IOC and Malware

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

10 hours 32 minutes
Video Transcription
Welcome to Cyber is Video Siris on the Comp. Tia Security Plus 5 +01 Certification and Exam.
I'm your instructor, Rahm Warner.
Please visit Cyber Eri died. I t. For more information on this certification and many others
in this video, we'll be discussing section 1.1
given a scenario. Analyzed indicators of compromise and determine the type of malware.
This is the first section in domain one on threats, attacks and vulnerabilities.
IOC are indicators of compromise These are indications that your system may have been breached or there may be some type of a security event. Malware or malicious software is a serious problem in today's computing environment. Malware software designed to harm a user's computer or data
or to steal their information.
As a security professional, you must recognize malicious code and know how to respond appropriately.
This section covers various types of malicious code you might encounter, including viruses, worms, Trojan horses, spyware, rukh, its body debts and logic bombs.
Be aware of different aspects associated with Mauer and how it could attack your system. What avenue it takes the threat vector and the path of destruction, as well as what type of damage will occur when that Mauer does in fact, a computing system.
For example, delivery. How does the Mauer get to the target? Is it through email or malicious website
Propagation is how the malware spreads.
How it gets to the target is one method. What it does at the target. It is the payload. So what does the malware do once it gets there?
Indicators. A compromise. IOC is an artifact observed on a network organ operating system that, with high confidence, indicates a computer intrusion.
Typical IOC's include virus signatures and I P addresses from known malicious sources. MD five hashes of malware files or you are Earls or domain names of botnet. Commanding control servers are other forms of IOC's.
As I mentioned early in this video, malware is malicious software.
It's a very broad term that we use to describe software that's performing bad functions, tower computer or other devices on our network.
You see examples of malware on your screen.
I'll talk about each of these through this video.
The first type of malware I'll discuss our viruses.
This was a term coined by Fred Colen. It's a program intended to damage a computer system. There are many different types of computer viruses. Let me explain a few.
An armored virus is a virus that is protected in a way that makes disassembling it difficult, so it has armor around it, protecting it from anti virus programs.
A companion virus is a virus that creates a new program that runs in the place of an expected program of the same name, for example, explorer Daddy XY. If it's of malware, it would take the place of the Explorer e X E within a window system.
A macro virus uses the macro feature in many applications, such as Microsoft Office. A multipart eat virus is a virus that attacks a system in more than one way. Take multiple paths. There may be multiple channels that uses to infect. The system could also have multiple payloads.
Fage virus is one that modifies our altars, other programs and databases. A polymorphic virus is one that changes, form or mutates in order to do in order to avoid detection. It's polymorphic. It changes the way it looks, acts or behaves
retroviruses, one that attacks or bypasses the antivirus software itself in order to hide its tracks.
A stealth virus is one that attempts to avoid detection by that A V software and from operating systems by remaining in memory, it runs in stealth.
I've covered many types of viruses. There are many more out there.
Be familiar with these as you're studying for security Plus and you as you're acting as a computer security professional,
a common malware or virus type we see infecting systems all over the world are crypto malware and ransomware.
This is malicious software that uses cryptography as part of the attack. It encrypts part of the operating system or files and holds those for ransom until the ransom is met, often by paying Bitcoin,
Ransomware also prevents users from accessing their system or personal files by locking those files.
RANSOMWARE authors order that a payment be sent by crypto currency on light payment systems
or credit card
Example of common crypto malware and ransomware include Crypto Locker, Wanna Cry Lak E Z Crip and not Petra.
Mauer often like to try to hide its tracks from anti virus. A root kit does exactly that. It's a clandestine computer program designed to provide continued privileged access to computer while hiding its presence.
It's also a software program that has the ability to obtain administrator or root level access
and hide from the operating system. Examples include Anti Root Kit, Zeus, Stuxnet, Narc and a Door.
A Trojan horse is another type of Mauer.
It's a harmful piece of software that looks legit or is included with legitimate applications. Remember from History, the Trojan horse. It looked benign on the outside but was malicious on the inside software. Trojan horses worked the same way
a Trojan horses also, any application that masquerades as one thing in order to get past scrutiny and then does some malicious activity.
One of the major differences between Trojan horses and viruses is that Trojan horses tend not to replicate themselves.
Examples of Trojan horse programs include Back Orifice, which is an old one that hit within the whack. A mole game. Stuxnet and Zeus
Worms are types of malware that replicate themselves to systems or devices automatically across the network and without any user intervention to spread, worms either exploit of vulnerability on the target system or use social engineering to trick users into executing it.
Examples of common worms include the I Love You Were My Doom, Storm Worm and a corner cova
and sequel Slammer.
A logic or time bomb is any code that's hidden within an application and causes something unexpected to happen based on criteria being met.
For example, a programmer hides a backdoor within the system. And for some reason the criteria is not Mac, because an infection across the network logic bombs is based on a logic or event happening a time Bob will happen based on a specific time or date.
Key lagers, also known as keystroke loggers, are programs or hardware devices that tracked the activities from input devices. For example, keys pressed on the keyboard, mouse clicks, screen recorders or scrapers.
They're a form of spyware where users are unaware that their actions are being tracked.
The actions are often not only track but sent to some type of centralized command and control. Server key logger software typically stores your keystrokes and a small file, which either access to later or automatically communicated to the person monitoring your actions.
But and but nets are another common form of Mauer.
A pot is an automated software program or network robot. It's often very small that collects information on Web systems,
and it's malicious form a pot is a compromise computer being controlled remotely. Bots are also known as zombie computers due to their ability to operate under remote direction without their owner's knowledge.
About Net is a network of bots network of the compromise computers under the control of a malicious actor also known as a command and control server.
So a CNC server will often run the botnet.
The Attackers who that control botnets are referred to as pot herders or bought masters.
A back door is an undocumented way of accessing the system, bypassing normal channels and normal authentication mechanisms. It can be done for malicious purposes on accident or to allow a back channel onto servers.
The opening left in a program application, usually by the developer, that allows additional access to system's applications or data.
These should be closed when the system is moved into production.
You can check for backdoors by scanning your network vulnerability analysis or pen tests.
A remote access Trojan or remote administration tool are rats.
This is software that remotely gives person full control of a technology device.
They're also known as programs that provide the capability to allow covert ceviche surveillance or the ability to gain unauthorized access to a victim PC.
Some examples of rats include Sub seven back orifice Pro Rat, Turco Dan and Poison Ivy.
Spyware and adware are types of malicious software that don't necessarily do harm. They're more like spying on you or providing you with advertising that you may not want
spyware and adware our applications that covertly monitor online behavior. Maybe without your knowledge or permission.
It collects data and relays it out toe outside party often used for advertising. Otherwise, it does not harm the infected computer users or their data.
There's a line between illegal spyware in the legitimate data collection,
the last indicator of compromise and were malware threat we'll talk about in this video is advanced. Persistent Threat or a P T.
This is a set of stealthy and continuous computer hacking process, often orchestrated by a person or persons targeting a specific entity.
A P T sometimes targets either private organizations, nation states or both for business or political motives.
A P T. Processes require high degree of covert nous over a long period of time.
The advanced process signifies sophisticated techniques using Mauer to exploit complicated vulnerabilities within systems.
The persistent process suggests that an external commanding control, or CNT, system
is continuously monitor in extracting data from the target systems.
The threat process indicates human involvement in orchestrating the attack.
AP Tease continued today and are troublesome part of cybersecurity.
Be familiar with how they work and how you can stop them on your corporate network.
In this video, I talked about numerous types of Mauer, including viruses, Ransomware Worms, Trojans, Rukh, its key lagers, AdWords, spyware box rats, logic bombs and back doors.
Let's practice what we've learned with some sample test questions.
Question one.
In your role as a security administrator, a user contacts you, suspecting that his computer is infected.
Yesterday he loaded a freeware program to help him perform a valid job function.
What type of malicious software is most likely the cause of the infection?
The answer is C. A Trojan War Trojan horse program it hides with legitimate software.
Question, too.
What type of malicious software is deliberately installed by an authorized user and sits dormant until some event in votes? It's malicious payload.
The answer is a A logic bomb.
This concludes the video for section 1.1, given a scenario analyze indicators of compromise and determined the type of Mauer
refer to your study material for more information on all of these topics.
Up Next
CompTIA Security+

CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.

Instructed By