Types of Malware (part 2)
Types of Malware (part 2) In this second part of our lesson on Malware, we explore in detail Adware, Ransomware, Trojans, Spyware and other types of Malware. Form this lesson you'll learn what each type does, points of entry into the network and you'll learn the various ranges of damage these Malware types can cause. toggle_content title="Transcrip...
Types of Malware (part 2) In this second part of our lesson on Malware, we explore in detail Adware, Ransomware, Trojans, Spyware and other types of Malware. Form this lesson you'll learn what each type does, points of entry into the network and you'll learn the various ranges of damage these Malware types can cause. [toggle_content title="Transcript"] Hello again. My name is John Oyeleke. I am a subject matter expert for the CompTIA security plus S-Y-0-4-0-1. Today WE WILL BE LOOKING AT "TYPES OF MALWARE". This is section 3.1 in the CompTIA syllabus. Types of malware. We have different types of malware to review. We will be discussing things like ad-ware, ransomware, viruses, spyware and Trojans, rootkits, backdoors, logic bombs, botnets. Let's start with Ad-ware. The term ad-ware comes from advertising software. So we can see the term ad-ware comes from advertising software. People need to put adverts in front of your eyeballs. You visit a website and you have pop-ups appear on your screen. Pop-ups could be very irritating and some of them could come with a malicious payload. You spend your time, waste your time, trying to click on the pop-ups to close them off. What if you activate a malicious payload? Ad-ware, we experience this in the form of pop-ups. There are methods by which we could prevent against adware, in the form of pop-ups. We go to--you click on start, control panel. You go to internet options within the control panel. On the internet options you have on the privacy tab you could turn on pop-ups or disable popups from there. The issue with popups is that when you visit some sites they would request the use of the pop ups. "Oh, you must have pop-ups turned on to use this site." For such sites, on that same page you could selectively click on, "settings" to allow those specific websites. This is how you take care of the pop-ups. Our next one we have there, malware. We look at viruses. Viruses are malicious program designed to cause harm to your systems. They have numerous types of effects. Some will slow down your pc. Your files will start to disappear. Files start to change size. The icons start to look different. Those are different symptoms about malware in the form of a virus. There are distinct characteristics about viruses. Viruses are said to be dormant in that they need human interaction. A virus needs a file to attach to. The virus would attach to the file, one of the reasons why we see files increase in size and every time you move the file you are moving the virus. You open the file you are running the virus. You copy the file you've copied the virus, so Viruses need human interaction. Worms on the other hand are also malicious programs designed to cause harm to your system. However, worms unlike viruses do not require human interaction. These worms are designed to self-replicate. They know how to move from one media to the next. They know how to propagate themselves on the system. We also have Trojans. Trojans are software designed. They appear to do good, but they're also doing bad. An unknowing person would go to a website, you download a software make your computer run faster. You think this software is going to make your computer run faster not knowing that it's also doing some other things in the background. Those are called Trojans. They are malicious. They are presented as doing good but they also have bad properties they have to offer. We also look at rootkits. Rootkits are tools used by malicious persons to gain root access to your systems and also hide their presence within the system. When we say root access, we mean administrative access. You remotely gain administrative access to a system and also hide the presence within the system because the longer they can stay in the system the better. The earlier you can detect them you want to kick them out, so they want to mask their presence within your system. Another type we look at is logic bomb. A logic bomb is a piece of code inserted in your software. A piece of code inserted in your software to activate at a future date or event. Maybe at a specified date as programed by the attacker. The systems, maybe your network might go down, a server might shut down or the server gets the impression it's filling up on space and is giving an alert. Malicious persons would use this probably put themselves on your payroll. That way every time you invite them to solve the problem they get paid for it. That is the logic bomb. A piece of code inserted in your software. A logic bomb is usually very difficult to detect. Best way is that they can stay dormant until the triggers are alerted. Until the triggers, whatever situation, time day or event, program to trigger them shows up. We also have something called Ransomware. Malicious persons would infect your systems, with viruses or Trojans that disable all possible use of your system. This way they either threaten you. We have different types of ransomware. We have something called the MoneyPak virus, we have something called the Cryptal Lock virus, we have something called the FBI virus. Effectively they lock your screen. Giving you maybe the option, somewhere on your screen a button. The only thing that would work is pay here. They want you obtain some form of card, load the card with money, scratch up the card and give them the digits. Effectively you are transferring money out of your pockets into theirs across the internet. They'll lock your screen, disable all possible use of your system. They could also lock your database. Then you are held ransom. Unless you pay you don't have access to your system. This is a new form of attack now widely spreading across the internet. It's called a ransomware. Some other types of virus, we have what is called a Polymorphic Virus. These are viruses that change their form. They change their signatures. Periodically, such that the antivirus used in detection becomes incapable of detecting them. Polymorphic viruses, they'll change their form frequently to beat antivirus software. We also have armored viruses. Armored viruses are viruses that encrypt themselves to avoid detection. By encrypting themselves their signatures become unreadable. This is also another method to beat your antivirus such that they can stay longer in the system. You hide by encrypting the code of the virus. We also have Botnets. Botnets are malicious code inserted in systems across the internet. They are usually employed in a distributed denial of service attack. The malicious person will install botnets over multiple systems across the internet such that they can remotely control these systems to act in a specific fashion. They're used in a distributed denial of service attack. This is it for section 3.1, "Types of Malware". We look forward to seeing you in the next videos thank you for now. [/toggle_content]
Vulnerability Management is a continuous information security risk process that requires management oversight and includes a 4-tier approach of: discovery, reporting, prioritization, and response