Hi. Welcome back to the course. In the last margin, we talked about system hacking.
So in macho five, we're gonna talk about malware, so that's gonna include things like viruses, trojans and worms.
So what is malware? Well, basically, it's just an umbrella term that describes any type of malicious code or program
and some indications that we might be infected with malware. Our computer might be going slower than normal. It could also just kind of freeze up or lock up on us and then also might just randomly crash on us. We're in the middle of doing a paper, something for school, and it just clunks out on us.
You also might see, like different ad pop ups, your anti virus becomes disabled. To get warnings about that, and you need to update this, you need to activate it.
System resource uses high. So hero you're really not do anything under computer. But the fans going like crazy because your computer is using the resources
and then also like things like, you know, you noticed like new toolbars randomly showing up in your browser that you didn't actually install.
So how do you get it? Well, there's a lot of different ways to get Matt, where these days, Andi, even some of it, you're not doing anything right. You know, you're just going to a regular website like a news website. But there's something like Malvo ties and going on, and so you just go visit that, and then malicious software gets downloaded on your computer.
Also, a lot of times it's using things like game demos were even downloading, like from file sharing sites on music itself. Those were probably more common ways of getting them because you're trying to be a get stuff for free on. And obviously when you get stuff for free is not really free, right?
Also opening Most use email attachments. You'll see that a lot in the business world as faras phishing emails. You'd be surprised at what end users will
click on, and I'll share one story real quick.
I was working with an organization, and one of the VPs he was. He was adamant about security, right? We got a security conscious Let's teach everybody and, you know, a big proponent for security. But ah, phishing email went out from from someone that spoof that H R Person's email address on sent an Excel file
like, hey, you know, open this and put in your user name and password
and he actually did that like he was one of the people that that actually, you know this this person that's such a proponent for security, open the malicious attachment put in the user name and password. Has it Hadassah credentials harvested. Unfortunately, someone someone else was suspicious, reported it, and and he was able to change his password stuff in time
before it was, you know, and use at least as far as I knew.
But still, you know, it's just something that you don't know who's gonna open these attachments and click on them.
And then also Mel work and had in a seemingly legit app. So, you know, instead of you going to the apple store downloading an app or something, you go to some other website. But it looks legit, right? It looks like that normal app that you're used to however, that it is probably got some kind of malware in it.
So viruses, well, what is a virus? We're basically at the lower lowest level here. Virus just need to have some kind of host of propagate on dhe. That's kind of the main difference here, and they self replicate they attach to file on the move from host to host. But really, just remember, remember the concept for your certified ethical hacker exam that
that it has to have a host program to propagate.
I just think of it like a virus. And, you know, for humans, right, we have to be the host for the virus, and that's why we get sick. We get the flu or whatever.
So this is a virus life cycle right here, this little image. So basically, the virus has developed. It starts replicating on the initial target machine. It launches, you know, So the the user perform some kind of action to launch the virus
and then at some point, is detected. And then, you know, antivirus software has developed, you know, with signature. They developed like, you know, the flag essentially on the software that a flag that has a virus and then you know us as users, we get contacted saying how you need to update your software against this particular virus.
So many different kinds of viruses were just gonna touch on several of them. Here we got boot sector ransomware, which you hear about in the media lot. Shell cluster. Multipart tight macro polymorphic code encryption. Metamorphic self cavity sparse in factor file extension. That's a whole lot.
But keep in mind that a lot of viruses out there nowadays kind of mimic
multiple components here, you know, so you might have something that's operating in a stealth level, but it's also encrypting like ransomware. So just keep that in mind that these aren't like
specifically, you know, dissected wth e different viruses. And now we're out there can incorporate different aspects.
So boot sector viruses that basically moves the boot sector to another location, which allows the virus go to be executed first. Ransomware what you've heard about in the media quite a bit over the past few years. That's basically it is going to encrypt all of your files and then demand some kind of online payment normally like Bitcoin, and in most cases, even if you pay it, they're not gonna unlock your stuff.
Show viruses, especially they wrap themselves around the code of an application. So that way, the shell viruses always running before the applications code every single time.
So here's just a screen shot at some ransom or code. You see the cipher aspect in there. That means it's gonna be encrypting it for us.
So cluster viruses thes modify Discovery Table entries. So that way, the system and these processes all point to the virus code instead of the intended application. So basically, again, it's running the virus first,
multipart tight. So that one's gonna inform effect multiple sectors. So, for example, infecting the boot sector and then also the files at the same time.
Macro virus, you do see in some capacity. But, ah, if you if you have, like later versions of Microsoft Office, you'll notice that they open it and kind of protected view. So that way it doesn't run the macro, so macros still exist. It's still a risk, but it does take user action to kind of get to that point nowadays,
and basically, macro virus just infects the templates, and primarily you're gonna see it a word and excel. Those kind of the main avenues for it.
Polymorphic oh, virus. Basically, it's gonna continue mutating its code and uses a polymorphic engine to do so and so that way the signature of the virus keeps changing. So the antivirus manufacturers have to keep updating. Keep updating.
So this is just kind of overview of what a polymorphic virus will include.
So we've got the encrypted virus body. Then, of course, the mutation engine, which is the most important part of that on Ben decrypted virus body and basically encrypted on each side to protect us from reversing it.
So, encryption virus ing again, This is kind of more along the lines of, you know, like things like ransom or suffer doing that as well of trying to bypass anti virus or a i. D s metamorphic virus. This one writes itself every single time that infects a new file the stealth fires that one attempts to evade antivirus by
basically in intercepting the request
from the antivirus to the operating system of saying, Hey, is this is this a legit file or something wrong with this S o. It intercepts that and that sends a request back Say no, no, everything's fine.
So the cavity virus, basically what that does is it over its portions of the host files so doesn't increase the actual size of the files hence, the name cavity kind of tucks itself in the cavities,
and then we got a sparse affects your virus. This this only infects on occasion rights. What might be set to do like, you know, a certain time of the month or a specific date each year or on somebody's birthday, that sort of stuff
and their file extension virus. This virus is gonna change file extensions, and then it takes advantage of people that have file extension view turned off. You really just see this more so incorporated into other viruses. You don't generally see this in the wild just with the file extension, because it's kind of like you know, what's what's the point? Right?
to see that file extensions do get changed with other components combined with that.
So in this video, what he's talked about viruses and a little bit of background on what malware is In the next video, we're gonna talk about Trojans and worms