This module introduces the darker side of cybersecurity — malware and common attack methods.Rather than teaching how to attack, you’ll study how these threats work conceptually, how they spread, and how to defend and detect them ethically and safely.
We’ll finish with a hands-on exercise: observing harmless malware behaviors inside a sandboxed virtual lab.
💡 Learning Objectives
By the end of this module, you’ll be able to:
Identify common malware types and behaviors.
Explain how malware spreads through systems.
Recognize typical web-based attack patterns (SQLi, XSS).
Apply defensive controls and patch management.
Conduct a safe malware observation lab using sandbox tools.
1. What Is Malware?
Malware = malicious software designed to harm, steal, or disrupt.
It can encrypt files, spy on users, steal credentials, or hijack devices for attacks.
Common Malware Families:
| Type | Description | Example |
|---|---|---|
| Virus | Attaches to files or programs and spreads when executed. | ILOVEYOU, Melissa |
| Worm | Self-replicates over networks without user action. | Conficker, Slammer |
| Trojan | Disguised as legitimate software. | Fake antivirus apps |
| Ransomware | Encrypts files and demands payment. | WannaCry, Locky |
| Spyware/Adware | Secretly tracks activities or displays ads. | Browser hijackers |
| Rootkit | Hides itself deep in the OS to avoid detection. | ZeroAccess |
2. How Malware Spreads
Typical Infection Vectors:
Phishing emails with malicious attachments.
Fake software downloads or cracked apps.
USB drives or infected external media.
Exploiting unpatched system vulnerabilities.
Drive-by downloads from compromised websites.
Real Example:
The WannaCry ransomware (2017) used an unpatched Windows SMB vulnerability to spread worldwide within hours.
3. Web-Based Attacks (Awareness)
Web attacks target websites and online applications — even your favorite portals.
🧱 SQL Injection (SQLi)
Attackers inject malicious SQL code into a web form or URL.
Goal: steal or modify data from the backend database.
Example:' OR '1'='1';Mitigation: Use parameterized queries and input validation.
🪞 Cross-Site Scripting (XSS)
Injects malicious JavaScript into webpages viewed by other users.
Can steal cookies or perform actions on behalf of victims.
Mitigation: Escape user input and use Content Security Policy (CSP).
🧨 Denial-of-Service (DoS/DDoS)
Overwhelms servers with traffic until they crash.
Mitigation: Use CDNs, rate limiting, and firewall filtering.
4. Mitigation & Defensive Measures
System-Level Defenses:
Install and update antivirus/EDR solutions.
Apply security patches promptly.
Use firewalls and network segmentation.
Maintain least privilege access on user accounts.
Schedule regular backups (3–2–1 rule).
User-Level Defenses:
Don’t click unknown links or attachments.
Verify software sources (official stores only).
Keep browsers, plugins, and OS updated.
5. Patch Management — Your Silent Defender
Many major breaches happen simply because systems aren’t updated.
Patch Management Cycle:
Identify: track software and versions.
Evaluate: check patch importance and urgency.
Test: deploy to test systems first.
Apply: update production devices.
Verify: confirm patch success.
Document: maintain patch history.
🧩 Pro Tip: Use built-in updaters (Windows Update, macOS Software Update) or tools like WSUS, Chocolatey, or Ninite Pro.
6. Practical (Safe) Exercises
Exercise 1 — Safe Malware Observation (Instructor Demo)
Goal: Understand how malware behaves, without risk.
Setup:
Use a virtual machine (VMware or VirtualBox).
Disconnect from the internet (offline mode).
Use a benign malware simulator like EICAR Test File or Cyber Range sandbox.
Steps:
Download or open the benign file in the sandbox.
Observe antivirus reaction and logging behavior.
Check created files, registry entries, or network attempts.
Restore VM snapshot after analysis.
🧩 Record what changes were detected and how the system responded.
Exercise 2 — Patch Checklist
Create a list of all installed apps on your system.
Note the “last updated” date for each.
Check for available updates or patches.
Apply them and document completion.
Deliverable:
Your personal patch management log — start a habit of monthly updates.
Ethics & Legal Compliance
⚠️ Handling or creating real malware outside a controlled, educational sandbox is illegal and unethical.
Always:
Use benign samples or simulators.
Perform analysis only in offline lab VMs.
Never share malware samples online.
Focus on detection and defense, not creation or spread.
💡 Quick Tips Box
💡 Tip: “If you didn’t request it, don’t click it.”
⚙️ Tip: Use virtualization snapshots before any risky testing.
🧩 Tip: Keep an offline backup separate from your daily system.
7. Summary & Takeaways
You’ve now learned how cyberattacks and malware operate — and, more importantly, how to detect and defend against them.
✅ Key points:
Malware comes in many forms — understand behavior, not just names.
Patch and backup regularly to minimize risk.
Web attacks often exploit poor coding or input validation.
Observation and logging are powerful learning tools.
🧱 Next Up: Module 5 — Principles of Security Operations (SecOps) →