everyone Welcome back to the core. So in the last video, David, I provided a little background about ourselves. Is your instructors we also covered the course objectives. So again, we're gonna be learning about Mauer. And this course is primarily focused on hands on skills. And then we also talked about the core structure as well.
In this video, where to go over a brief introduction to malware. So we'll talk about things like viruses forms in trojans.
So learning objectives for this particular video we're gonna learn about, as I mentioned the differences between viruses and worms as well as some different ways that an attacker can deliver the malware
so quick, Pre assessment question here, computer viruses are self propagating. Is that true or false?
All right, so that's false. If you know anything about computer viruses, you know that they need a host and that they actually need that host to go from host to host. They need some kind of transmission method. They're not self propagating.
So what is Mauer? Let's talk about that when we primary, they're gonna focus on viruses forms in trojans.
So viruses, As I mentioned already, these need a host and they're gonna attach themselves to file. So unlike a worm that self propagating where it continues on machine to machine continues for the network and the Internet. Ah, virus actually needs some Connie, generally speaking some kind of user interaction to actually, in fact, the machine and go to another machine.
So many different types and not all of these are Excuse me. Not all virus types are listed here, but some of the common ones boot sector ransomware, which David left to show you an example of the wannacry ransomware a little later on in the course
shell viruses, polymorphic and macro viruses. So boot sector, obviously being the fact that they launched in the boot sequence, so very difficult to get rid of these types of viruses.
Ransomware, as I mentioned, that's gonna encrypt your file. So, as I mentioned, we've got an example of that a little later on course Shell virus. She's basically encapsulated virus code polymorphic so keeps changing its coach. It's hard for least signature based anti virus to find it,
and then your macro viruses, which many people are familiar with that affect things like Microsoft Word where your Excel documents
we've got worms, as I mentioned, self propagating, self replicating
thes are primarily targeted to eat up bandwidth, so they're gonna eat up. Your resource is So, for example, if I and led a warm loose on your machine and let's say your machine is isolated, it's gonna eat up all the resources on your particular machine,
and there's many ones. There's many worms out there, especially some familiar ones. If you're taking with CH exam, you might see on there possibly about both rid or someone older worms, not something that's really extremely relevant these days. There are still vulnerable systems out there, surprisingly, But since people like never wanna patch stuff
or they can't patching, you know, depending on if it's ah, particular
operating system or particular software and use that's not supported anymore, there's there are some of autonomous systems still out there.
Trojan. So this is one of the more common things you'll probably hear in the media, especially wrapped. You might hear that terminology. Ramon Remote access Trojan. So thinking from ah, pen tester standpoint, we would use a rat or other type a Trojan to gain access and maintain access to that particular machine
so a Trojan Just doesn't name implies if you're familiar with the the Trojan horse story, it all in, uh, history.
There's a hidden action here. Right? So go on, go to that story. The Trojans wth e Spartans. I think it was from the city. They were attacking the city. Detroit. I should actually know the example. Best Vic. They said, Hey, we're making peace. And they send in this big wooden horse, this big Trojan horse, right?
Ah, And inside of that was a bunch of soldiers, soldiers hiding out. So,
you know, everyone inside the city walls there were let go. Life is grand, you know, We're all safe. And then the out came the soldiers late at night and took over the city.
Now, Trojans themselves operate on many different ports. So, uh, by all means, this is not a list of, like, just the only port you should block on. Keeping in mind that a lot of times the attacker will put it on. Service is that should naturally be coming through. And you'll see many attacks coming through, like https on for 4 43 as well.
But these are some common port. So for example, ports for 07 Timbuktu is the
the attack Port 21 5 44 was girlfriend and then back orifice was 31,337. And also I believe it was 31,338.
Uh, and some common trojans out there that you might see in later things were more recent posts and stuff like that or a motet and trick pot. One of the things to be careful of or my full of if you're wanting to learn about malware is definitely take a look at banking Trojans, you know, things like Zeus even.
And then also, as we mentioned before,
Uh, ransomware, that's That's one of the big things out there as well.
So delivery, how did they get it to you? Well,
in the past, Malvin rising wasn't pretty common format. More so these days, at least in 2019 it seems like their Attackers were doing more targeted attacks. So you definitely want to watch out for things like phishing attacks or even USB drop attacks. And by the way, just a side more.
We do have a fishing and USB dropped AP courses
on Cyber Reza definitely check. Check those out as well.
And then, of course, insider threat. That's your you know, your standard attack method
that most organizations to some capacity can't protect against. But if you think about like a USB attack, for example, you could disable US bees like, you know, using a tool like sofas or something, or whatever you want to use for your management there of your personal devices. But
basically you can disable the ability for someone to plug in a USB or if it does plug in. And if they do, plugging this, USB erases it
So quick Post assessment question here. David's a stock analyst and suspects the machine on the network is infected with a warm with his knowledge of warms. David's best first action is to do which of the following. So taking this in context of just the scenario you're giving, given what is the best first action based off the fact that David realizes that there might be
some kind of attack or infection going on?
Should he a calls manager to report the infection?
Should he be called a sea so and report the network is under attack?
Should he see isolate the infected machine from the network? Or should he d running anti malware solution to check for the infection?
All right, so the best first action here is actually isolation, right? We want to go and isolate the machine from the network because if it is a worm that could potentially be straining, spreading through our other machines.
Now, of course, running an anti Mauer solution is a good idea. But it's not necessarily the best first action based off our scenario here. And then, of course, you know at some point he may want to, Depending on the affection may want to call his manager of the company's protocols when one is called his manager, and even possibly depending on the size of the organization, possibly reach out to like the sea so
and report that the network is under attack or, you know the systems are under attack.
But again, all this dependent upon a particular organization in their structure.
But the best first action here would actually be to isolate the infected machine,
are so in this video, we talked over a brief brief, and I wanna stress very brief introduction to malware. We talked about things like viruses and worms and Trojans and as well as the difference between viruses and worms. So that's definitely something you want to know. If you're going to take any type of certification exam or lady to penetration testing
in the next video, we're gonna jump into our lab. So we'll start off with a lab with a fork bomb attack and we'll talk about what that is in the actual lab. And then Dave could practice will be jumping in after that and some separate videos to actually walk you through a ransomware attack.
This malware analysis training course covers basic information about things like viruses, worms, Trojans, ransomware, and more.