1.1 Security +
Malware encrypts everything except for the ____ They want you ___ not ___
OS running not working
Script viruses
OS and browser based virus
Anti-virus may catch ____ ____ when it runs but the better built ones ____ and _____ __
trojan horse avoid and disable AV
For bad guys to get malware onto your computer, what do they do first? Next?
1. find a vulnerability (clicking things you think is fine but bad) this is what the worm does 2. Installs malware that has a backdoor even if u have a firewall 3. botnet can be installed later
Wannacry worm
1. infected computer searches for a vulnerable system 2. Installs and and runs software to embed itself onto the computer and then is exploited with a 3rd party utility called EternalBlue 3. Eternal Blue installs a backdoor and reaches out to mothership to download the latest ver. of WannaCry 4. Process starts all over again to find another vulnerable system
Trojan Horse
Came from the Trojan war, where Greeks used fake horse to capture city of Troy from the Trojans Application that pretends to be something other than malware to get you to run the app Once inside it has free reign
What is the new generation of malware?
Crypto-malware encrypts all of the data and holds it for ransom must pay the bad guys to get the decryption key
Well known worms can be filtered with BUT it doesn't help once _______
Firewalls and IDS/IPS the worm gets inside
How to avoid malware?
Keep OS updated Keep applications updated (adobe flash)
Category of a Trojan Horse that sets up a backdoor
Remote Access Trojans (RATS)
_____ are a virus that is VERY damaging It can ____ between ___ It can use the ___ to move from one computer to the other worms can move very quickly to infect!!
Worms move / systems network
RATS take
administrative control of a device
DarkComet RAT
allows to look at sys info, stored pass, view webcam, listen to mic
Run ____ _____ _____ to avoid viruses
anti-virus software
Most popular viruses are associated with an ____ Some viruses are installed as part of the ___ ___
application boot sector, which doesn't need your operating sys. to function
Malware uses ____ to allow other software to come onto your computer Some software includes a ___ like?
backdoor backdoor / old linux kernel and bad software
Ransomware
bad guys want your $ and take your computer in the meantime
Macro viruses
common in Microsoft office
You can get malware through?
e-mail links pop-ups when visiting a bad site it downloads a bad file worms install from across a network without u clicking anything
Ransomware can be ____ It locks your computer ____ A ____ ____ may be able to remove ransomeware
fake "by the police" security professional
Viruses can reproduce through _____ or the _____. Just running a program can spread a ____.
file systems network virus
Some viruses are ____
invisible
RATS can set up a ____ they can ___ ____ , ___ ___ and ____ more malware
keylogger screen record , copy files , embed
Malware is a malicious software can occur through
keystrokes, ads, viruses and worms (deleting things off your hard drive)
Virus
malware that can reproduce itself you don't have to click anything needs to use a program
Rootkit
modifies core sys. files highest lvl user on a unix or linux device invisible, can't be seen in task manager or anti-virus utilities
To protect against trojans and RATS, don't
run unknown software
Cryptomalware's payment system is ___ You have to get the ___ from the bad guys or all the data will be lost forever You can recover everything from ransomware and cryptomalware only if you have a ___ Keep your ____ signatures up to date
untraceable key backup (offline backup ideally) anti-virus/malware
Types of malware
viruses crypto-malware ransomeware worms trojan horse rootkit keylogger adware/spyware botnet