Hello. My name is Dustin, and welcome to malware.
Now that we know what malware is, let's go ahead and discuss several common types of malware that you may encounter really, whether in a security position or not, if you do anything with computers, it helps to be familiar with these common types of malware and the symptoms
So a few of the types of mount where we're gonna go over our route kits,
First up, we're going to talk about root kits. Rukh. It's get their name from the word route, which is an admin account on a UNIX or clinic system and kit, which refers to a collection of tools that are enabled on those systems that allow the system administrators
access to perform their day to day tasks. Whether this was promoting in modifying files or changing anything on the computer, they were just about ministers were able to do that remotely.
When we're talking about malware, we know that these root kits aren't your standard admin tools. Though they're malicious,
malicious route gets typically gain access to a system by pay backing off installations of known good software.
Once they're on a computer, the attacker and control of the root kit has full access to read and write files, delete or modify files really anything they want to do.
Root kits will continuously do anything they can to hide their presence, making them very difficult to detect
because we can typically come in with known software. They may also be referred to as back doors, which are typically inserted into known good programs, giving an attacker of backdoor entrance into your system.
You can protect yourself from rockets by verifying any software the U. S. Stall by comparing hashes or running static, dynamic analysis of the software, both of which could be very time consuming in cumbersome.
The next type of mount where we're going to discuss our Trojans Trojans get their name from the 18 bring story about the deceptive wooden horse, the lead to the fall of Troy
Trojans of Disguise. This regular software, like the horse, is a big statue,
but they come in packed with tons of goodies.
Uh, looks like spyware or other forms of mouth. They, you weren't aware, were being installed with the original program.
The Trojans cannot replicate themselves and need to be copied and installed in order to spread to other computers.
There are many different types of Trojans, all of which are classified by what they attempt to dio. And that could be anything from a fake and a virus. Trojan, which pretends to be anti virus software and trick the user into installing or downloading more malware
to Trojan root kits, which we mentioned are designed to give Attackers access to your system.
Wall Still staying Hidden
Computer viruses are similar to your regular human virus. There does that to spread poeple the host and can replicate themselves like human viruses. Computer viruses. Do you need a host file or document to help spread
INM or technical terms? A computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.
Ah virus operates by inserting or attaching itself onto a legitimate programmer document. The supports macros in order to execute its code
in the process of IRS, has the potential to cause unexpected or damaging effects, such as harming system software. By corrupting or destroying the data,
viruses can lay dormant on a machine until a certain condition is met like files executed or read. Um, and this allows the virus to execute its code.
For example, if the virus has attached itself to a new program on your computer,
it would be that program to execute a lot, allowing it toe executing. Launch its own code. Most generic viruses you'll encounter can be stopped with your typical antivirus software.
Next up, we've got worms. Worms are similar to viruses. They spread by making copies of themselves. But there is one really big difference worms can actually replicate without any human interaction. Noon. They don't require other code or programs to execute in order to replicate themselves. They can do it all on their own.
Worms Fred in a variety of ways, including software, vulnerabilities, attachments or downloads. Once a machine is infected, the worm will attempt to spread to other machines on the network, infecting each one. It comes in contact with
some worms. Only purpose is to overload. Resource is of the machine or network. It's on by just copying itself and running over and over and over eventually, kind of suffocating the machine.
One of the most famous computer worms ever written was the Stuxnet worm.
The next type of malware we're going to go over is one of the most common types. Spyware and spyware is exactly what it sounds like. Software meant to spy on the victim.
This can include logging keystrokes, stealing passwords, credit card numbers or other personal information. It can also help Attackers monitor your Internet. Attacking activity with all of this information is by working gather.
The attacker can then sell that information or use it for further exploitation. Some spyware can also install other malware, making it easier to steal more information or change settings on the machine.
One of the most well known types of ransom where I'm sorry mouth where the old counter today is ransomware ransomware is a little different than some of the other types of mount where we've talked about. But it's extremely destructive once a computer is infected with ransom, where the Ransom Crips, all
or some of the files on the computer, depending on what it's looking for
and then demands a ransom in order to decrypt the data on that computer.
RANSOMWARE is also extremely effective at spreading across networks using known vulnerabilities and software. Um, and as it's frightening, it's encrypting data and a very fast rate, which makes it extremely difficult to stop. At times,
there are many pretty famous types of ransomware that you may have heard of, including Wanna Cry Crypto Locker Jigsaw, which actually give you a timer and deleted files if the Rance wasn't paid when the time was up.
Um, and Laki, one of the number one ways Ransomware is initially spread, is via email attachments.
Modern malware There's a 1,000,000 types of new Mao were released into the wild every single day.
Listen, make tracking every single very in a malware. Extremely difficult.
Traditional or old school antivirus software typically detected threats based on the hash value of the software,
which was something that could be used to identify a piece of software. The lion code or anything's changed. It'll generate a new hash, so you can compare this to determine what it ISS.
But with millions of new variants, um, our being released each and every day, it's nearly impossible to keep track of all of them.
This makes traditional antivirus extremely ineffective. That can't keep up with that database of tracking all the new forms of malware
to come. Combat this. Many manufacturers are releasing N G, A. V or Next generation, and a virus, which detects Mauer based on more than just file hash. N G. A V uses many things, including behavioral analytics, which monitor processes behavior.
Most ransom were typically copies and encrypts data very quickly, much more quickly than a human could if they wanted to.
N J V can flag and stop this behavior, which can stop ransomware attacks in their tracks.