Malware Overview – CompTIA Security+ SY0-401: 3.1

| September 6, 2014 | 0 Comments

Malware is one of the most prevalent forms of malicious software attacks. In this video, you’ll learn about malware types and some of the problems that occur when malware is installed onto our computers.

<< Previous Video: Confidentiality, Integrity, Availability, and SafetyNext: Viruses and Worms >>

Malware has become an enormous problem, primarily for Windows-based computers. Windows machines obviously have the vast majority of computers that are out there in the world. So virus and malware attackers have gone after that particular operating system as one that they can make the most with the number of systems that happen to be out there.

Very often, this malware can be very, very bad software. Once malware gets onto a system, it becomes very, very difficult to remove it from that computer. Even worse, it becomes even more difficult to know if you really removed it from that computer. Very often, you can think that you’ve absolutely removed every piece of malware from a computer, and in fact, there happens to be some left over that then re-infects the machine again.

So this isn’t something where you can click a button, flip a switch, and absolutely know 100% certain that you’ve removed it. Very often, you’re never quite certain. Never quite 100% sure that you’ve gotten rid of all the malware.

Some of this malware can be very, very bad. It can gather information. Once it’s on your computer, it can watch every key you press. It can watch you as you’re logging into your bank account, see what your username is and what your password is, and send that information back to a central mother ship that then gathers those details to go after your bank account. This is something that happens all the time. There are certain types of malware that are specifically written to take money from your bank account. That’s one of the ways that they do it.

These also can participate together in a large group. Botnets, for instance, can be installed onto your computer, and that botnet is simply sitting there and waiting for commands. And when a central repository, a central controller out on the internet decides that your computer should send spam, or your computer should participate in a denial of service against another machine, it comes to life and starts doing that. They’re using your computer as a jumping off point to do anything they’d like to do, just because that piece of malware is installed on your computer.

Another big way that these guys make money is through advertising. And if you’ve ever opened up your browser on your computer and suddenly a bunch of pop-ups show up on your browser, you haven’t even surfed to a website yet, it’s very possible you may be infected with a type of malware that’s adware, that shows you advertising. Because the more advertising they can get in front of your eyeballs, the more money, ultimately, they’re going to be able to make. And obviously, viruses and worms, and other types of malware that get on your computer, can damage files, can remove files, can create your computer so that it can’t even boot up and perform normal functionality.

Malware is an enormous issue, not just for home users, but also for businesses throughout the world. And it’s something that we’re going to continue to have to fight against to be able to keep it off of our computer systems. There are many types of malware. I want to list a few of them that you’ll need to know for this Security+ certification. But there are even more types of malware beyond what we’re going to discuss in this.

One very obvious type that we’ve already discussed is adware, where multiple ads are presented to you. Another type of malware can just be the traditional computer virus, where now a computer virus is on your computer and creating problems. There’s many different types of viruses out there and we’ll talk more about those in a future video.

There are also worms that don’t need you to be able to move from machine to machine. It uses the internet. It uses the network to hop from one computer to another. A worm is a type of malware that can get on your computer and then infect every other computer in your organization, just because it started on your PC.

Spyware is another type that keeps track of what you’re doing and reports back what websites you’ve visited, what keys you’ve pressed, what things you’ve clicked on with your mouse, and then when said information is sent back, they’re able to do things with that like present other types of ads to you or go right into your bank account and use your username and password that you typed in to get to your information.

Trojan horse is a type of malware that presents itself as one thing, but in reality, it’s really a piece of malware behind the scenes. This is a good example of one. This is a new type of malware called ransomware. It’s really a type of Trojan horse that gets on your computer and it says, oh, this is XP anti-spyware. How nice that we have this anti-spyware to take care of the spyware on our computer. And boy, look at all the spyware on our computer that it’s found.

In reality, none of this spyware is on our computer. This anti-spyware program has simply identified things, presented things to the screen that aren’t there, so that you’ll buy this fake software. So it’s something that becomes a very big problem. There are other types of Trojan horses to watch out for as well, but that’s one that’s becoming more and more common out there.

There’s also rootkits. These are very, very bad. Fortunately very, very uncommon to find these, because rootkits are malware they can hide themselves from your anti-spyware, from your antivirus, and from the normal types of checks that you would do on your computer. You would have to write a very specific rootkit remover program just to get rid of rootkits.

Back doors are things that are turned on when a piece of malware gets on your computer so that other programs can access the computer externally. First guy in unlocks all the doors and the windows so that everybody else can come in. And that’s exactly what a back door would do for you.

Logic bombs a little bit different. They’re designed to wait for certain date, a certain time, or certain thing to happen, and then it goes into effect. We’ll talk about logic bombs also in a future video.

And lastly, botnets, where multiple computers, in some cases millions of computers can work together and can be controlled from a central place, and that central repository can make your computers do a lot of different kinds of things. We have a different video for each one of these malware types. You’ll be able to study each one of these and learn a little bit more about what makes every single one of these operate.

If you’ve ever gotten that phone call and somebody says, I’ve got malware on my computer, what do I do. And one of your questions is, where did you get this from? What did you click on? Was this in an email link that you clicked? Is it on a website and something you clicked? How did this get here? And there’s many, many different attack vectors that can be used to present or get malware onto a computer. A few of those may be all working together as well. It doesn’t just have to be one thing. There can be a piece of software that finds a vulnerability in your computer and is able to take advantage of it.

I had a computer that had an old version of what used to be Sun Java, now it’s Oracle Java, running on the computer. It was months old and there was a known vulnerability that this piece of software took advantage of and got on my computer, embedded some spyware on my computer, and then opened a back door. So if there was another machine that was already waiting to take advantage of this, they could then get in through the back door of my computer and install much more. Fortunately, I believe I stopped it before that happened. But you can see how all of these things work together to get the malware onto your computer.

Maybe it’s not a Trojan taking advantage of a vulnerability. Maybe it’s you clicking on something that’s in an email message that was sent to you that looked legitimate. But in reality, it was installing malware onto your computer. Or perhaps it was a link on a website that took you somewhere to install that malware on your computer. The idea is that the computer you’re using has to run this to initially get it onto your computer. So it could be that email link, a web page pop up.

There’s also something called a drive by download, where you can have simply a file that starts downloading itself when you visit a website, and it gets embedded on your computer without you telling it that it really, really needs to go there. Drive by downloads can be very, very difficult to stop, because they’re taking advantage of known vulnerabilities.

And also worms, you could just have viruses bouncing and worms bouncing all over the network. And worms are viruses and malware that are able to propagate themselves. They don’t need you to do anything. They’re taking advantage of known vulnerabilities, generally in an operating system or an application. And that’s where these malware authors are really writing this code for, are those known vulnerabilities. You need to make sure that your operating systems are always updated, and also the application you use.

I mentioned that one of the pieces of malware I recently saw came through Sun’s Java, an old version of Sun Java that I needed to upgrade that was very, very old. They knew that that application, if I was running it on my machine, that it could infect my system. And sure enough, that’s exactly what it did.

You may see very often that Adobe comes up with new updates for Adobe Flash all the time. That’s because they identified vulnerabilities that third parties could use to put software on your computer that you don’t want there. And that’s what they’re talking about, is these malware author’s writing code to attack those specific vulnerabilities. And now your computer is infected with malware.

Tags: , , , , , , , , , , ,

Category: CompTIA Security+ SY0-401