2.3 - Malware

Question 1

Malware

Answer 1

• Malicious software - These can be very bad
• Gather information - Keystrokes
• Participate in a group - Controlled over the ‘net
• Show you advertising - Big money
• Viruses and worms
  – Encrypt your data and ruin your day

Question 2

Malware types and methods

Answer 2

• Trojan Horse
• Rootkit
• Viruses
• Spyware
• Ransomware
• Keylogger
• Boot sector virus
• Cryptominers

Question 3

How you get malware

Answer 3

• These all work together
  – Malicious software takes advantage of a vulnerability
  – Installs malware that includes a remote access backdoor
  – Bot may be installed later
• Your computer must run a program
  – Email link - Don’t click links
  – Web page pop-up
  – Drive-by download
  – Worm
• Your computer is vulnerable
  – Operating system - Keep your OS updated!
  – Applications - Check with the publisher

Question 4

Trojan horse

Answer 4

• Used by the Greeks to capture Troy from the Trojans
  – A digital wooden horse
• Software that pretends to be something else
  – So it can conquer your computer
  – Doesn’t really care much about replicating
• Circumvents your existing security
  – Anti-virus may catch it when it runs
  – The better Trojans are built to avoid and disable AV
• Once it’s inside it has free reign
  – And it may open the gates for other programs

Question 5

Rootkits

Answer 5

• Originally a Unix technique
  – The “root” in rootkit
• Modifies core system files
  – Part of the kernel
• Can be invisible to the operating system
  – Won’t see it in Task Manager
• Also invisible to traditional anti-virus utilities
  – If you can’t see it, you can’t stop it
  – Finding and removing rootkits
• Look for the unusual
  – Anti-malware scans
• Use a remover specific to the rootkit
  – Usually built after the rootkit is discovered
• Secure boot with UEFI
  – Security in the BIOS

Question 6

Virus

Answer 6

• Malware that can reproduce itself
  – It needs you to execute a program
• Reproduces through file systems or the network
  – Just running a program can spread a virus
• May or may not cause problems
  – Some viruses are invisible, some are annoying
• Anti-virus is very common
  – Thousands of new viruses every week
  – Is your signature file updated?
  – Boot sector virus
• Most viruses run after the OS is loaded
  – Like most applications
• Some boot loaders can be modified to run malware
  – Runs every time you start your computer
• Modern UEFI BIOS includes Secure Boot
  – Prevent unsigned software from running during the
  boot process

Question 7

Spyware

Answer 7

• Malware that spies on you
  – Advertising, identity theft, affiliate fraud
• Can trick you into installing
  – Peer to peer, fake security software
• Browser monitoring - Capture surfing habits
• Keyloggers
  – Capture every keystroke
  – Send it back to the mother ship

Question 8

Keyloggers

Answer 8

• Your keystrokes contain valuable information
  – Web site login URLs, passwords, email messages
• Save all of your input
  – Send it to the bad guys
• Circumvents encryption protections
  – Your keystrokes are in the clear
• Other data logging
  – Clipboard logging, screen logging,
  instant messaging, search engine queries

Question 9

Ransomware

Answer 9

• A particularly nasty malware
  – Your data is unavailable until you provide cash
• Malware encrypts your data files
  – Pictures, documents, music, movies, etc.
  – Your OS remains available
  – They want you running, but not working
• You must pay the bad guys to obtain the decryption key
  – Untraceable payment system
  – An unfortunate use of public-key cryptography

Question 10

Cryptominers

Answer 10

• Some cryptocurrency mining requires “proof of work”
  – Usually consists of a difficult math problem
  – Answer the problem and earn some currency
• This requires extensive CPU processing
  – One CPU isn’t enough
  – Attackers want to use your CPU
• May appear in different ways
  – Visit a website and CPU utilization spikes
  – Malware is installed and mining is always occurring