Malware

CC101 – Introduction to Computing

M 7:30 – 9:30 / Th 7:30 – 10:30
  Malware, short for malicious software, is a blanket term for
viruses, worms, trojans and other harmful computer programs
hackers use to wreak destruction and gain access to sensitive
Malware information. As Microsoft puts it, "[malware] is a catch-all term to
refer to any software designed to cause damage to a single
Definition computer, server, or computer network." In other words, software
is identified as malware based on its intended use, rather than a
particular technique or technology used to build it. This means
that the question of, say, what the difference is between malware
and a virus misses the point a bit: a virus is a type of malware, so
all viruses are malware (but not every piece of malware is a virus).
  There are a number of different ways of categorizing malware; the
first is by how the malicious software spreads. You've probably
heard the words virus, trojan, and worm used interchangeably, but 
as Symantec explains, they describe three subtly different ways
malware can infect target computers:
Types of  A worm is a standalone piece of malicious software that reproduces
itself and spreads from computer to computer.
Malware  A virus is a piece of computer code that inserts itself within the code
of another standalone program, then forces that program to take
malicious action and spread itself.
 A trojan is a program that cannot reproduce itself but masquerades
as something the user wants and tricks them into activating it so it
can do its damage and spread.
  Malware can also be installed on a computer "manually" by the
attackers themselves, either by gaining physical access to the
computer or using privilege escalation to gain remote
administrator access. 
 Another way to categorize malware is by what it does once it has
Types of successfully infected its victim's computers. There are a wide
range of potential attack techniques used by malware:
Malware  Spyware as "malware used for the purpose of secretly gathering
data on an unsuspecting user." In essence, it spies on your behavior
as you use your computer, and on the data you send and receive,
usually with the purpose of sending that information to a third party.
A keylogger is a specific kind of spyware that records all the
keystrokes a user makes—great for stealing passwords.
  A rootkit is "a program or, more often, a collection of software
tools that gives a threat actor remote access to and control over a
computer or other system." It gets its name because it's a kit of
tools that (generally illicitly) gain root access (administrator-level
control, in Unix terms) over the target system, and use that power
Types of to hide their presence.
Malware  Adware is malware that forces your browser to redirect to web
advertisements, which often themselves seek to download
further, even more malicious software. As The New York Times 
notes, adware often piggybacks onto tempting "free" programs
like games or browser extensions.
  Ransomware is a flavor of malware that encrypts your hard drive's
files and demands a payment, usually in Bitcoin, in exchange for
the decryption key. Several high-profile malware outbreaks of the
last few years, such as Petya, are ransomware. Without the
Types of decryption key, it's mathematically impossible for victims to
regain access to their files. So-called scareware is a sort of shadow
Malware version of ransomware; it claims to have taken control of your
computer and demands a ransom, but actually is just using 
tricks like browser redirect loops to make it seem as if it's done
more damage than it really has, and unlike ransomware can be
relatively easily disabled.
  Cryptojacking is another way attackers can force you to supply
them with Bitcoin—only it works without you necessarily knowing.
The crypto mining malware infects your computer and 
uses your CPU cycles to mine Bitcoin for your attacker's profit. The
mining software may run in the background on your operating
system or even as JavaScript in a browser window.
Types of  Malvertising is the use of legitimate ads or ad networks to
Malware covertly deliver malware to unsuspecting users’ computers. For
example, a cybercriminal might pay to place an ad on a legitimate
website. When a user clicks on the ad, code in the ad either
redirects them to a malicious website or installs malware on their
computer. In some cases, the malware embedded in an ad might
execute automatically without any action from the user, a
technique referred to as a “drive-by download.”
  When it comes to more technical preventative measures, there are
a number of steps you can take, including keeping all your systems
How to patched and updated, keeping an inventory of hardware so you
know what you need to protect, and performing continuous
Prevent vulnerability assessments on your infrastructure. When it comes to
Malware ransomware attacks in particular, one way to be prepared is to 
always make backups of your files, ensuring that you'll never need
to pay a ransom to get them back if your hard drive is encrypted.
  Antivirus software is the most widely known product in the
category of malware protection products; despite "virus" being in
the name, most offerings take on all forms of malware. While
high-end security pros dismiss it as obsolete, it's still the backbone
Malware of basic anti-malware defense. Today's best antivirus software is
from vendors Kaspersky Lab, Symantec and Trend Micro,
Protection according to recent tests by AV-TEST.
 When it comes to more advanced corporate networks, endpoint
security offerings provide defense in depth against malware. They
provide not only the signature-based malware detection that you
expect from antivirus, but anti-spyware, personal firewall,
application control and other styles of host intrusion prevention.
  We've already discussed some of the current malware threats
Examples of looming large today. But there is a long, storied history of
malware, dating back to infected floppy disks swapped by Apple II
Malware hobbyists in the 1980s and the Morris Worm spreading across Unix
machines in 1988. Some of the other high-profile malware attacks
 have included:
  ILOVEYOU, a worm that spread like wildfire in 2000 and did more
than $15 billion in damage
 SQL Slammer, which ground internet traffic to a halt within minutes
of its first rapid spread in 2003
 Conficker, a worm that exploited unpatched flaws in Windows and
leveraged a variety of attack vectors – from injecting malicious code
to phishing emails – to ultimately crack passwords and hijack
Examples of Windows devices into a botnet.
Malware  Zeus, a late '00s keylogger Trojan that targeted banking information
 CryptoLocker, the first widespread ransomware attack, whose code
keeps getting repurposed in similar malware projects
 Stuxnet, an extremely sophisticated worm that infected computers
worldwide but only did real damage in one place: the Iranian nuclear
facility at Natanz, where it destroyed uranium-enriching centrifuges,
the mission it was built for by U.S. and Israeli intelligence agencies