Time
4 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Transcription

00:00
Hi. Welcome to lesson 1.3.
00:03
And this lesson. We're gonna talk about malware
00:06
now. Malware. The word malware is comprised of basically two different words. Malicious and software. And malware is just software that's designed to interfere with the computers normally functioning activity.
00:18
So it's a piece of software that tries to make a computer function differently than it's supposed to function, or it's designed to function.
00:26
There's a lot of different types of malware. We're gonna talk about some of the common types in this lesson.
00:32
First off, let's start with the virus.
00:34
Now. A virus is just a program that inserts itself into another program. It's kind of like the human virus, like the common cold. For example, the common cold needs ah host in order to survive in human beings. That host is a human being
00:49
with the virus. It's the same thing a computer virus needs a host to survive in. So it actually injects itself into another program.
00:57
It can't operate on its own independently.
01:00
A lot of times that's injected into some sort of an executed ble.
01:03
Now it can lie there dormant until that execute herbal is run, and then that's where the malware is going to do whatever it is it's going to do.
01:11
It can spread itself. Once a host is infected, then the virus can spread itself from system to system and then infect other host as it goes on different systems.
01:23
Now worm is very similar to a virus in that it replicates itself just like a virus does. But the big difference between a virus and a worm is that a worm is actually a standalone program. It does not require a host. It doesn't have to attach itself to a host, but it's a program that works on its own independently.
01:41
It also does not require any sort of human interaction. To propagate itself warms air actually designed to propagate themselves. They're designed to look for vulnerabilities or look for avenues of of replication on their own and to actively go out and spread themselves.
02:00
Now a Trojan, the word Trojan comes from the mythological story of and during the Trojan War of the you know, the Greeks, when they were trying to get into the city of Troy, but it was too heavily fortified. They couldn't figure out how to get in, so they created this gigantic wooden horse as a
02:21
a gift
02:21
to the people of Troy, and they willed it to the city of the gates outside the gates of Troy.
02:25
When nightfall came, the the people Detroit brought the horse inside and closed the gates behind them. And lo and behold, there were Greek soldiers inside the Trojan horse who came out at night and wreaked havoc on the city.
02:40
And when we're talking about malware, the word Trojan is the same thing. It's essentially a program that disguises itself as another program. It'll go around masquerading as something that it's that's completely legitimate,
02:54
and oftentimes it'll create backdoors. So once it's installed on a system, a Trojan often time creates some sort of mechanism so that its creators can come back in afterwards and access the system.
03:07
And Trojans do not replicate themselves. Unlike viruses and worms, they do require some sort of human interaction to replicate themselves that you have toe each time a Trojan is gonna be installed, you have to trick the end user into actually clicking something or taking some action to installed on a system.
03:27
Now adware doesn't really fall into. It could fall into any of those categories we just talked about really like viruses or worms. But adware is simply is exactly what it sounds. It's just a piece of software that creates some sort of unwanted exposure toe advertisement. We've all probably seen this. If you go out and you
03:46
download some free software, some freeware from a website, maybe you're looking for a compression utility.
03:51
So you go and you find something that zips, files and unzips files, and it's some freeware installed on your system and then lo and behold a Knauer. Later, you go to surf the Web, and every time you open your browser, these pop ups, these ads keep popping up. You don't know where they came from. That's adware.
04:08
Now, Malbert sizing is similar to adware, but it's not necessarily installing anything on your system. What Malbert sizing does is Malbert. Sizing is malicious code that embeds itself into what looks like a legitimate add. So think about if you goto Facebook, for example, and you see those ads that are always in your face when you're on Facebook,
04:26
you know, most of time those are legitimate, adds that just take you somewhere because they're trying to sell something, but a lot of times
04:30
threat actors will embed code into those ads to try to entice people to click them to install something on their system. That's Malbert izing
04:43
spyware. When Spiros and stardom on the system, it's the opposite of adware. Adware makes itself very known, right? It's very noisy. You see ads popping up everywhere. Spyware tries to stay in the background, stay incognito. Spyware is basically used to spy on the user activities. In a lot of times that comes in the form of a key logger.
05:02
A key logger essentially is just a programme that records the actual keystrokes that in in user makes in their system. And that could be very useful if you're trying to figure out what someone's password is. If you can record the actual strokes that that person is making on their keyboard during a log in, then you have that users. Password
05:19
Spyware can also be used in the reconnaissance phase. We talked about the Cyber Kill Chain book in the previous lesson. During that reconnaissance phase, spyware sometimes is used to take a look at the in users habits, their browsing habits or their computer habits. You know, during if you're gonna have a targeted attack against someone,
05:40
it would help to know what their habits are. So you can. You can specify that attack to make it
05:45
very enticing to make it not look like anything out of the norm for what that in user would normally see.
05:54
Ransomware. Is it in the news all the time? This is one I'm sure we've all heard of. And Ransomware is essentially, you know, it can spread itself a number of different ways. There's no specific way Ransomware itself spreads itself. It's just ransomware is just a term that we used to talk about what something does, what the malware actually does when it's executed
06:14
and what it does essentially is it threatens to publish
06:16
or block data unless a ransom is paid. Most often, it's encryption is used, and if your system is is infected with ransomware, your files will get encrypted. You'll start seeing your file extensions change from no dot de a. T two or whatever the file name normally was, too
06:33
dot something else or some of the other extension that shows that it's been encrypted, and when you try to access that file.
06:41
Ah, little pop up will come on the screen and says, This file's been encrypted. Please go pay this money Bitcoin to this anonymous account and in return will give you the key to unlock your data.
06:53
And so the idea is that this falls into that category we talked about earlier when we talked about motivations of Attackers. This is that cyber criminal motivation, the ones that are usually motivated by by greed or financial reasons.
07:08
You can, you know, a lot. There's a couple ways, basically only two ways you can get that data back. One is to pay the ransom and get the hope that you get the encryption key right These air, these are criminals you're dealing with. So who's to say you're going to actually get the encryption key if you pay the ransom?
07:23
Um, there's other problems. If you pay the ransom as well, not only do you have to number one, you have to pay number two you might get. They may or may not give you the key
07:30
and number three. Now you you get put on a list of organizations who are willing to pay a ransom, and you are more likely to be a target in future attacks. So the best mitigation for ransom wears toe have backups toe have good up to date backups. And if something happens and your systems get infected with ransomware,
07:49
you can simply recover from back up
07:51
from a known good backup. The trick, obviously, is to not let your backup system get in infected with ransomware as well.
08:01
The term botnet, when we start to talk about a botnet, were just simply talking about a network of infected computers that are controlled by one entity.
08:11
A lot of times, a creative robot net will just blast out malware all over the place just to try to infect as many systems as they can. And that malware is designed to be controlled from one central location. And then, once that attacker has that they can go and sell or rent that botnet out on the dark Web, they can rent the services of that botnet.
08:31
You can send the attacker consent commands
08:33
to their network of systems and tell him to do whatever for a fee. What you see, a lot of times botnets used for are indeed DOS attacks and did all stands for distributed denial of service. Essentially, what Adidas attack is is it is a flood of legitimate requests to a system.
08:52
So if you've got a website, for example, that let's say you normally get 1000 users per day that
08:56
hit your website
09:00
with Adidas attack, the bad actor concerned the command to tell them the entire network of infected systems. Everybody go connect to your website all at one time. So now, instead of 1000 visits per day, you might get 20,000 visits per second
09:15
and the website was never designed to withstand that type of volume. So it just crashes, it goes down and now your website is down.
09:22
That's essentially what Adidas attack ISS. Adidas can be mitigated there. There are no hardware solutions and their services that can mitigate DDOS attacks. But essentially what they do all of these things do is they sit in front of the website and they look a all of your traffic coming your website and they create a baseline. Over time, they start to understand
09:39
what normal looks like coming into your website. For example, there's peaks and valleys when
09:45
users log in, and when There's not much traffic and things like that. And then you can set threat threshold within that system to say If it goes above this, I want you to start scrubbing the data. Essentially, what will happen is the traffic coming into your website gets redirected to some scrubbing mechanism. Sometimes it's an offsite service.
10:03
There's these companies that have these huge pipes of bandwidth.
10:07
I can just in just all sorts of traffic. They'll redirect your traffic off site will scrub it and identify what's malicious and what's not. And then Onley allow the legitimate traffic to pass back to your website. So the end result is you only see the legitimate traffic, and the service is taking care of all of the scrubbing for you.
10:28
So that wraps up our lesson. Next up, we're gonna go to lesson 1.32 We're gonna talk about how to identify some of this malware

Up Next

Infrastructure Security

This course will cover the concepts needed to identify and prevent threats across an enterprise environment. The course content will cover the practical application of security principles, models, and technology covered in previous courses.

Instructed By

Instructor Profile Image
Scott Russ
Security Architect at Nerdery
Instructor