control
over the program’s execution. This allows them to run their own malicious code.

NWS MODULE - 3 4
 Q.8 "Fuzzing is a Black Box software testing
technique, which basically consists in finding
implementation bugs using malformed or semi-
malformed data injection in an automated fashion.
Interpret and contrast all kind of techniques in
fuzzing?"
Ans: Types of fuzzing techniques include:

Mutation-based Fuzzing: Takes valid inputs and mutates them to create new
test cases.

Generation-based Fuzzing: Generates test cases from scratch based on input

format specifications.

Protocol-based Fuzzing: Targets network protocols by sending malformed

messages.

File format fuzzing: Tests software that opens specific file types with
malformed files.
Contrast: Mutation-based is easier but less thorough, while generation-based
is more complete but complex. Protocol and file format fuzzing are specialized
for certain applications.

Q.9 "Fuzzing is a Black Box software testing

technique, which basically consists in finding
implementation bugs using malformed or semi-
malformed data injection in an automated fashion. List
the types of Fuzzing? Interpret its pros and cons."
Ans:

Types of Fuzzing:

Mutation-based Fuzzing

Generation-based Fuzzing

NWS MODULE - 3 5
 Protocol-based Fuzzing
Pros:

Finds unknown bugs and vulnerabilities.

Automated, allowing for large-scale testing.

Does not require source code access.

Cons:

May miss logical errors.

Can create many false positives.

Generation-based fuzzing can be complex to set up.

Q.10 "A buffer overflow attack is a common

cyberattack that deliberately exploits a buffer
overflow vulnerability where user-controlled data is
written to memory. Extract the types of buffer
overflow attacks in control hijacking attack?"
Ans: Types of buffer overflow attacks used in control hijacking include:

Stack-based buffer overflow: Overwrites stack memory, often changing the

return address to execute malicious code.

Heap-based buffer overflow: Targets heap memory to overwrite data

structures and potentially execute code.

Format string attacks: Exploit functions that process format strings, allowing
attackers to read or write arbitrary memory.
All these attacks aim to hijack the program’s control flow and let attackers run
their own code.

PART B

NWS MODULE - 3 6
 Q1: What is malware? List out the types of malwares?
Explain the working procedure of malware attack.
Ans: Malware (malicious software) is intrusive code designed by cybercriminals to
damage systems, steal data, or hijack resources. It operates without user consent
and exploits vulnerabilities for malicious intent.

Types of malwares include:

1. Ransomware: Encrypts files and demands payment for decryption (e.g.,

locking critical city infrastructure).

2. Spyware: Secretly monitors user activity (e.g., keyloggers recording

keystrokes).

3. Trojans: Disguised as legitimate software to create backdoors for attackers.

4. Worms: Self-replicating malware spreading via networks (e.g., infecting

unpatched devices).

5. Adware: Displays intrusive ads while tracking browsing habits.

6. Fileless Malware: Resides in memory to evade detection (e.g., manipulating

system tools like PowerShell).

7. Viruses: Attaches to clean files, replicating when executed (e.g., corrupting

documents).

8. Rootkits: Grants attackers remote admin control while hiding malicious

processes.

Working procedure of a malware attack:

1. Entry: Delivered via phishing emails, malicious downloads, or infected USB

drives. For example, a user clicks a compromised email link.

2. Initial Compromise: Malware executes, embedding itself into system

processes (e.g., fileless malware exploiting RAM).

3. Command and Control (C&C): Connects to attacker-controlled servers for

instructions.

4. Lateral Movement: Spreads to other devices/accounts within the network

(e.g., stealing credentials to access servers).

NWS MODULE - 3 7
 5. Exfiltration/Corruption: Steals data (e.g., financial records) or corrupts
systems (e.g., ransomware encrypting files).

Q2: Define computer Virus. List out the different types

of computer viruses.
Ans: A computer virus is self-replicating malware that attaches to legitimate files
or programs. When executed, it spreads by modifying other software and often
corrupts data, disrupts operations, or enables unauthorized access.
Types of computer viruses:

1. Direct-Acting Virus: Infects files (e.g., .exe or .com ), activating when the file
opens. Easily removed by antivirus tools.

2. Resident Virus: Lodges in RAM, activating when specific files are accessed.
Harder to detect due to memory persistence.

3. Overwrite Virus: Deletes or corrupts infected file content. Recovery requires

deleting the file entirely.

4. Boot Sector Virus: Targets boot systems (e.g., via USB drives), requiring full
device formatting for removal.

5. Web Script Virus: Executes malicious scripts via browsers to steal data or
alter settings.

6. Macro Virus: Embeds in documents (e.g., Word/Excel), activating when

macros run.

Q3: Define Spyware. Explain the different types of

spyware.
Ans: Spyware is malware that covertly gathers user data (e.g., passwords,
browsing history) and transmits it to third parties without consent. It operates
stealthily, often bundled with legitimate software.
Types of spyware:

1. Keyloggers: Records keystrokes to capture passwords, messages, and

financial details.

NWS MODULE - 3 8
 2. Infostealers: Scans devices for sensitive data (e.g., documents, cookies) and
exfiltrates it.

3. Trojans: Masquerades as harmless software to install spyware (e.g., fake

VPNs).

4. Adware: Tracks browsing habits to deliver targeted ads; malicious variants sell
data to attackers.

5. Tracking Cookies: Monitors online activity across websites to build user

profiles for advertising or fraud.

Q4: What are the techniques used for preventing

Computer Viruses?
Ans:

1. Use Anti-Malware Software: Install tools like antivirus programs for real-time
scanning and threat removal.

2. Enable Firewalls: Block unauthorized network access (e.g., configure OS

firewalls).

3. Update OS/Software: Patch vulnerabilities via automatic updates to fix

security flaws.

4. Avoid Untrusted Sources: Download software/apps only from official stores

or verified sites.

5. Disable Email Image Previews: Prevent malware-laden images from auto-

loading in emails.

6. Regular Backups: Maintain offline backups to restore data after attacks.

7. Email Caution: Never open suspicious attachments or links, especially from

unknown senders.

Q5: How to recognize your system has virus? Explain

with an example.
Ans:

NWS MODULE - 3 9
 Signs of infection:

Performance Issues: Sudden slowdowns, crashes, or freezing during routine

tasks.

Unusual Activity: Unexpected pop-ups, changed browser settings, or

disabled security tools.

Resource Abuse: High CPU/disk usage when idle (e.g., cryptojacking malware
mining cryptocurrency).

File Corruption: Missing files, inaccessible data, or unexplained file size

changes.

Network Traffic: Spikes in data usage from background malware

communications.

Example: A user notices frequent browser redirects to scam sites and anti-
malware alerts about "Trojan:Win32/Zacinlo." Scans reveal a fake VPN app
installed days prior, which injected malware stealing banking credentials.

Q6: What is denial of service attack? Give any

example.
Ans: A Denial of Service (DoS) attack overwhelms a system (e.g., server,
network) with traffic to disrupt legitimate access. A Distributed DoS (DDoS) uses
multiple compromised devices (botnets) for larger-scale attacks.

Example: In 2023, the "Mēris" botnet launched a record-breaking DDoS attack,

generating 21.8 million requests per second. It exploited vulnerable proxy servers
to flood targets with HTTP traffic, causing extended outages for financial
institutions.

Q7: What is keylogger? List out the types of Keylogger.

Ans: A keylogger is spyware or hardware that records keystrokes to capture
sensitive input (e.g., passwords, credit card numbers).

Types:

1. Software Keyloggers:

NWS MODULE - 3 10
 API-Based: Intercepts keystrokes via system APIs.

Kernel-Based: Operates at OS kernel level for stealth.

Form-Grabbers: Captures form data pre-encryption (e.g., login fields).

2. Hardware Keyloggers: Physical devices (e.g., USB dongles) between the

keyboard and computer.

Q8: What is difference between DOS and DDOS

attack?
Ans:

Feature DoS Attack DDoS Attack

Source Single system Multiple systems (botnet)

Scale Limited traffic volume Massive, distributed traffic

Complexity Easier to mitigate Harder to trace/shut down

Impact Disrupts small services Cripples large infrastructure

Example Ping flood from one IP Botnet flooding a bank’s servers

Q9: What is control hijacking? Explain with an

example.
Ans: Control hijacking exploits software vulnerabilities (e.g., buffer overflows) to
seize a program’s execution flow, enabling attackers to run malicious code.

Example: In a stack-based buffer overflow, an attacker sends excess data to a

program’s input field. This overflows the buffer, overwriting the return address on
the stack. When the function exits, it redirects execution to the attacker’s code
(e.g., malware payload), compromising the system.

Q10: What is buffer overflow? What are the common

causes of buffer overflow?
Ans: A buffer overflow occurs when data exceeds a memory buffer’s allocated
space, corrupting adjacent memory. This often leads to crashes, data loss, or

NWS MODULE - 3 11
 control hijacking.

Common causes:

1. Unbounded Input: Failing to validate input size (e.g., using strcpy() without
length checks).

2. Poor Memory Management: Using unsafe functions like gets() or scanf() .

3. Integer Overflows: Miscalculating buffer sizes due to arithmetic errors.

4. Language Vulnerabilities: C/C++ lack built-in bounds checking.

Attack Types:

Stack Overflow: Overwrites stack memory to hijack return addresses.

Heap Overflow: Corrupts dynamic memory structures.

Format String Attacks: Exploits printf() style functions to read/write memory.

Q11. Can we consider exploit as a form of malware?

Explain the consequences of an exploit attack.
Ans: An exploit is not exactly a form of malware, but it is closely related. An exploit
is a piece of code or a technique that takes advantage of vulnerabilities or flaws in
software, operating systems, or hardware. Its main purpose is to gain
unauthorized access or control over a system. While malware is a malicious
program designed to harm or steal data, an exploit is the method used to break
into a system by abusing its weaknesses. Often, exploits are used to deliver
malware—once the exploit successfully breaches the system, it can install
viruses, ransomware, or spyware.

The consequences of an exploit attack can be severe. If an attacker successfully

uses an exploit, they can gain unauthorized access to sensitive information, install
malware, disrupt services, or even take full control of the system. This can lead to
data breaches, financial loss, reputational damage, and loss of trust for individuals
or organizations. In some cases, exploit attacks can be used to create backdoors,
allowing attackers to return and compromise the system repeatedly.

NWS MODULE - 3 12
 Q12. Distinguish between virus, worms and Trojan?
Are virus and worms similar?
Ans: Viruses, worms, and Trojans are all types of malware, but they differ in how
they spread and operate.

A virus attaches itself to legitimate files or programs and spreads when those
files are executed. It requires user action to propagate, such as opening an
infected file.

A worm is a standalone program that can self-replicate and spread across

networks without user intervention. Worms often exploit vulnerabilities to
move from one computer to another automatically.

A Trojan (or Trojan horse) disguises itself as a harmless or useful program to

trick users into installing it. Once installed, it can open backdoors, steal data,
or cause harm, but it does not self-replicate like viruses or worms.

While viruses and worms are similar in that they both replicate and spread, the key
difference is that viruses need a host file and user action, while worms can spread
on their own, often much faster and more widely.

Q13. Can you clarify whether a keylogger is considered

a spyware or Trojan? Additionally, can you explain why
it falls under the category that it does?
Ans: A keylogger is primarily considered a type of spyware. Spyware is software
that secretly monitors user activity and collects information without the user’s
consent. Keyloggers record every keystroke a user makes, capturing sensitive
information such as passwords and messages, and then send this data to an
attacker.
However, a keylogger can also be delivered as a Trojan. In this case, it is hidden
inside a seemingly legitimate program (the Trojan) that the user installs, and then
the keylogger operates in the background. The main reason keyloggers are
classified as spyware is because their main function is to spy on users and steal
information, which is the core purpose of spyware.

NWS MODULE - 3 13
 Q14. What are the signs of a computer exploit attack
and how to identify them?
Ans: Signs of a computer exploit attack can include:

Unexpected crashes or system instability.

Unusual network activity, such as large amounts of data being sent or

received.

Unauthorized changes to system settings or files.

New or unknown programs running in the background.

Security software being disabled without user action.

Pop-ups or redirects to suspicious websites.

To identify exploit attacks, use updated security software that can detect
suspicious behavior, regularly monitor system logs for unusual activity, and keep
all software and operating systems up to date to patch known vulnerabilities.

Q15. What is file infector virus? What are the common

ways to prevent a file infector virus from infecting a
computer system?
Ans: A file infector virus is a type of virus that attaches itself to executable files
(like .exe or .com files). When the infected file is run, the virus activates and can
spread to other files or systems, corrupting data or making programs unusable.
To prevent file infector viruses:

Use reliable antivirus software and keep it updated.

Regularly update your operating system and all installed software to patch
vulnerabilities.

Avoid downloading or running files from unknown or untrusted sources.

Do not open email attachments from unknown senders.

Regularly back up important data to restore it in case of infection.

NWS MODULE - 3 14
 Q16. What is fuzzing? What types of input can be used
in fuzzing? Write the challenges of fuzzing.
Ans: Fuzzing is a software testing technique that involves automatically providing
a program with a large amount of random, unexpected, or malformed input data to
discover bugs and vulnerabilities. The goal is to see if the program crashes,
behaves unexpectedly, or exposes security flaws.
Types of input used in fuzzing include:

Random strings of characters.

Malformed files or data packets.

Boundary values (very large or very small numbers).

Protocol-specific messages.

Challenges of fuzzing include:

Generating meaningful test cases that actually trigger vulnerabilities.

Handling programs that require complex or stateful input.

Analyzing and triaging the large number of crashes or errors to find real
security issues.

Dealing with code coverage limitations, as some parts of the program may not
be exercised by random input.

Q17. Illustrate the logical flow of information during a

typical HTTP request and response cycle. How do
HTML, CSS, and JavaScript contribute to the rendering
of web pages?
Ans: In a typical HTTP request and response cycle:

1. The user enters a URL in the browser.

2. The browser sends an HTTP request to the web server.

3. The server processes the request and sends back an HTTP response, usually
containing an HTML file.

NWS MODULE - 3 15
 4. The browser receives the HTML and starts rendering the page.

5. If the HTML references CSS files, the browser requests those files and applies
the styles to format the content.

6. If the HTML references JavaScript files, the browser downloads and executes
the scripts, which can modify the page dynamically.

HTML provides the structure and content of the web page.

CSS styles the HTML elements, controlling layout, colors, fonts, and more.

JavaScript adds interactivity and dynamic behavior, such as responding to

user actions or updating content without reloading the page.

Q18. What are the types of attacks? Explain with

examples.
Ans: Common types of attacks include:

Malware attacks: Installing malicious software like viruses, worms, or

ransomware (e.g., WannaCry ransomware attack).

Phishing attacks: Sending fake emails or messages to trick users into

revealing sensitive information (e.g., fake bank login pages).

Denial of Service (DoS) attacks: Overloading a system with traffic to make it

unavailable (e.g., flooding a website with requests).

Man-in-the-Middle attacks: Intercepting and altering communication

between two parties (e.g., eavesdropping on unsecured Wi-Fi).

SQL Injection: Inserting malicious SQL code into a database query to access
or manipulate data (e.g., bypassing login authentication).

Password attacks: Attempting to guess or steal passwords using brute force

or social engineering.

Q19. Analyze the potential consequences of a system

infected with spyware and keyloggers. How can

NWS MODULE - 3 16
 organizations balance the need for monitoring with
user privacy concerns?
Ans: If a system is infected with spyware and keyloggers, sensitive information
such as passwords, personal data, and business secrets can be stolen. This can
lead to identity theft, financial loss, reputational damage, and legal consequences
for both individuals and organizations.
Organizations can balance monitoring and privacy by:

Clearly informing users about monitoring policies.

Limiting monitoring to what is necessary for security and compliance.

Using anonymized or aggregated data where possible.

Implementing strict access controls to monitoring data.

Regularly reviewing and updating privacy policies to reflect current practices

and legal requirements.

Q20. Explain the working of spyware in detail.

Ans: Spyware is a type of malicious software that secretly installs itself on a
computer, often bundled with legitimate software or downloaded from malicious
websites. Once installed, it operates in the background, collecting information
such as browsing history, keystrokes, login credentials, and other personal data.
The spyware then sends this information to the attacker, who can use it for
identity theft, financial fraud, or corporate espionage. Some spyware can also
change system settings, redirect web traffic, or display unwanted ads. Spyware is
difficult to detect because it tries to hide its presence and may disable security
software to avoid removal. Regular scans with updated security tools and cautious
browsing habits are essential to prevent and remove spyware.

PART - C

Q1. What is malware? Explain each type of malware

briefly.

NWS MODULE - 3 17
 Ans: Malware, short for malicious software, is any program or code designed to
harm, exploit, or gain unauthorized access to computer systems, networks, or
data. Malware comes in many forms, each with unique behaviors and attack
methods:

Virus: Attaches itself to legitimate files or programs and spreads when those
files are executed. It can corrupt, delete, or modify data.

Worm: A self-replicating program that spreads independently across

networks, often causing network congestion and data loss.

Trojan: Disguises itself as legitimate software to trick users into installing it.
Once inside, it can steal data, install more malware, or open backdoors.

Ransomware: Encrypts files or locks devices, demanding payment (ransom)

to restore access.

Spyware: Secretly monitors user activity, collecting sensitive information like

passwords or browsing habits.

Adware: Displays unwanted advertisements, often tracking user behavior for

targeted ads.

Rootkit: Hides deep within the system to provide attackers with privileged
access and conceal other malware.

Keylogger: Records keystrokes to steal sensitive data such as passwords.

Fileless Malware: Operates in system memory without creating traditional

files, making it harder to detect.

Botnet: Turns infected devices into “bots” that can be remotely controlled for
large-scale attacks like DDoS.

Cryptojacker: Uses system resources to mine cryptocurrency without the

user’s consent.

Wiper Malware: Destroys data on infected systems, often irreversibly.

Q2. What is spyware? List the types of spyware and

explain it briefly.

NWS MODULE - 3 18
 Ans: Spyware is a type of malware that secretly gathers information about a user
or organization without their knowledge. It monitors activities, collects data, and
sends it to third parties.
Types of spyware:

Keyloggers: Record every keystroke, capturing sensitive data like passwords

and messages.

Infostealers: Search for and steal files, credentials, and other valuable data.

Password Stealers: Specifically target passwords stored in browsers or

applications.

Banking Trojans: Target online banking sessions to steal financial information.

Adware: Tracks browsing habits to display targeted ads and may also collect
personal data.

Tracking Cookies: Monitor web activity across multiple sites for profiling.

Q3. What is the impact of virus in your system and how

to prevent it.
Ans: A virus can cause a range of negative impacts on your system, including data
corruption, loss of important files, slow performance, unauthorized access, and
even system crashes. Some viruses may spread to other devices, compromise
sensitive information, or disable security features.

To prevent virus infections:

Install and regularly update antivirus software.

Keep your operating system and applications updated.

Avoid clicking on suspicious links or downloading attachments from unknown

sources.

Use strong, unique passwords and enable firewalls.

Regularly back up important data to recover from potential attacks.

NWS MODULE - 3 19
 Q4. List out the different types of botnet? Explain it
briefly.
Ans: A botnet is a network of infected devices controlled remotely by an attacker.
Types of botnets include:

Centralized Botnet: All bots communicate with a single command-and-control

(C&C) server. Easy to manage but vulnerable if the server is taken down.

Decentralized (Peer-to-Peer) Botnet: Bots communicate with each other,

making it harder to disrupt the network.

Hybrid Botnet: Combines features of both centralized and decentralized

models for greater resilience.
Botnets are often used for sending spam, launching DDoS attacks, stealing
data, or spreading more malware.

Q5. How does DOS attack work? Explain it with neat

diagram
Ans: A Denial of Service (DoS) attack works by overwhelming a target server or
network with excessive traffic or requests, causing it to slow down or become
completely unavailable to legitimate users.
Diagram (text representation):
text[Attacker] ---> [Flood of Requests] ---> [Target Server]
|
(Server Overloaded)
|
(Legitimate Users Blocked)

The attacker sends a massive number of requests, consuming all the server’s
resources, so real users cannot access the service.

Q6. Distinguish between denial of service attack and

distributed denial of service attack. Explain each
attack with one example.
Ans:

NWS MODULE - 3 20
 Denial of Service (DoS) Attack: Originates from a single source, flooding the
target with traffic. Example: A single computer sends repeated requests to a
website until it crashes.

Distributed Denial of Service (DDoS) Attack: Originates from multiple sources

(often a botnet), making it much harder to block. Example: The Mirai botnet
attack, where thousands of infected IoT devices flooded a DNS provider,
causing widespread internet outages.

Q7. Discuss about worms, ransomware, adware and

spyware with an example
Ans:

Worm: Self-replicates and spreads across networks. Example: The

“ILOVEYOU” worm spread via email, infecting millions of computers
worldwide.

Ransomware: Encrypts files and demands payment. Example: WannaCry

ransomware locked users out of their data and demanded ransom in Bitcoin.

Adware: Displays unwanted ads. Example: “Fireball” adware hijacked

browsers to generate ad revenue.

Spyware: Secretly monitors user activity. Example: “CoolWebSearch” spyware

tracked browsing and changed browser settings.

Q8. What are fuzzing techniques and fuzzing attack.

Ans: Fuzzing techniques involve automatically providing invalid, unexpected, or
random data as inputs to a program to find bugs and vulnerabilities. A fuzzing
attack uses these techniques to discover exploitable flaws that can be used for
malicious purposes, such as crashing the system or gaining unauthorized access.

Q9. Explain the working process of exploit attack.

Ans: An exploit attack begins by identifying a vulnerability in software or
hardware. The attacker crafts malicious input or code to trigger the vulnerability,

NWS MODULE - 3 21
 which can lead to unauthorized access, execution of arbitrary code, or system
compromise. Once the exploit is successful, it may install malware, steal data, or
open backdoors for future attacks.

Q10. What are the approaches of fuzzing? Explain it

briefly.
Ans:

Mutation-based Fuzzing: Alters existing valid inputs to create new test cases.

Generation-based Fuzzing: Generates inputs from scratch based on input

specifications or protocols.

Protocol-based Fuzzing: Focuses on network protocols, sending malformed

packets to test systems.
Each approach helps uncover different types of vulnerabilities by testing how
software handles unexpected or malformed inputs.

Q11. List the different types of fuzzing and explain it

briefly.
Ans:

Black-box Fuzzing: Tester has no knowledge of the internal workings of the

program; only inputs and outputs are observed.

White-box Fuzzing: Tester has full knowledge of the source code and can
target specific areas.

Grey-box Fuzzing: Combines both approaches, using partial knowledge of the

system for more efficient testing.
Each type offers different levels of insight and effectiveness in finding bugs.

Q12. What are the types of exploit attacks?

Ans:

Buffer Overflow Exploits: Overwrite memory to execute arbitrary code.

NWS MODULE - 3 22
 SQL Injection: Insert malicious SQL queries to access or modify databases.

Cross-Site Scripting (XSS): Inject scripts into web pages viewed by others.

Privilege Escalation: Gain higher access rights than intended.

Remote Code Execution: Run malicious code on a remote system.

Q13. What is denial of service attack? Explain its types

with example.
Ans: A Denial of Service (DoS) attack is an attempt to make a system or network
unavailable to users by overwhelming it with traffic or requests.

Types:

Volume-based attacks: Flood the target with massive amounts of data (e.g.,
UDP flood).

Protocol attacks: Exploit weaknesses in network protocols (e.g., SYN flood).

Application-layer attacks: Target specific applications or services (e.g., HTTP

flood).

Example: A SYN flood attack sends repeated SYN requests to a server, consuming
its resources and preventing legitimate connections.

Q14. Explain Control hijacking with an example briefly?

Ans: Control hijacking occurs when an attacker exploits a vulnerability (like a
buffer overflow) to take control of a program’s execution flow. For example, by
overflowing a buffer, the attacker can overwrite the return address on the stack,
causing the program to jump to malicious code instead of its intended function.

Q15. How DOS attack works? Explain it with neat

diagram
Ans: In a DoS attack, the attacker sends excessive requests to the target server,
overwhelming its capacity and causing it to crash or become unresponsive.
Diagram (text representation):

NWS MODULE - 3 23
 text[Attacker] ---> [Massive Requests] ---> [Target Server]
|
(Server Overloaded)
|
(Service Unavailable)

Legitimate users are unable to access the service due to the overload.

Q16. Distinguish between denial of service attack and

distributed denial of service attack? Explain each
attack with one example.
Ans:

DoS Attack: Single source floods the target. Example: One computer sends
repeated requests to a website, causing it to crash.

DDoS Attack: Multiple sources (botnet) flood the target. Example: The 2016
Mirai botnet attack used thousands of IoT devices to bring down major
websites.

Q17. What are worms, ransomware, adware and

spyware? Explain with an example
Ans:

Worm: Self-replicates and spreads across networks. Example: “Stuxnet”

worm targeted industrial systems.

Ransomware: Encrypts files and demands ransom. Example: “CryptoLocker”

ransomware demanded payment to unlock files.

Adware: Displays unwanted ads. Example: “Gator” adware tracked browsing

and showed pop-ups.

Spyware: Monitors user activity. Example: “FinFisher” spyware used for

surveillance.

Q18. What is the main goal of fuzzing attack?

NWS MODULE - 3 24
 Ans: The main goal of a fuzzing attack is to discover vulnerabilities and bugs in
software by providing it with unexpected, malformed, or random inputs that may
cause crashes, leaks, or security breaches.

Q19. What is an exploit attack? How to mitigate it?

Ans: An exploit attack targets vulnerabilities in software or hardware to gain
unauthorized access or control. To mitigate exploit attacks, keep systems
updated, use security patches, employ intrusion detection systems, and follow
secure coding practices.

Q20. Explain fuzzing? Explain it briefly.

Ans: Fuzzing is a software testing method that involves sending random or
malformed data to a program to find bugs and vulnerabilities. It helps developers
uncover weaknesses that could be exploited by attackers, improving overall
software security.

NWS MODULE - 3 25