Malware Types

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
>> Hi, and welcome to Lesson 1.3.
00:00
In this lesson we're going to talk about malware.
00:00
Now, the word malware is comprised
00:00
of basically two different words
00:00
: malicious and software.
00:00
Malware is just software that's designed to interfere
00:00
with the computer's normally functioning activity.
00:00
It's a piece of software that
00:00
tries to make a computer function
00:00
differently than it's supposed to
00:00
function or it's designed to function.
00:00
There's a lot of different types of malware.
00:00
We're going to talk about some of
00:00
the common types in this lesson.
00:00
First off, let's start with the virus.
00:00
Now, a virus is just a program that
00:00
inserts itself into another program.
00:00
It's like the human virus,
00:00
like the common cold for example.
00:00
The common cold needs a host in order to survive,
00:00
in human beings that host is the human being.
00:00
With the virus it's the same thing.
00:00
A computer virus needs a host to survive in,
00:00
so it actually injects itself into another program.
00:00
It can't operate on its own independently.
00:00
A lot of times that's injected
00:00
into some sort of an executable.
00:00
Now, it can lie there dormant until that executable is
00:00
run and then that's where the malware is
00:00
going to do whatever it is that it's going to do.
00:00
It can spread itself. Once a host is infected,
00:00
then the virus can spread itself from system to system
00:00
and then infect other hosts
00:00
as it goes on different systems.
00:00
Now a worm is very similar to a virus in that
00:00
it replicates itself just like a virus does.
00:00
But the big difference between a virus and a worm is that
00:00
a worm is actually a standalone program,
00:00
it does not require a host.
00:00
It doesn't have to attach itself to a host,
00:00
but it's a program that works on its own independently.
00:00
It also does not require any sort
00:00
of human interaction to propagate itself.
00:00
Worms are actually designed to propagate themselves.
00:00
They're designed to look for
00:00
vulnerabilities or look for avenues
00:00
of replication on their
00:00
own and to actively go out and spread themselves.
00:00
Now a Trojan,
00:00
the word Trojan comes from the mythological story during
00:00
the Trojan War of the Greeks
00:00
when they were trying to get into the city of Troy,
00:00
but it was too heavily fortified
00:00
they couldn't figure out how to get in.
00:00
They created this gigantic wooden horse as a gift
00:00
to the people of Troy and they wheeled
00:00
it outside the gates of Troy.
00:00
When nightfall came, the people of Troy
00:00
brought the horse inside
00:00
and closed the gates behind them.
00:00
Lo and behold, there were Greek soldiers inside
00:00
the Trojan horse who came
00:00
out at night and wreaked havoc on the city.
00:00
When we're talking about malware,
00:00
the word Trojan is the same thing.
00:00
It's essentially a program that
00:00
disguises itself as another program.
00:00
It'll go round masquerading as
00:00
something that's completely legitimate.
00:00
Oftentimes it'll create backdoors.
00:00
Once it's installed on a system,
00:00
a Trojan oftentimes creates some mechanism so that
00:00
its creators can come back in
00:00
afterwards and access the system.
00:00
Trojans do not replicate themselves.
00:00
Unlike viruses and worms,
00:00
they do require some sort of
00:00
human interaction to replicate themselves.
00:00
Each time a Trojan is going to be installed,
00:00
you have to trick the end-user
00:00
into actually clicking something
00:00
or taking some action to install on a system.
00:00
Adware, it can fall into
00:00
any of those categories we just talked about,
00:00
really like viruses or worms,
00:00
but adware it's exactly what it sounds.
00:00
It's just a piece of software that
00:00
creates some unwanted exposure to advertisement.
00:00
We've all probably seen this,
00:00
if you go out and you download
00:00
some free software or some freeware from a website.
00:00
Maybe you're looking for a compression utility,
00:00
so you go and you find something that zips
00:00
files and unzips files and it's some freeware.
00:00
You install on your system and then lo and behold
00:00
an hour later you go to surf
00:00
the web and every time you open your browser,
00:00
these pop-ups, these ads keep
00:00
popping up and you don't know where they came from.
00:00
That's adware. Now,
00:00
malvertising is similar to
00:00
adware but it's not
00:00
necessarily installing anything on your system.
00:00
What malvertising does is malvertising
00:00
>> is malicious code
00:00
>> that embeds itself into what looks
00:00
>> like a legitimate ad.
00:00
>> Think about if you go to Facebook
00:00
>> for example and you see
00:00
>> those ads that are
00:00
always in your face when you're on Facebook.
00:00
Most of the time those are legitimate ads,
00:00
they just take you somewhere because
00:00
they're trying to sell something.
00:00
But a lot of times, fraud actors will embed code into
00:00
those ads to try to entice people
00:00
to click them to install something on their system.
00:00
That's malvertising.
00:00
Spyware, when spyware is installed
00:00
on a system it's the opposite of adware.
00:00
Adware makes itself a very known,
00:00
it's very noisy, you see ads popping up everywhere.
00:00
Spyware tries to stay in the background, stay incognito.
00:00
Spyware is basically used to spy on a user activities.
00:00
A lot of times that comes in the form of a keylogger.
00:00
A keylogger essentially is just a program that records
00:00
the actual keystrokes that
00:00
an end-user makes in their system.
00:00
That can be very useful if you're trying to
00:00
figure out what someone's password is.
00:00
If you can record the actual strokes that
00:00
that person is making on their keyboard during a login,
00:00
then you have that user's password.
00:00
Spyware can also be used in the reconnaissance phase.
00:00
We talked about the cyber kill chain
00:00
in the previous lesson.
00:00
During that reconnaissance phase,
00:00
spyware sometimes is used
00:00
to take a look at the end-users habits,
00:00
their browsing habits, or their computer habits.
00:00
If you're going to have
00:00
a targeted attack against someone,
00:00
it would help to know what their habits are,
00:00
so you can specify that attack to make it very enticing,
00:00
to make it not look like anything out of
00:00
the norm for that end-user would normally see.
00:00
A ransomware, it's in the news all the time,
00:00
this is one I'm sure we've all heard of.
00:00
A ransomware it can
00:00
spread itself a number of different ways,
00:00
there's no specific way ransomware spreads itself.
00:00
Ransomware is just a term that we use
00:00
to talk about what something does,
00:00
what the malware actually does when it's executed.
00:00
What it does essentially is it threatens to
00:00
publish or block data unless a ransom is paid.
00:00
Most often its encryption is used.
00:00
If your system is infected with ransomware,
00:00
your files will get encrypted.
00:00
You'll start seeing your file extensions
00:00
change from.dat or whatever
00:00
the filename normally was to dot something else or
00:00
some other extension that shows that it's been encrypted.
00:00
When you try to access that file,
00:00
a little pop-up will come on
00:00
the screen and says this file
00:00
has been encrypted please go pay
00:00
this many Bitcoin to this anonymous account
00:00
and in return we'll give you the key to unlock your data.
00:00
The idea is that this falls
00:00
into that category we talked about
00:00
earlier when we talked about motivations of attackers.
00:00
This is that cyber criminal motivation.
00:00
The ones that are usually motivated
00:00
by greed or financial reasons.
00:00
There's basically only two ways
00:00
you can get that data back.
00:00
One is to pay the ransom and
00:00
hope that you get the encryption key.
00:00
These are criminals you're dealing with,
00:00
so who's to say you're going to actually
00:00
get the encryption key if you pay the ransom.
00:00
There's other problems if you pay the ransom as well.
00:00
Number 1, you have to pay, number 2,
00:00
they may or may not give you the key, and number 3,
00:00
now you get put on
00:00
a list of organizations who are willing to
00:00
pay ransom and you are more
00:00
likely to be a target in future attacks.
00:00
The best mitigation for ransomware is to have backups,
00:00
to have good up-to-date backups.
00:00
If something happens and
00:00
your systems get infected with ransomware,
00:00
you can simply recover from
00:00
backup from a known good backup.
00:00
The trick obviously is to not let
00:00
your backup system get infected with ransomware as well.
00:00
Now, the term botnet,
00:00
when we start to talk about a botnet,
00:00
we're just simply talking about a network of
00:00
infected computers that are controlled by one entity.
00:00
A lot of times, a creator of a botnet will
00:00
just blast out malware all over
00:00
the place just to try to infect
00:00
as many systems as they can and that
00:00
malware is designed to be
00:00
controlled from one central location.
00:00
Then once that attacker has that they can go and
00:00
sell or rent that botnet out on the dark web.
00:00
They can rent the services of that botnet.
00:00
The attacker can send commands to their network of
00:00
systems and tell them to do whatever for a fee.
00:00
What you see a lot of times botnets
00:00
used for are in DDoS attacks.
00:00
DDoS stands for distributed denial-of-service.
00:00
Essentially what a DDoS attack is,
00:00
is it is a flood of legitimate requests to a system.
00:00
If you've got a website, for example,
00:00
let's say you normally get 1,000
00:00
users per day that hit your website.
00:00
With a DDoS attack,
00:00
the bad actor can send the command to
00:00
tell the entire network of infected systems,
00:00
everybody go connect to your website all at one time.
00:00
Now instead of 1,000 visits per day,
00:00
you might get 20,000 visits per second.
00:00
The website was never designed
00:00
to withstand that type of volume,
00:00
so it just crashes, it goes down,
00:00
and now your website is down.
00:00
That's essentially what a DDoS attack is.
00:00
Now DDoS can be mitigated,
00:00
there's hardware solutions and there are
00:00
services that can mitigate DDoS attacks.
00:00
But essentially, what all
00:00
of these things do is they sit in front of
00:00
the website and they look at all
00:00
of your traffic coming to your website
00:00
and they create a baseline over time.
00:00
They start to understand what
00:00
normal looks like coming into your website.
00:00
For example, there's peaks and valleys when
00:00
users login and when there's
00:00
not much traffic and things like that.
00:00
Then you can set thresholds within
00:00
that system to say if it goes above this,
00:00
I want you to start scrubbing the data.
00:00
Essentially what will happen is the traffic coming into
00:00
your website gets redirected to some scrubbing mechanism.
00:00
Sometimes it's an off-site service.
00:00
There's these companies that have these huge pipes of
00:00
bandwidth that can just ingest all sorts of traffic.
00:00
They'll redirect your traffic off-site,
00:00
they'll scrub it and
00:00
identify what's malicious and what's not,
00:00
and then only allow
00:00
the legitimate traffic to pass back to your website.
00:00
The end result is you only see the legitimate traffic
00:00
and the service is taking care
00:00
of all of the scrubbing for you.
00:00
That wraps up our lesson.
00:00
The next up we're going to go to Lesson 1.3.2.
00:00
We're going to talk about how to
00:00
identify some of this malware.
Up Next