11.1 Malware Part 1 (FI)

00:01

Hi. Welcome back to the course. So the last module we wrapped up our discussion on cloud forensics

00:06

in this video I want to start our discussion on Male were So we'll talk about the different types of malware.

00:12

So just a quick pre assessment question here. Worms do not self propagate. Is that true or false?

00:19

All right, so that's false. They actually do self propagating. We'll talk about that in just a little bit.

00:26

We have different types of malware, and it's not an all inclusive list naming wise, but we've got viruses, worms and trojans are the main ones there. Then we've got other things, you know, that kind of spyware related, like key loggers. We've got rickets, ransomware again. Several of those kind of tuck into each other, but well will differentiate them for this discussion.

00:46

Viruses. So one key aspect here, they self replicate, but they need a host, right? So think about like a virus. You know, I get the flu or something.

00:55

The virus needs to needs a host like me to be able to actually replicate and like, calls me to get the flu right, you know? And then if you sit next to me and I cough on you or something. Then you may get the virus because your host is well right for that particular virus.

01:10

So generally it requires some type of user interaction, not always right. But generally, ah, virus requires some type of user interaction. You know, clicking that excel file clicking, you know, on that website link, you know, whatever the case might be to cause it to then execute and and run.

01:27

So basically a virus is gonna corrupt or modify files again as part of the self replication. It's essentially doing that to take over the files and calls itself to continue running on the system.

01:38

We have run worms eso again, a self replicating here. But the main key aspect that differentiates worms and viruses worms are self propagating. So that just means that they're going to continue sending in cells across the network or the Internet for that example

01:55

to, ah to infect different systems. So one of the main things they do is they consume band with the course. I can do a lot of other things, but generally this song be some kind of been with consumption with a warm attack

02:07

and then Trojans. You know, these are appear to be benign programs like Hey, it's just an excel file. Go ahead and open it. Right. But in there there's, like, root kits and stuff, right? So these don't self propagate that require some type of user interaction to then, you know, download them and allow whatever else might be in there to execute

02:25

key Logger. So this one here just records keystroke, typing away. You know, my username and password for my bank website. You're harvesting that information

02:36

and then root kits. Eso again, these air generally tucked in with Trojans. Nowadays, eso these allow the attacker to maintain access on the system s a lot of times he'll infect at the colonel level. So that way, as you keep rebooting your computer, here comes the root kit again and your system is still compromised. Um,

02:53

you know, so you may have to wipe the OS or something like that. Now, if it's a firmware root kit, generally speaking, you're just gonna have to replace the hardware to get rid of it.

03:05

So, ransom, where you know this one you see in the news a lot, you know, things like the Wannacry worm is a good example of it. So this specially encrypted files demands a ransom payment, you know? Hey, pay me, you know, x $1,000,000 Vic Bitcoins and all the lockers years your files. In most cases, they've never unlock your files. So don't pay the money,

03:23

by the way.

03:24

And it's generally former Trojan that, you know, hides, you know, through other means. And then, you know, executes on the system.

03:34

And again, I mentioned, Wanna Cry is one of the many, many examples out there in the media.

03:39

So how does now we're enter a system so different ways, right? So, through users, you know, executing on spam emails or phishing emails, USB or other external media, USB is probably most common. One People love to pick those up in a parking lot and just put him in the computer

03:54

Third party software. So if you're getting your software updates from 1/3 party and not from the actual vendor,

04:00

that's definitely a risk

04:02

file sharing Web sites

04:04

Ah, wireless Bluetooth attack methods and then compromise website. So you know, things like Maverick Rising, which I've actually why I wasn't a victim of it because I was Ah, I liketo access websites in a sandbox, but, um,

04:18

I was visiting. I forget. I think it was like Forbes or like, you know, like, one of those reputable Web sites. Um, then I was just looking at an article, and, like all of a sudden, you know, ah, execute herbal, I think was for a flash exploit was downloading on my computer. Um, and so, ah, you know, like, it was instant like, you know, it was just like, Oh, you know,

04:38

So I was like, Okay, there we go. There's a maverick rising attack ad was running that all the Senate date

04:43

dropped it. So, you know, uh, I do recommend that if you're kind of browsing the web, I always recommend people do it like in a sandbox, just cause you can reduce a lot of your risk that way. But, you know, you're welcome to do whatever at a minimum, have something like mauer bites or something out there to protect you in that situation.

05:00

And then, like a watering hole attack, you know? So if I'm attacker and I know that

05:03

everyone at your company goes to eat at a certain Chinese restaurant, and they all go look up that restaurant's menu every single day. Then I just go take over. That will take over like Equifax. Well, they're probably about example to use what's right. Why try to take over? You know, like the Department of Defense. You know, website when I could just go take over the Chinese website,

05:21

you know, the Chinese restaurant website,

05:25

and then have all your users come there and I can infect your computers that way.