I welcome back to the course. So in the last video, we talked about a brief introduction of malware and then also viruses. So we remember that viruses need a host. So that's one of the key things you're gonna want to know for your certified ethical hacker examination. We also talked about different types of viruses, and we talked about how many of the virus is nowadays
kind of incorporate aspects of each other.
In this video. We're gonna talk about worms and Trojans.
So what is a worm? Well, the worms are self replicating a self propagating program. So what that means is that it doesn't need any type of user interaction to spread along from different computer, from computer to computer all around the world
and one of the key aspects of worms as they really, really eat up. Resource is so some of the early versions of worms that was their intent, right? There wasn't any other intent on it was just more so of like, Let's you know, I don't like this guy over here. Let me put a warm on his computer and it'll replicate problem, obviously, has more computers became connected to the World Wide Web
is when you release a warm it goes to everybody, right? So
you don't hear about worms from time to time in the media.
So some of the ones that you probably heard about several years ago Code Red was one that was out there a song. Swells! Excuse me. Sequel Slammer. So, basically, code Red exploited Microsoft I s servers. It was way back in 2001 and obviously we're in 2018. So that's that's not a overtly relevant warm anymore,
but basically used a buffer overflow
when you had a sequel, Slammer. And there was a similar type of thing with a denial of service warm on. And it also attacked Microsoft Systems.
Nimda, um used for brief time there right after code Red Nimda basically used back doors that were left on machines by code red to spread as well.
So he was just Ah, this screen shots. Actually, it's not technically, ah, worm code, but you could use this to kind of simulate the functionality of an SS h warm. So this is written in python here.
So trojan, so dire. Ah is a Trojan that's out there this many Ah Trojans. But I did like this graphic here to kind of show you. Like what? What happens? Like what? What's going on when you get that infection with the Trojans? So we start off here where? Hey, I got infected with a Trojan. Maybe I was downloading from a music sharing site or
I downloaded the game I shouldn't have
or whatever the case might be.
And then basically, once the Trojans on there, it's gonna use the browser to hook forward. And so it is gonna hook all the log in attempts before they're encrypted with SSL.
And then we got the interception. So no, no, the log of request are intercepted. So basically malicious content now it's gonna be kicked back to the victim. Andi victims start sharing additional information, so maybe they're checking their bank account or something like that, and they're putting their user name and password in, and then the attack. Ter takes that information
and you know that could go. You know, log into your account and drain your bank account.
Or they could just use whatever input your given them to take control of your of your machine even more.
And that leads to eventually things like, you know, data theft or fraud. The identity theft, you know, we're stealing your bank account. Stuff on also could even lead to things like De dos or or other types of attacks. But primarily with trojans like that, you're going to see like like fraud or financial loss or data theft.
So what are Trojans? Well, if you if you're familiar with the city of Troy and kind of the Greek history at all, you wasted at least the aspect of the Trojan horse. We'll call it like that. So essentially, the Trojan appears to be one thing, right? Like the Trojan horse in this example.
It was a gift, right? Like, oh, we're gonna make peace. Here's a gift. You know?
Take this inside your city. You know, we're all less you cans. We're friends now, right? But in reality, inside of the horse, there's a bunch of soldiers in there, and then they came out and took over the city. So a similar thing here with a Trojan writing, it appears to be something else. Like maybe we think it's just an MP three file, right? And we're gonna play our favorite song or whatever. You know, our favorite Beyonce song. But
actually inside of that is our Trojan.
And that's gonna, you know, do stuff without our knowledge that might steal information or or even download more stuff onto our computer.
The Trojans used covert O R. Over channel, so covert is basically, like, you know, a kind of a super secret way, if you will. It is transmitting the information in a way that's illegitimate or supposedly gonna be impossible. So basically violate security policies on a system. And then you're over channel, which is basically your your normal stuff of U T C P I. P.
So some indications of a charging infection This is not an all inclusive list. Sometimes you don't even know that you're infected. Basically, CD drawer my randomly open or close your computer screen visually might kind of flip around to do different things. You might randomly just have documents putting on your printer and actually that that doesn't work, Kirk Frank quite frequently.
uh, at least in the organization's I've dealt with
brasserie direction. So you're going, you know, you're going to, you know, google dot com and redirects you to, you know, Joey's blob dot com
or something like your mouse pointer or your mouth settings kind of get off there.
So some common ports on past Trojans like back orifice and stuff like that just listed here are for you. Just keep in mind that no port cannot be used technically by like a Trojan or other piece of malware. Eso. This might constantly change, right? Especially as as you know, criminal hackers realized that
you know, the good guys and gals are
recognizing these enlisting out of sharing the information. You can expect all these things to be changing constantly.
So the Zeus Trojan that was a banking Trojan. This is just a snippet of some of the code of it, basically the banking Trojans. What their intent is to try toe, get information from the bank. So a couple different a couple different banking trojans out there, but basically some of them are stealing from the financial institution itself, so they're designed for that, too.
Go in and harvest transfer funds.
And then you've got other Trojans that will get on like the user machine and harvest your log in credentials and then from there, steal your stuff
so just a couple of post assessment questions here. So question number one, which one of these listed here is gonna be a self replicating program?
All right, so this one was a little tricky, because viruses are self replicating as well. But worm is what we're looking for because we want something that's also self propagating.
So word is gonna be the best choice there.
So question number two Now, which one of these needs a host system to be able to propagate? So we need a host. Which one is that?
All right, So if you guessed, answer a virus, you are correct. So, again, just think in the context of us humans, right? If we have a virus, the virus can't live without us as a host. You know, the deceased people don't get a virus right there. They're dead. They don't get a virus because the virus can't survive without the host.
All right, so in this video, we wrapped up our discussion on malware on the next module. We're gonna talk about sniffing, so we're gonna be sniffing our network traffic