Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,210 --> 00:00:02,590 Welcome to the Mahler lecture. 2 00:00:02,800 --> 00:00:03,460 Let's dive in. 3 00:00:05,180 --> 00:00:09,760 So what is Möller, the term malware is a combination of the words malicious and softer. 4 00:00:10,500 --> 00:00:16,520 Basically, it's any software intentionally designed to cause damage to the software and or hardware 5 00:00:16,520 --> 00:00:18,510 of a computer or a computer network. 6 00:00:19,250 --> 00:00:24,560 Of course, when I'm saying computers, I'm referring to a wide range of devices from microcontrollers, 7 00:00:24,650 --> 00:00:31,100 wearables such as smartwatches to mobile phones, tablets, consoles, personal PCs, servers and so 8 00:00:31,100 --> 00:00:31,280 on. 9 00:00:33,700 --> 00:00:37,960 What can Mallory do, depending on the purpose for which the malware was built? 10 00:00:37,990 --> 00:00:40,600 It can do one or more of the following things. 11 00:00:42,010 --> 00:00:44,860 Some malware can tamper or even destroy data. 12 00:00:45,250 --> 00:00:49,060 In some rare cases, malware can even damage or destroy harder. 13 00:00:50,230 --> 00:00:55,900 It can make systems vulnerable by creating vectors that can be then used by even more malware. 14 00:00:56,860 --> 00:00:59,740 In some cases, malware can install other malware. 15 00:01:00,280 --> 00:01:03,340 It can generate spam or create denial of service attacks. 16 00:01:04,180 --> 00:01:09,490 It can also deplete the resources of the system and use these resources for malicious purposes, such 17 00:01:09,490 --> 00:01:10,780 as denial of service attacks. 18 00:01:12,070 --> 00:01:17,380 Last on our list, malware can be used to spy on users extracting confidential information about the 19 00:01:17,380 --> 00:01:17,800 users. 20 00:01:20,400 --> 00:01:28,140 In this lecture, we'll have a look at eight of the most common types of malware virus or Trojan horse, 21 00:01:28,260 --> 00:01:33,180 malicious, both ransomware, spyware, adware and rootkit. 22 00:01:33,420 --> 00:01:37,290 So let's start with the most widely known malware, the virus. 23 00:01:39,200 --> 00:01:44,150 The easiest way to understand the computer virus is to make a parallel with the biological virus. 24 00:01:44,390 --> 00:01:45,770 Let's take covid, for example. 25 00:01:46,430 --> 00:01:52,070 covid, like any other virus, needs a host so that it can replicate itself in order for someone to 26 00:01:52,070 --> 00:01:52,880 get infected. 27 00:01:52,880 --> 00:01:58,370 Some kind of interaction with an infected person needs to happen, like, for example, a handshake, 28 00:01:58,670 --> 00:02:04,340 staying in close proximity without a mask or touching something that the infected person touched. 29 00:02:04,970 --> 00:02:10,490 Once the virus gets inside the person's system, it attaches itself to healthy human cells and uses 30 00:02:10,490 --> 00:02:14,770 these cells to create other instances of the virus infecting even more cells. 31 00:02:15,230 --> 00:02:20,550 A computer virus is a malicious program or code which works in pretty much the same way. 32 00:02:20,930 --> 00:02:25,370 First, a computer virus requires a host program, which it needs to infect. 33 00:02:26,060 --> 00:02:31,540 For example, a computer virus could infect the operating system, such as, for instance, Windows. 34 00:02:32,000 --> 00:02:36,860 Second, a computer virus requires user action to transmit itself from one system to another. 35 00:02:37,160 --> 00:02:43,640 Viruses cannot spread without some sort of action from a user like, for example, opening an infected 36 00:02:43,640 --> 00:02:44,290 word document. 37 00:02:44,690 --> 00:02:51,200 And third, similar to biological virus, a computer virus infects other programs, inserting its malicious 38 00:02:51,200 --> 00:02:51,530 code. 39 00:02:52,660 --> 00:02:56,480 Now that we know what the virus is, let's have a look at some types of viruses. 40 00:02:57,220 --> 00:02:59,620 First, we have the polymorphic virus. 41 00:02:59,950 --> 00:03:03,640 A polymorphic virus changes its code each time it replicates itself. 42 00:03:04,180 --> 00:03:07,960 It does this to evade detection by antivirus programs. 43 00:03:08,320 --> 00:03:11,800 Because of this reason, modern viruses are usually polymorphic. 44 00:03:13,420 --> 00:03:19,810 Next, we have the boot sector piracy, this type of virus is triggered whenever the victim starts their 45 00:03:19,810 --> 00:03:20,320 computer. 46 00:03:21,240 --> 00:03:27,840 After that, we have the following Fekter virus, which inserts malicious code into executable files, 47 00:03:27,840 --> 00:03:32,470 such as, for example, media player Word Excel or the operating system. 48 00:03:33,240 --> 00:03:38,420 Another type is the browser highjacker, which alters certain web browser functions. 49 00:03:38,730 --> 00:03:43,230 The other functions could, for example, automatically direct the user to malicious website. 50 00:03:44,130 --> 00:03:46,440 Next on the list, we have the resident virus. 51 00:03:46,950 --> 00:03:53,070 This type of virus inserts itself as part of the operating system and is loaded into memory whenever 52 00:03:53,070 --> 00:03:54,240 the operating system load. 53 00:03:54,990 --> 00:03:57,930 Next, we'll discuss about direct action virus. 54 00:03:58,590 --> 00:04:03,290 This type of virus is triggered when the user executes a file containing the virus. 55 00:04:03,300 --> 00:04:05,700 Otherwise, the virus remains dormant. 56 00:04:06,330 --> 00:04:08,520 Yet another type is the macro virus. 57 00:04:09,530 --> 00:04:15,680 Macro viruses are written in the same macro language used for softer applications such as word, PowerPoint 58 00:04:15,680 --> 00:04:22,160 or Excel, these type of viruses spread when the victim opens an infected document, which often spread 59 00:04:22,160 --> 00:04:23,510 via email attachments. 60 00:04:24,020 --> 00:04:26,370 Last on our list is the multi-party virus. 61 00:04:27,080 --> 00:04:30,110 This kind of virus infects and spreads in multiple ways. 62 00:04:30,440 --> 00:04:35,600 For example, such a virus can infect both document files as well as operating system files. 63 00:04:37,850 --> 00:04:40,730 Another famous type of malware is the computer worm. 64 00:04:41,420 --> 00:04:44,590 What exactly is a worm, a computer worm? 65 00:04:44,600 --> 00:04:49,960 It's a standalone, malicious program that self replicates in order to spread to other computers. 66 00:04:50,450 --> 00:04:55,350 A worm can replicate itself without any human interaction and is a standalone program. 67 00:04:55,820 --> 00:04:57,920 So a worm does not need the host. 68 00:04:59,550 --> 00:05:03,600 Let's have a quick look at some warm types grouped by means of spreading. 69 00:05:04,460 --> 00:05:07,430 First type is Internet terms, Internet worms. 70 00:05:07,550 --> 00:05:14,150 Can the network using infected computers in order to find other vulnerable computers, if such a computer 71 00:05:14,150 --> 00:05:18,470 is found, the worm will then attempt to connect and infect the vulnerable machine. 72 00:05:19,700 --> 00:05:25,850 Next, we have e-mail worms which spread through email messages which contain malicious attachments 73 00:05:25,940 --> 00:05:27,620 or links to malicious websites. 74 00:05:28,980 --> 00:05:35,700 Yet another type is instant messaging worms, which spread by sending malicious links via instant messaging 75 00:05:35,700 --> 00:05:36,480 applications. 76 00:05:37,890 --> 00:05:44,850 Last on our list is the file sharing network Worms, which place a copy of themselves in a shared folder 77 00:05:44,850 --> 00:05:47,070 and spread via peer to peer network. 78 00:05:49,010 --> 00:05:56,030 Let's also have a brief look at the concrete computer worm example, Stuxnet, Stuxnet is a computer 79 00:05:56,030 --> 00:05:58,060 worm first discovered in 2010. 80 00:05:58,460 --> 00:06:04,700 It targeted the programmable logic controllers, which are industrial control systems used for industrial 81 00:06:04,700 --> 00:06:09,320 processes such as the centrifuges used for separating nuclear material. 82 00:06:10,250 --> 00:06:17,040 Stuxnet exploited several zero their abilities in Windows and infected over 200000 computers. 83 00:06:17,630 --> 00:06:24,170 It is reported that Stuxnet caused over 1000 machines to physically degrade, ruining almost one fifth 84 00:06:24,170 --> 00:06:26,240 of Iran's nuclear centrifuges. 85 00:06:27,640 --> 00:06:30,460 Next, we'll discuss the Trojan horse malware. 86 00:06:31,860 --> 00:06:38,130 Similar to the Trojan horse of the ancient Greek story, a Trojan horse or a Trojan is a deceptive malware 87 00:06:38,130 --> 00:06:40,440 which misleads the user of its true intent. 88 00:06:40,950 --> 00:06:45,600 Trojans usually spread through social engineering, for example, through malicious email attachments 89 00:06:45,630 --> 00:06:49,230 or from malicious websites as opposed to viruses and worms. 90 00:06:49,350 --> 00:06:51,480 Trojans do not attempt to propagate themselves. 91 00:06:52,700 --> 00:06:58,880 Let's explore some Trojan types first on our list, we have the backdoor Trojan, which gives malicious 92 00:06:58,880 --> 00:07:03,410 users remote control over the infected computer depending on the Trojan. 93 00:07:03,630 --> 00:07:09,410 This enables cyber criminals to do things like send, receive and delete files, launch programs or 94 00:07:09,410 --> 00:07:10,190 display data. 95 00:07:10,550 --> 00:07:15,960 Backdoor Trojans are often used to create botnet that can be used for cyber criminal purposes. 96 00:07:17,000 --> 00:07:19,670 Another type that's running on the victim's computer. 97 00:07:20,770 --> 00:07:26,500 Next on our list is the Trojan banker, which, as you already probably guessed from the name, is designed 98 00:07:26,500 --> 00:07:30,700 to steal credit card information or the credentials for online banking systems. 99 00:07:31,630 --> 00:07:38,140 Yet another type is a Trojan distributed denial of service, or Trojan Horse, which is used to conduct 100 00:07:38,140 --> 00:07:41,050 denial of service attacks against targeted Web applications. 101 00:07:41,680 --> 00:07:44,950 You'll learn more about denial of service attacks in another lecture. 102 00:07:45,870 --> 00:07:51,730 Now, let's talk about the Trojan downloader and the Trojan dropper, these Trojans are used to install 103 00:07:51,750 --> 00:07:56,100 other malware in the infected machine, such as other Trojans or viruses. 104 00:07:56,850 --> 00:08:00,720 That Trojan downloader basically downloads and installs other malware. 105 00:08:00,990 --> 00:08:07,320 While the Trojan dropper contains other malware source code embedded inside of it, the dropper uses 106 00:08:07,320 --> 00:08:11,010 embedded source code to install new mother on the infected computer. 107 00:08:11,760 --> 00:08:16,760 Next, we have the Trojan fake antivirus, which pretends to be legitimate antivirus software. 108 00:08:17,280 --> 00:08:22,440 They are usually designed to obtain money from their victim in return for detection and removal of threats, 109 00:08:22,770 --> 00:08:26,310 even though the threats that they report are actually nonexistent. 110 00:08:27,200 --> 00:08:33,230 After that, let's have a look at the Trojan ransom, this type of Trojan can modify data on the victim's 111 00:08:33,230 --> 00:08:36,060 computer so that the victim cannot use the data anymore. 112 00:08:36,440 --> 00:08:41,060 The cyber criminals will only restore the data after ransom money is paid. 113 00:08:42,130 --> 00:08:48,970 Last on our list is the Trojans, by which, as the name implies, spies on the victim, for example, 114 00:08:48,970 --> 00:08:54,160 it can do that by tracking the data entered via the keyboard, taking screenshots or getting a list 115 00:08:54,160 --> 00:08:55,330 of the running applications. 116 00:08:56,980 --> 00:09:03,430 Let's move on to the next malware, the malicious bot first in order to define what the malicious bodies 117 00:09:03,430 --> 00:09:04,300 we have to know. 118 00:09:04,300 --> 00:09:09,790 What the body's about is a software application that runs automated and repetitive tasks. 119 00:09:10,750 --> 00:09:15,640 The most common use of pot is Web crawling in which both gather information from the Web. 120 00:09:16,310 --> 00:09:20,380 Another type of boats are chad boats, which are used more and more recently. 121 00:09:20,890 --> 00:09:26,540 These kind of boats are often used by organizations to automate part of the support offered to customers. 122 00:09:27,130 --> 00:09:31,240 OK, now that we know what the boat is, we can have a look at the malicious spot. 123 00:09:31,660 --> 00:09:35,170 As the name implies, it's a boat used for malicious purposes. 124 00:09:35,590 --> 00:09:39,790 Malicious bots are usually self-propagating malware that infects computers. 125 00:09:40,790 --> 00:09:46,700 These boats then are used for cyber criminal activities, multiple computers infected with malicious 126 00:09:46,700 --> 00:09:49,670 bots can form a botnet or called botnet. 127 00:09:50,000 --> 00:09:52,260 Botnet can have different types of architectures. 128 00:09:52,310 --> 00:09:58,400 Some of the first botnet use the client server architecture in which the bots act as clients and connect 129 00:09:58,400 --> 00:10:01,520 to a server also known as Command and Control Center. 130 00:10:02,150 --> 00:10:05,420 The command and control center then issues commands to the bot. 131 00:10:05,810 --> 00:10:09,990 The boards execute the commands, relayed the results back to the command and control center. 132 00:10:10,790 --> 00:10:16,560 We can see an example of a client server architecture on the top right part of the slide in the middle. 133 00:10:16,580 --> 00:10:21,020 We have the server, the command and control center and around it we have the clients. 134 00:10:21,260 --> 00:10:22,810 The bot infected computers. 135 00:10:23,420 --> 00:10:27,950 The main disadvantage of this type of botnet architecture is that if the command and control center 136 00:10:27,950 --> 00:10:31,250 is compromised, the whole botnet can be potentially shut down. 137 00:10:31,760 --> 00:10:38,000 Since the control center issues commands the whole botnet, a more resilient architecture is peer-to-peer. 138 00:10:38,270 --> 00:10:43,610 This botnet do not have a centralized server and each bot behaves both this client, which receives 139 00:10:43,610 --> 00:10:46,390 commands and a server which issues commands. 140 00:10:46,880 --> 00:10:47,780 How does this work? 141 00:10:48,680 --> 00:10:50,390 One way can be as follows. 142 00:10:50,390 --> 00:10:54,670 Each bot searches the network for other bots, adding them to a contact list. 143 00:10:54,690 --> 00:11:00,710 When found, the owner of the botnet can issue commands from one of the bots and then the bot spreads 144 00:11:00,710 --> 00:11:02,330 the command to its noncontact. 145 00:11:02,630 --> 00:11:08,330 Then each of the contacts press the command further in order to make sure that the commands are genuine, 146 00:11:08,480 --> 00:11:12,570 the owner of the botnet can use a secret key to digitally signed documents. 147 00:11:12,920 --> 00:11:16,640 This way, the bots can verify that the command is indeed genuine. 148 00:11:17,650 --> 00:11:24,190 We can see an example of a peer to peer botnet in the bottom right part of the slide, each computer 149 00:11:24,190 --> 00:11:26,410 in the diagram is infected with the bot. 150 00:11:27,100 --> 00:11:32,230 In the diagram, we can see that we do not have the central server anymore and that each bot has several 151 00:11:32,230 --> 00:11:34,660 connections to other bots in the botnet. 152 00:11:35,560 --> 00:11:37,940 Now let's explore some malicious types. 153 00:11:38,350 --> 00:11:44,680 First, we have the spambots, which, as the name implies, are designed to propagate spam emails or 154 00:11:44,680 --> 00:11:45,250 messages. 155 00:11:46,330 --> 00:11:52,570 Another type is distributed denial of service spots or dead spots, which are used to initiate distributed 156 00:11:52,570 --> 00:11:57,580 denial of service attacks against specific targets, you will learn more about this type of attack and 157 00:11:57,580 --> 00:11:58,920 the denial of service lecture. 158 00:11:59,710 --> 00:12:01,570 Next on our list is registration. 159 00:12:01,570 --> 00:12:08,200 But these are not your specific email addresses to sign the victim up to numerous services in order 160 00:12:08,200 --> 00:12:09,940 to flood their email inbox. 161 00:12:10,690 --> 00:12:14,950 This can be used to distract from important messages such as a security breach. 162 00:12:15,760 --> 00:12:18,820 Now let's talk about malicious websites, crappers. 163 00:12:19,360 --> 00:12:23,740 Besides legitimate purposes, websites, crappers can also be used maliciously. 164 00:12:24,310 --> 00:12:29,680 For example, malicious websites crappers can be used to obtain the content of websites in order to 165 00:12:29,680 --> 00:12:32,170 create malicious copies of said websites. 166 00:12:32,920 --> 00:12:37,660 Related to this, there are bots that crap the Internet for information about individuals. 167 00:12:38,230 --> 00:12:43,720 For example, such a bot could scrap information from social media such as LinkedIn and Facebook so 168 00:12:43,720 --> 00:12:47,440 that cyber criminals can use this information to prepare spearfishing attacks. 169 00:12:48,110 --> 00:12:54,280 Other types of bots can open back doors on the infected computers so that even more malware can be installed. 170 00:12:55,400 --> 00:13:01,160 Last on our list, we have your boats, which are used to generate fake views, comments and likes on 171 00:13:01,160 --> 00:13:01,780 the Internet. 172 00:13:04,170 --> 00:13:07,120 It's a concrete example of a botnet and a Trojan. 173 00:13:07,140 --> 00:13:08,700 We will talk about emoted. 174 00:13:09,210 --> 00:13:12,810 Emoted is a malware which was first detected in 2014. 175 00:13:13,950 --> 00:13:20,200 It started as a banking Trojan that was designed to steal banking credentials and that evolved into 176 00:13:20,200 --> 00:13:26,580 a downloader Trojan used to install other malware, then Emoted was also configured as a botnet, delivering 177 00:13:26,580 --> 00:13:28,400 malware as a service to cyber criminals. 178 00:13:28,830 --> 00:13:34,230 The cyber criminals using emoted could, for example, obtain banking credentials of victims using malware 179 00:13:34,350 --> 00:13:37,140 or installed ransomware on infected computers. 180 00:13:37,840 --> 00:13:39,960 And what that spread through spam emails. 181 00:13:40,680 --> 00:13:46,560 The emails contained infected attachments such as malicious word documents that contained the malware. 182 00:13:47,070 --> 00:13:53,130 Recently, it even used the fear of covid to spread itself via spam emails pretending to educate victims 183 00:13:53,130 --> 00:13:57,640 about covid emoted was one of the most active and dangerous threats. 184 00:13:57,660 --> 00:14:05,430 Up until recently, Emoted has suffered a major disruption in January 2021, after a major collaborative 185 00:14:05,430 --> 00:14:11,490 effort from international police, police has captured several hundred servers around the world, which 186 00:14:11,490 --> 00:14:17,700 were used to manage infected computers, spread the malware, surf cyber criminal groups and improve 187 00:14:17,700 --> 00:14:18,240 emoted. 188 00:14:19,430 --> 00:14:21,890 Next on the malware list is ransomware. 189 00:14:23,330 --> 00:14:29,270 Ransomware is a type of malware that threatens its victims with blocking access to the data or threatens 190 00:14:29,270 --> 00:14:34,250 them with publishing confidential data on the Internet unless a ransom is paid to the attackers. 191 00:14:35,060 --> 00:14:41,750 The most common types of ransom are encrypting ransomware, known, encrypting ransomware and exfiltration. 192 00:14:42,200 --> 00:14:47,790 The encrypting ransomware basically encrypts the victim's data, making it unavailable to anyone. 193 00:14:48,290 --> 00:14:53,900 Then the cyber criminals behind the ransomware ask for a ransom in order to provide the decryption key 194 00:14:53,900 --> 00:14:56,330 to the victim using the decryption key. 195 00:14:56,360 --> 00:15:00,360 In theory, the victim can decrease the data and have access to it again. 196 00:15:01,040 --> 00:15:06,410 However, be aware that even if the victim pays, there is no guarantee that the cyber criminals will 197 00:15:06,410 --> 00:15:08,060 actually provide the decryption key. 198 00:15:08,720 --> 00:15:12,450 The second type is not encrypted ransomware, also known as Calver. 199 00:15:13,190 --> 00:15:18,170 This is a less dangerous malware which just pretends that it has encrypted the victim's data. 200 00:15:18,710 --> 00:15:24,680 For example, such careworn can display an image on the victim's computer saying that the files have 201 00:15:24,680 --> 00:15:26,100 been encrypted by ransomware. 202 00:15:26,600 --> 00:15:29,950 This would be done in order to scare the victim into paying the ransom. 203 00:15:30,440 --> 00:15:34,590 However, in case of Scherba, the victim's data is still intact. 204 00:15:35,450 --> 00:15:38,290 Last type is exfiltration or neckwear. 205 00:15:38,690 --> 00:15:44,420 This type of ransomware threatens to leak online personal data of the victim, such as, for instance, 206 00:15:44,660 --> 00:15:48,870 private pictures or private conversations unless a ransom is paid. 207 00:15:49,550 --> 00:15:55,010 However, similar to encrypting ransomware, the victim has no guarantee that the attacker won't leak 208 00:15:55,010 --> 00:15:55,900 the data anyway. 209 00:15:57,560 --> 00:16:00,400 Let's have a quick look at the concrete example of ransomware. 210 00:16:01,040 --> 00:16:06,210 One is an encrypted ransomware, which was first discovered in May 2017. 211 00:16:06,950 --> 00:16:12,020 One is an encrypted ransomware, which was first discovered in May 2017. 212 00:16:12,860 --> 00:16:19,070 It spread through the Internet using an exploit named Internal Blue, which targeted Windows operating 213 00:16:19,070 --> 00:16:19,550 systems. 214 00:16:19,970 --> 00:16:26,870 The internal blue exploit was allegedly leaked from the US National Security Agency, even though Microsoft 215 00:16:26,870 --> 00:16:34,800 released a patch in March 2017 that fixed the vulnerability exploited by one Akroyd in May 2017, one 216 00:16:34,820 --> 00:16:40,220 crisis still spread to over two hundred and thirty thousand unpatched computers around the world. 217 00:16:40,940 --> 00:16:46,130 You can see on the left side a picture with the countries affected by the initial want to attack. 218 00:16:46,790 --> 00:16:48,980 The affected countries are colored in red. 219 00:16:49,910 --> 00:16:56,930 One impacted many companies and organizations such as the Spanish Telecom, Telefonica and the British 220 00:16:56,930 --> 00:17:03,230 National Health Service, impacting multiple hospitals which had to turn away patients and cancel scheduled 221 00:17:03,230 --> 00:17:03,920 operations. 222 00:17:04,460 --> 00:17:10,940 One Okri also infected FedEx, Deutsche Bank, Honda, Renault, the Russian Interior Ministry and the 223 00:17:10,940 --> 00:17:12,440 Russian Telecom Megafaun. 224 00:17:12,980 --> 00:17:18,590 The original attack of one Okri was stopped a few days later after a killswitch was found, which prevented 225 00:17:18,590 --> 00:17:20,060 one aircraft from spreading further. 226 00:17:20,870 --> 00:17:22,760 Next, we'll talk about spyware. 227 00:17:23,210 --> 00:17:28,190 Spyware is malware that infects devices in order to gather information about its victims. 228 00:17:28,640 --> 00:17:33,860 For instance, depending on the spyware, it can gather information such as credentials to different 229 00:17:33,860 --> 00:17:39,980 websites, browser history, a list of applications installed, emails sent and received, the input 230 00:17:39,980 --> 00:17:42,920 introduced from the keyboard or credit card information. 231 00:17:44,260 --> 00:17:52,270 Next on our list is Adver Adwar stands for advertising supported software and is basically software 232 00:17:52,270 --> 00:17:54,010 that is designed to generate ads. 233 00:17:54,790 --> 00:18:00,190 Adwar can also encourage users to install additional software promoted by third party users. 234 00:18:00,760 --> 00:18:02,620 Adwar is not necessarily mahrer. 235 00:18:03,010 --> 00:18:08,800 It can be used in legitimate use cases in which developers obtain extra income from ads. 236 00:18:09,370 --> 00:18:12,460 These ads can be embedded in their websites or applications. 237 00:18:13,120 --> 00:18:17,980 There are also other types of hardware which can be potentially unwanted applications. 238 00:18:18,640 --> 00:18:21,970 First, we have legal but abusive or deceptive adver. 239 00:18:22,840 --> 00:18:28,630 These type of Adwar might make it difficult for the user to opt out of installing additional software. 240 00:18:29,290 --> 00:18:35,520 Also in this category we might have Adwar, which displays ads that might be direct to malicious websites. 241 00:18:36,130 --> 00:18:41,530 In these cases, the creator of the Adwar might not be aware of the malicious third party ads. 242 00:18:42,280 --> 00:18:44,440 Another type of abusive but legal. 243 00:18:44,440 --> 00:18:47,140 Adwar is Adwar that produces excessive. 244 00:18:47,140 --> 00:18:53,050 At an example of such, Adwar can be a browser toolbar that bombards you with ads. 245 00:18:53,980 --> 00:19:00,250 Finally, we have illegal, malicious software in which the Adwar intentionally distributes malware 246 00:19:00,310 --> 00:19:01,810 or links to malicious websites. 247 00:19:02,470 --> 00:19:05,440 This type of hardware is often accompanied by spyware. 248 00:19:06,730 --> 00:19:08,620 Last on our list is rootkit. 249 00:19:09,890 --> 00:19:15,950 The term rootkit is a combination of the word truth, which is the name of privileged account in Unix 250 00:19:15,950 --> 00:19:21,640 like operating systems, and the work kit, which refers to the collection of software that implements 251 00:19:21,800 --> 00:19:28,190 all a rootkit, is a set of software tools used to gain privileged access or control over a host. 252 00:19:28,790 --> 00:19:33,710 It is usually classified as malware, since it's often used for malicious purposes. 253 00:19:34,460 --> 00:19:39,530 Malicious rockets are designed to stay hidden and conceal themselves as well as other malware. 254 00:19:40,310 --> 00:19:46,310 There are, however, some legitimate utilities using rootkit, for example, some applications that 255 00:19:46,310 --> 00:19:52,100 emulate hardware or software or some applications that are used to detect cheating in online games. 256 00:19:52,820 --> 00:19:55,990 With that, we conclude the exploration of different types. 257 00:19:57,360 --> 00:20:03,060 Before we wrap up, let's have a look at the malware metrics, you might have already noticed that some 258 00:20:03,060 --> 00:20:04,680 types of malware can overlap. 259 00:20:05,560 --> 00:20:11,620 To better understand the relations between different types, today, we will explore the following malware 260 00:20:11,620 --> 00:20:12,070 matrix. 261 00:20:12,580 --> 00:20:20,970 A virus cannot be worm y because a virus requires a host, while a worm, which is a standalone program 262 00:20:21,010 --> 00:20:28,210 that's not a virus, cannot be a Trojan either because the virus can replicate itself, while a Trojan 263 00:20:28,210 --> 00:20:37,390 cannot be says that a virus can be a malicious both ransomware, spyware, adware and finally can use 264 00:20:37,390 --> 00:20:40,930 a rootkit to gain privileged access and or conceal itself. 265 00:20:41,520 --> 00:20:43,990 Next, let's have a look at the computer worm. 266 00:20:44,560 --> 00:20:46,890 As we discussed, it cannot be a virus. 267 00:20:47,590 --> 00:20:54,710 Also, a worm cannot be a Trojan horse because a worm can self replicate while a Trojan cannot again. 268 00:20:54,760 --> 00:21:03,430 Besides that, a worm can be any other type of malware, such as a bot, ransomware, spyware, adware, 269 00:21:04,090 --> 00:21:07,930 and similarly to the virus, it can use a rootkit to gain privileged access. 270 00:21:08,930 --> 00:21:15,770 After the warm let's talk about Trojan, as we already mentioned, a Trojan cannot be a virus or a worm, 271 00:21:16,160 --> 00:21:23,450 but similarly to the worm and virus, it can be other types of malware, such as both ransomware, spyware, 272 00:21:23,930 --> 00:21:26,140 adware and rootkit. 273 00:21:26,870 --> 00:21:32,250 Next on the metrics, we have the malicious bot, which can also be any other type of malware. 274 00:21:33,080 --> 00:21:38,090 After that, we have ransomware, which similarly can be any other type of malware. 275 00:21:38,960 --> 00:21:40,600 One small note for ransomware. 276 00:21:40,760 --> 00:21:45,260 While technically possible, it does not make much sense for a ransomware to also be a nightmare. 277 00:21:46,760 --> 00:21:51,200 Next, we have spyware, which can also be any other type of malware discussed today. 278 00:21:52,220 --> 00:21:54,110 After that, we have a look at that. 279 00:21:54,740 --> 00:22:00,290 Similarly, it can be any other type of malware discussed today with the note that for Adwar, it does 280 00:22:00,290 --> 00:22:02,540 not make much sense to also be ransomware. 281 00:22:03,770 --> 00:22:09,140 Last, we have the rootkit which can be used by any other type of malware to discuss today in order 282 00:22:09,140 --> 00:22:12,420 to gain privileged access and or conceal the malware. 283 00:22:13,460 --> 00:22:19,340 I hope that after discussing this matrix, you now have a better understanding of relationships between 284 00:22:19,340 --> 00:22:21,060 different types of malware discussed today. 285 00:22:21,890 --> 00:22:25,800 To recap, in this lecture, we learn what mulberries, what it can do. 286 00:22:26,210 --> 00:22:31,940 We explore the most common types of malware, looking at their capabilities and some concrete examples. 287 00:22:32,340 --> 00:22:37,610 Finally, we had a look at the malware metrics to better understand the relationship between different 288 00:22:37,610 --> 00:22:38,360 types of malware. 289 00:22:39,080 --> 00:22:40,790 With that, we conclude this lecture. 290 00:22:41,270 --> 00:22:43,590 If you have any questions, don't hesitate to ask us. 291 00:22:43,970 --> 00:22:45,320 See you soon in the next lecture. 32123