All language subtitles for 02. Malware (Viruses, Worms, Trojans, Bots, Ransomware, Adware, Spyware and Rootkit)

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic Download
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (Soranî)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian
pl Polish
pt-BR Portuguese (Brazil)
pt-PT Portuguese (Portugal)
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,210 --> 00:00:02,590 Welcome to the Mahler lecture. 2 00:00:02,800 --> 00:00:03,460 Let's dive in. 3 00:00:05,180 --> 00:00:09,760 So what is Möller, the term malware is a combination of the words malicious and softer. 4 00:00:10,500 --> 00:00:16,520 Basically, it's any software intentionally designed to cause damage to the software and or hardware 5 00:00:16,520 --> 00:00:18,510 of a computer or a computer network. 6 00:00:19,250 --> 00:00:24,560 Of course, when I'm saying computers, I'm referring to a wide range of devices from microcontrollers, 7 00:00:24,650 --> 00:00:31,100 wearables such as smartwatches to mobile phones, tablets, consoles, personal PCs, servers and so 8 00:00:31,100 --> 00:00:31,280 on. 9 00:00:33,700 --> 00:00:37,960 What can Mallory do, depending on the purpose for which the malware was built? 10 00:00:37,990 --> 00:00:40,600 It can do one or more of the following things. 11 00:00:42,010 --> 00:00:44,860 Some malware can tamper or even destroy data. 12 00:00:45,250 --> 00:00:49,060 In some rare cases, malware can even damage or destroy harder. 13 00:00:50,230 --> 00:00:55,900 It can make systems vulnerable by creating vectors that can be then used by even more malware. 14 00:00:56,860 --> 00:00:59,740 In some cases, malware can install other malware. 15 00:01:00,280 --> 00:01:03,340 It can generate spam or create denial of service attacks. 16 00:01:04,180 --> 00:01:09,490 It can also deplete the resources of the system and use these resources for malicious purposes, such 17 00:01:09,490 --> 00:01:10,780 as denial of service attacks. 18 00:01:12,070 --> 00:01:17,380 Last on our list, malware can be used to spy on users extracting confidential information about the 19 00:01:17,380 --> 00:01:17,800 users. 20 00:01:20,400 --> 00:01:28,140 In this lecture, we'll have a look at eight of the most common types of malware virus or Trojan horse, 21 00:01:28,260 --> 00:01:33,180 malicious, both ransomware, spyware, adware and rootkit. 22 00:01:33,420 --> 00:01:37,290 So let's start with the most widely known malware, the virus. 23 00:01:39,200 --> 00:01:44,150 The easiest way to understand the computer virus is to make a parallel with the biological virus. 24 00:01:44,390 --> 00:01:45,770 Let's take covid, for example. 25 00:01:46,430 --> 00:01:52,070 covid, like any other virus, needs a host so that it can replicate itself in order for someone to 26 00:01:52,070 --> 00:01:52,880 get infected. 27 00:01:52,880 --> 00:01:58,370 Some kind of interaction with an infected person needs to happen, like, for example, a handshake, 28 00:01:58,670 --> 00:02:04,340 staying in close proximity without a mask or touching something that the infected person touched. 29 00:02:04,970 --> 00:02:10,490 Once the virus gets inside the person's system, it attaches itself to healthy human cells and uses 30 00:02:10,490 --> 00:02:14,770 these cells to create other instances of the virus infecting even more cells. 31 00:02:15,230 --> 00:02:20,550 A computer virus is a malicious program or code which works in pretty much the same way. 32 00:02:20,930 --> 00:02:25,370 First, a computer virus requires a host program, which it needs to infect. 33 00:02:26,060 --> 00:02:31,540 For example, a computer virus could infect the operating system, such as, for instance, Windows. 34 00:02:32,000 --> 00:02:36,860 Second, a computer virus requires user action to transmit itself from one system to another. 35 00:02:37,160 --> 00:02:43,640 Viruses cannot spread without some sort of action from a user like, for example, opening an infected 36 00:02:43,640 --> 00:02:44,290 word document. 37 00:02:44,690 --> 00:02:51,200 And third, similar to biological virus, a computer virus infects other programs, inserting its malicious 38 00:02:51,200 --> 00:02:51,530 code. 39 00:02:52,660 --> 00:02:56,480 Now that we know what the virus is, let's have a look at some types of viruses. 40 00:02:57,220 --> 00:02:59,620 First, we have the polymorphic virus. 41 00:02:59,950 --> 00:03:03,640 A polymorphic virus changes its code each time it replicates itself. 42 00:03:04,180 --> 00:03:07,960 It does this to evade detection by antivirus programs. 43 00:03:08,320 --> 00:03:11,800 Because of this reason, modern viruses are usually polymorphic. 44 00:03:13,420 --> 00:03:19,810 Next, we have the boot sector piracy, this type of virus is triggered whenever the victim starts their 45 00:03:19,810 --> 00:03:20,320 computer. 46 00:03:21,240 --> 00:03:27,840 After that, we have the following Fekter virus, which inserts malicious code into executable files, 47 00:03:27,840 --> 00:03:32,470 such as, for example, media player Word Excel or the operating system. 48 00:03:33,240 --> 00:03:38,420 Another type is the browser highjacker, which alters certain web browser functions. 49 00:03:38,730 --> 00:03:43,230 The other functions could, for example, automatically direct the user to malicious website. 50 00:03:44,130 --> 00:03:46,440 Next on the list, we have the resident virus. 51 00:03:46,950 --> 00:03:53,070 This type of virus inserts itself as part of the operating system and is loaded into memory whenever 52 00:03:53,070 --> 00:03:54,240 the operating system load. 53 00:03:54,990 --> 00:03:57,930 Next, we'll discuss about direct action virus. 54 00:03:58,590 --> 00:04:03,290 This type of virus is triggered when the user executes a file containing the virus. 55 00:04:03,300 --> 00:04:05,700 Otherwise, the virus remains dormant. 56 00:04:06,330 --> 00:04:08,520 Yet another type is the macro virus. 57 00:04:09,530 --> 00:04:15,680 Macro viruses are written in the same macro language used for softer applications such as word, PowerPoint 58 00:04:15,680 --> 00:04:22,160 or Excel, these type of viruses spread when the victim opens an infected document, which often spread 59 00:04:22,160 --> 00:04:23,510 via email attachments. 60 00:04:24,020 --> 00:04:26,370 Last on our list is the multi-party virus. 61 00:04:27,080 --> 00:04:30,110 This kind of virus infects and spreads in multiple ways. 62 00:04:30,440 --> 00:04:35,600 For example, such a virus can infect both document files as well as operating system files. 63 00:04:37,850 --> 00:04:40,730 Another famous type of malware is the computer worm. 64 00:04:41,420 --> 00:04:44,590 What exactly is a worm, a computer worm? 65 00:04:44,600 --> 00:04:49,960 It's a standalone, malicious program that self replicates in order to spread to other computers. 66 00:04:50,450 --> 00:04:55,350 A worm can replicate itself without any human interaction and is a standalone program. 67 00:04:55,820 --> 00:04:57,920 So a worm does not need the host. 68 00:04:59,550 --> 00:05:03,600 Let's have a quick look at some warm types grouped by means of spreading. 69 00:05:04,460 --> 00:05:07,430 First type is Internet terms, Internet worms. 70 00:05:07,550 --> 00:05:14,150 Can the network using infected computers in order to find other vulnerable computers, if such a computer 71 00:05:14,150 --> 00:05:18,470 is found, the worm will then attempt to connect and infect the vulnerable machine. 72 00:05:19,700 --> 00:05:25,850 Next, we have e-mail worms which spread through email messages which contain malicious attachments 73 00:05:25,940 --> 00:05:27,620 or links to malicious websites. 74 00:05:28,980 --> 00:05:35,700 Yet another type is instant messaging worms, which spread by sending malicious links via instant messaging 75 00:05:35,700 --> 00:05:36,480 applications. 76 00:05:37,890 --> 00:05:44,850 Last on our list is the file sharing network Worms, which place a copy of themselves in a shared folder 77 00:05:44,850 --> 00:05:47,070 and spread via peer to peer network. 78 00:05:49,010 --> 00:05:56,030 Let's also have a brief look at the concrete computer worm example, Stuxnet, Stuxnet is a computer 79 00:05:56,030 --> 00:05:58,060 worm first discovered in 2010. 80 00:05:58,460 --> 00:06:04,700 It targeted the programmable logic controllers, which are industrial control systems used for industrial 81 00:06:04,700 --> 00:06:09,320 processes such as the centrifuges used for separating nuclear material. 82 00:06:10,250 --> 00:06:17,040 Stuxnet exploited several zero their abilities in Windows and infected over 200000 computers. 83 00:06:17,630 --> 00:06:24,170 It is reported that Stuxnet caused over 1000 machines to physically degrade, ruining almost one fifth 84 00:06:24,170 --> 00:06:26,240 of Iran's nuclear centrifuges. 85 00:06:27,640 --> 00:06:30,460 Next, we'll discuss the Trojan horse malware. 86 00:06:31,860 --> 00:06:38,130 Similar to the Trojan horse of the ancient Greek story, a Trojan horse or a Trojan is a deceptive malware 87 00:06:38,130 --> 00:06:40,440 which misleads the user of its true intent. 88 00:06:40,950 --> 00:06:45,600 Trojans usually spread through social engineering, for example, through malicious email attachments 89 00:06:45,630 --> 00:06:49,230 or from malicious websites as opposed to viruses and worms. 90 00:06:49,350 --> 00:06:51,480 Trojans do not attempt to propagate themselves. 91 00:06:52,700 --> 00:06:58,880 Let's explore some Trojan types first on our list, we have the backdoor Trojan, which gives malicious 92 00:06:58,880 --> 00:07:03,410 users remote control over the infected computer depending on the Trojan. 93 00:07:03,630 --> 00:07:09,410 This enables cyber criminals to do things like send, receive and delete files, launch programs or 94 00:07:09,410 --> 00:07:10,190 display data. 95 00:07:10,550 --> 00:07:15,960 Backdoor Trojans are often used to create botnet that can be used for cyber criminal purposes. 96 00:07:17,000 --> 00:07:19,670 Another type that's running on the victim's computer. 97 00:07:20,770 --> 00:07:26,500 Next on our list is the Trojan banker, which, as you already probably guessed from the name, is designed 98 00:07:26,500 --> 00:07:30,700 to steal credit card information or the credentials for online banking systems. 99 00:07:31,630 --> 00:07:38,140 Yet another type is a Trojan distributed denial of service, or Trojan Horse, which is used to conduct 100 00:07:38,140 --> 00:07:41,050 denial of service attacks against targeted Web applications. 101 00:07:41,680 --> 00:07:44,950 You'll learn more about denial of service attacks in another lecture. 102 00:07:45,870 --> 00:07:51,730 Now, let's talk about the Trojan downloader and the Trojan dropper, these Trojans are used to install 103 00:07:51,750 --> 00:07:56,100 other malware in the infected machine, such as other Trojans or viruses. 104 00:07:56,850 --> 00:08:00,720 That Trojan downloader basically downloads and installs other malware. 105 00:08:00,990 --> 00:08:07,320 While the Trojan dropper contains other malware source code embedded inside of it, the dropper uses 106 00:08:07,320 --> 00:08:11,010 embedded source code to install new mother on the infected computer. 107 00:08:11,760 --> 00:08:16,760 Next, we have the Trojan fake antivirus, which pretends to be legitimate antivirus software. 108 00:08:17,280 --> 00:08:22,440 They are usually designed to obtain money from their victim in return for detection and removal of threats, 109 00:08:22,770 --> 00:08:26,310 even though the threats that they report are actually nonexistent. 110 00:08:27,200 --> 00:08:33,230 After that, let's have a look at the Trojan ransom, this type of Trojan can modify data on the victim's 111 00:08:33,230 --> 00:08:36,060 computer so that the victim cannot use the data anymore. 112 00:08:36,440 --> 00:08:41,060 The cyber criminals will only restore the data after ransom money is paid. 113 00:08:42,130 --> 00:08:48,970 Last on our list is the Trojans, by which, as the name implies, spies on the victim, for example, 114 00:08:48,970 --> 00:08:54,160 it can do that by tracking the data entered via the keyboard, taking screenshots or getting a list 115 00:08:54,160 --> 00:08:55,330 of the running applications. 116 00:08:56,980 --> 00:09:03,430 Let's move on to the next malware, the malicious bot first in order to define what the malicious bodies 117 00:09:03,430 --> 00:09:04,300 we have to know. 118 00:09:04,300 --> 00:09:09,790 What the body's about is a software application that runs automated and repetitive tasks. 119 00:09:10,750 --> 00:09:15,640 The most common use of pot is Web crawling in which both gather information from the Web. 120 00:09:16,310 --> 00:09:20,380 Another type of boats are chad boats, which are used more and more recently. 121 00:09:20,890 --> 00:09:26,540 These kind of boats are often used by organizations to automate part of the support offered to customers. 122 00:09:27,130 --> 00:09:31,240 OK, now that we know what the boat is, we can have a look at the malicious spot. 123 00:09:31,660 --> 00:09:35,170 As the name implies, it's a boat used for malicious purposes. 124 00:09:35,590 --> 00:09:39,790 Malicious bots are usually self-propagating malware that infects computers. 125 00:09:40,790 --> 00:09:46,700 These boats then are used for cyber criminal activities, multiple computers infected with malicious 126 00:09:46,700 --> 00:09:49,670 bots can form a botnet or called botnet. 127 00:09:50,000 --> 00:09:52,260 Botnet can have different types of architectures. 128 00:09:52,310 --> 00:09:58,400 Some of the first botnet use the client server architecture in which the bots act as clients and connect 129 00:09:58,400 --> 00:10:01,520 to a server also known as Command and Control Center. 130 00:10:02,150 --> 00:10:05,420 The command and control center then issues commands to the bot. 131 00:10:05,810 --> 00:10:09,990 The boards execute the commands, relayed the results back to the command and control center. 132 00:10:10,790 --> 00:10:16,560 We can see an example of a client server architecture on the top right part of the slide in the middle. 133 00:10:16,580 --> 00:10:21,020 We have the server, the command and control center and around it we have the clients. 134 00:10:21,260 --> 00:10:22,810 The bot infected computers. 135 00:10:23,420 --> 00:10:27,950 The main disadvantage of this type of botnet architecture is that if the command and control center 136 00:10:27,950 --> 00:10:31,250 is compromised, the whole botnet can be potentially shut down. 137 00:10:31,760 --> 00:10:38,000 Since the control center issues commands the whole botnet, a more resilient architecture is peer-to-peer. 138 00:10:38,270 --> 00:10:43,610 This botnet do not have a centralized server and each bot behaves both this client, which receives 139 00:10:43,610 --> 00:10:46,390 commands and a server which issues commands. 140 00:10:46,880 --> 00:10:47,780 How does this work? 141 00:10:48,680 --> 00:10:50,390 One way can be as follows. 142 00:10:50,390 --> 00:10:54,670 Each bot searches the network for other bots, adding them to a contact list. 143 00:10:54,690 --> 00:11:00,710 When found, the owner of the botnet can issue commands from one of the bots and then the bot spreads 144 00:11:00,710 --> 00:11:02,330 the command to its noncontact. 145 00:11:02,630 --> 00:11:08,330 Then each of the contacts press the command further in order to make sure that the commands are genuine, 146 00:11:08,480 --> 00:11:12,570 the owner of the botnet can use a secret key to digitally signed documents. 147 00:11:12,920 --> 00:11:16,640 This way, the bots can verify that the command is indeed genuine. 148 00:11:17,650 --> 00:11:24,190 We can see an example of a peer to peer botnet in the bottom right part of the slide, each computer 149 00:11:24,190 --> 00:11:26,410 in the diagram is infected with the bot. 150 00:11:27,100 --> 00:11:32,230 In the diagram, we can see that we do not have the central server anymore and that each bot has several 151 00:11:32,230 --> 00:11:34,660 connections to other bots in the botnet. 152 00:11:35,560 --> 00:11:37,940 Now let's explore some malicious types. 153 00:11:38,350 --> 00:11:44,680 First, we have the spambots, which, as the name implies, are designed to propagate spam emails or 154 00:11:44,680 --> 00:11:45,250 messages. 155 00:11:46,330 --> 00:11:52,570 Another type is distributed denial of service spots or dead spots, which are used to initiate distributed 156 00:11:52,570 --> 00:11:57,580 denial of service attacks against specific targets, you will learn more about this type of attack and 157 00:11:57,580 --> 00:11:58,920 the denial of service lecture. 158 00:11:59,710 --> 00:12:01,570 Next on our list is registration. 159 00:12:01,570 --> 00:12:08,200 But these are not your specific email addresses to sign the victim up to numerous services in order 160 00:12:08,200 --> 00:12:09,940 to flood their email inbox. 161 00:12:10,690 --> 00:12:14,950 This can be used to distract from important messages such as a security breach. 162 00:12:15,760 --> 00:12:18,820 Now let's talk about malicious websites, crappers. 163 00:12:19,360 --> 00:12:23,740 Besides legitimate purposes, websites, crappers can also be used maliciously. 164 00:12:24,310 --> 00:12:29,680 For example, malicious websites crappers can be used to obtain the content of websites in order to 165 00:12:29,680 --> 00:12:32,170 create malicious copies of said websites. 166 00:12:32,920 --> 00:12:37,660 Related to this, there are bots that crap the Internet for information about individuals. 167 00:12:38,230 --> 00:12:43,720 For example, such a bot could scrap information from social media such as LinkedIn and Facebook so 168 00:12:43,720 --> 00:12:47,440 that cyber criminals can use this information to prepare spearfishing attacks. 169 00:12:48,110 --> 00:12:54,280 Other types of bots can open back doors on the infected computers so that even more malware can be installed. 170 00:12:55,400 --> 00:13:01,160 Last on our list, we have your boats, which are used to generate fake views, comments and likes on 171 00:13:01,160 --> 00:13:01,780 the Internet. 172 00:13:04,170 --> 00:13:07,120 It's a concrete example of a botnet and a Trojan. 173 00:13:07,140 --> 00:13:08,700 We will talk about emoted. 174 00:13:09,210 --> 00:13:12,810 Emoted is a malware which was first detected in 2014. 175 00:13:13,950 --> 00:13:20,200 It started as a banking Trojan that was designed to steal banking credentials and that evolved into 176 00:13:20,200 --> 00:13:26,580 a downloader Trojan used to install other malware, then Emoted was also configured as a botnet, delivering 177 00:13:26,580 --> 00:13:28,400 malware as a service to cyber criminals. 178 00:13:28,830 --> 00:13:34,230 The cyber criminals using emoted could, for example, obtain banking credentials of victims using malware 179 00:13:34,350 --> 00:13:37,140 or installed ransomware on infected computers. 180 00:13:37,840 --> 00:13:39,960 And what that spread through spam emails. 181 00:13:40,680 --> 00:13:46,560 The emails contained infected attachments such as malicious word documents that contained the malware. 182 00:13:47,070 --> 00:13:53,130 Recently, it even used the fear of covid to spread itself via spam emails pretending to educate victims 183 00:13:53,130 --> 00:13:57,640 about covid emoted was one of the most active and dangerous threats. 184 00:13:57,660 --> 00:14:05,430 Up until recently, Emoted has suffered a major disruption in January 2021, after a major collaborative 185 00:14:05,430 --> 00:14:11,490 effort from international police, police has captured several hundred servers around the world, which 186 00:14:11,490 --> 00:14:17,700 were used to manage infected computers, spread the malware, surf cyber criminal groups and improve 187 00:14:17,700 --> 00:14:18,240 emoted. 188 00:14:19,430 --> 00:14:21,890 Next on the malware list is ransomware. 189 00:14:23,330 --> 00:14:29,270 Ransomware is a type of malware that threatens its victims with blocking access to the data or threatens 190 00:14:29,270 --> 00:14:34,250 them with publishing confidential data on the Internet unless a ransom is paid to the attackers. 191 00:14:35,060 --> 00:14:41,750 The most common types of ransom are encrypting ransomware, known, encrypting ransomware and exfiltration. 192 00:14:42,200 --> 00:14:47,790 The encrypting ransomware basically encrypts the victim's data, making it unavailable to anyone. 193 00:14:48,290 --> 00:14:53,900 Then the cyber criminals behind the ransomware ask for a ransom in order to provide the decryption key 194 00:14:53,900 --> 00:14:56,330 to the victim using the decryption key. 195 00:14:56,360 --> 00:15:00,360 In theory, the victim can decrease the data and have access to it again. 196 00:15:01,040 --> 00:15:06,410 However, be aware that even if the victim pays, there is no guarantee that the cyber criminals will 197 00:15:06,410 --> 00:15:08,060 actually provide the decryption key. 198 00:15:08,720 --> 00:15:12,450 The second type is not encrypted ransomware, also known as Calver. 199 00:15:13,190 --> 00:15:18,170 This is a less dangerous malware which just pretends that it has encrypted the victim's data. 200 00:15:18,710 --> 00:15:24,680 For example, such careworn can display an image on the victim's computer saying that the files have 201 00:15:24,680 --> 00:15:26,100 been encrypted by ransomware. 202 00:15:26,600 --> 00:15:29,950 This would be done in order to scare the victim into paying the ransom. 203 00:15:30,440 --> 00:15:34,590 However, in case of Scherba, the victim's data is still intact. 204 00:15:35,450 --> 00:15:38,290 Last type is exfiltration or neckwear. 205 00:15:38,690 --> 00:15:44,420 This type of ransomware threatens to leak online personal data of the victim, such as, for instance, 206 00:15:44,660 --> 00:15:48,870 private pictures or private conversations unless a ransom is paid. 207 00:15:49,550 --> 00:15:55,010 However, similar to encrypting ransomware, the victim has no guarantee that the attacker won't leak 208 00:15:55,010 --> 00:15:55,900 the data anyway. 209 00:15:57,560 --> 00:16:00,400 Let's have a quick look at the concrete example of ransomware. 210 00:16:01,040 --> 00:16:06,210 One is an encrypted ransomware, which was first discovered in May 2017. 211 00:16:06,950 --> 00:16:12,020 One is an encrypted ransomware, which was first discovered in May 2017. 212 00:16:12,860 --> 00:16:19,070 It spread through the Internet using an exploit named Internal Blue, which targeted Windows operating 213 00:16:19,070 --> 00:16:19,550 systems. 214 00:16:19,970 --> 00:16:26,870 The internal blue exploit was allegedly leaked from the US National Security Agency, even though Microsoft 215 00:16:26,870 --> 00:16:34,800 released a patch in March 2017 that fixed the vulnerability exploited by one Akroyd in May 2017, one 216 00:16:34,820 --> 00:16:40,220 crisis still spread to over two hundred and thirty thousand unpatched computers around the world. 217 00:16:40,940 --> 00:16:46,130 You can see on the left side a picture with the countries affected by the initial want to attack. 218 00:16:46,790 --> 00:16:48,980 The affected countries are colored in red. 219 00:16:49,910 --> 00:16:56,930 One impacted many companies and organizations such as the Spanish Telecom, Telefonica and the British 220 00:16:56,930 --> 00:17:03,230 National Health Service, impacting multiple hospitals which had to turn away patients and cancel scheduled 221 00:17:03,230 --> 00:17:03,920 operations. 222 00:17:04,460 --> 00:17:10,940 One Okri also infected FedEx, Deutsche Bank, Honda, Renault, the Russian Interior Ministry and the 223 00:17:10,940 --> 00:17:12,440 Russian Telecom Megafaun. 224 00:17:12,980 --> 00:17:18,590 The original attack of one Okri was stopped a few days later after a killswitch was found, which prevented 225 00:17:18,590 --> 00:17:20,060 one aircraft from spreading further. 226 00:17:20,870 --> 00:17:22,760 Next, we'll talk about spyware. 227 00:17:23,210 --> 00:17:28,190 Spyware is malware that infects devices in order to gather information about its victims. 228 00:17:28,640 --> 00:17:33,860 For instance, depending on the spyware, it can gather information such as credentials to different 229 00:17:33,860 --> 00:17:39,980 websites, browser history, a list of applications installed, emails sent and received, the input 230 00:17:39,980 --> 00:17:42,920 introduced from the keyboard or credit card information. 231 00:17:44,260 --> 00:17:52,270 Next on our list is Adver Adwar stands for advertising supported software and is basically software 232 00:17:52,270 --> 00:17:54,010 that is designed to generate ads. 233 00:17:54,790 --> 00:18:00,190 Adwar can also encourage users to install additional software promoted by third party users. 234 00:18:00,760 --> 00:18:02,620 Adwar is not necessarily mahrer. 235 00:18:03,010 --> 00:18:08,800 It can be used in legitimate use cases in which developers obtain extra income from ads. 236 00:18:09,370 --> 00:18:12,460 These ads can be embedded in their websites or applications. 237 00:18:13,120 --> 00:18:17,980 There are also other types of hardware which can be potentially unwanted applications. 238 00:18:18,640 --> 00:18:21,970 First, we have legal but abusive or deceptive adver. 239 00:18:22,840 --> 00:18:28,630 These type of Adwar might make it difficult for the user to opt out of installing additional software. 240 00:18:29,290 --> 00:18:35,520 Also in this category we might have Adwar, which displays ads that might be direct to malicious websites. 241 00:18:36,130 --> 00:18:41,530 In these cases, the creator of the Adwar might not be aware of the malicious third party ads. 242 00:18:42,280 --> 00:18:44,440 Another type of abusive but legal. 243 00:18:44,440 --> 00:18:47,140 Adwar is Adwar that produces excessive. 244 00:18:47,140 --> 00:18:53,050 At an example of such, Adwar can be a browser toolbar that bombards you with ads. 245 00:18:53,980 --> 00:19:00,250 Finally, we have illegal, malicious software in which the Adwar intentionally distributes malware 246 00:19:00,310 --> 00:19:01,810 or links to malicious websites. 247 00:19:02,470 --> 00:19:05,440 This type of hardware is often accompanied by spyware. 248 00:19:06,730 --> 00:19:08,620 Last on our list is rootkit. 249 00:19:09,890 --> 00:19:15,950 The term rootkit is a combination of the word truth, which is the name of privileged account in Unix 250 00:19:15,950 --> 00:19:21,640 like operating systems, and the work kit, which refers to the collection of software that implements 251 00:19:21,800 --> 00:19:28,190 all a rootkit, is a set of software tools used to gain privileged access or control over a host. 252 00:19:28,790 --> 00:19:33,710 It is usually classified as malware, since it's often used for malicious purposes. 253 00:19:34,460 --> 00:19:39,530 Malicious rockets are designed to stay hidden and conceal themselves as well as other malware. 254 00:19:40,310 --> 00:19:46,310 There are, however, some legitimate utilities using rootkit, for example, some applications that 255 00:19:46,310 --> 00:19:52,100 emulate hardware or software or some applications that are used to detect cheating in online games. 256 00:19:52,820 --> 00:19:55,990 With that, we conclude the exploration of different types. 257 00:19:57,360 --> 00:20:03,060 Before we wrap up, let's have a look at the malware metrics, you might have already noticed that some 258 00:20:03,060 --> 00:20:04,680 types of malware can overlap. 259 00:20:05,560 --> 00:20:11,620 To better understand the relations between different types, today, we will explore the following malware 260 00:20:11,620 --> 00:20:12,070 matrix. 261 00:20:12,580 --> 00:20:20,970 A virus cannot be worm y because a virus requires a host, while a worm, which is a standalone program 262 00:20:21,010 --> 00:20:28,210 that's not a virus, cannot be a Trojan either because the virus can replicate itself, while a Trojan 263 00:20:28,210 --> 00:20:37,390 cannot be says that a virus can be a malicious both ransomware, spyware, adware and finally can use 264 00:20:37,390 --> 00:20:40,930 a rootkit to gain privileged access and or conceal itself. 265 00:20:41,520 --> 00:20:43,990 Next, let's have a look at the computer worm. 266 00:20:44,560 --> 00:20:46,890 As we discussed, it cannot be a virus. 267 00:20:47,590 --> 00:20:54,710 Also, a worm cannot be a Trojan horse because a worm can self replicate while a Trojan cannot again. 268 00:20:54,760 --> 00:21:03,430 Besides that, a worm can be any other type of malware, such as a bot, ransomware, spyware, adware, 269 00:21:04,090 --> 00:21:07,930 and similarly to the virus, it can use a rootkit to gain privileged access. 270 00:21:08,930 --> 00:21:15,770 After the warm let's talk about Trojan, as we already mentioned, a Trojan cannot be a virus or a worm, 271 00:21:16,160 --> 00:21:23,450 but similarly to the worm and virus, it can be other types of malware, such as both ransomware, spyware, 272 00:21:23,930 --> 00:21:26,140 adware and rootkit. 273 00:21:26,870 --> 00:21:32,250 Next on the metrics, we have the malicious bot, which can also be any other type of malware. 274 00:21:33,080 --> 00:21:38,090 After that, we have ransomware, which similarly can be any other type of malware. 275 00:21:38,960 --> 00:21:40,600 One small note for ransomware. 276 00:21:40,760 --> 00:21:45,260 While technically possible, it does not make much sense for a ransomware to also be a nightmare. 277 00:21:46,760 --> 00:21:51,200 Next, we have spyware, which can also be any other type of malware discussed today. 278 00:21:52,220 --> 00:21:54,110 After that, we have a look at that. 279 00:21:54,740 --> 00:22:00,290 Similarly, it can be any other type of malware discussed today with the note that for Adwar, it does 280 00:22:00,290 --> 00:22:02,540 not make much sense to also be ransomware. 281 00:22:03,770 --> 00:22:09,140 Last, we have the rootkit which can be used by any other type of malware to discuss today in order 282 00:22:09,140 --> 00:22:12,420 to gain privileged access and or conceal the malware. 283 00:22:13,460 --> 00:22:19,340 I hope that after discussing this matrix, you now have a better understanding of relationships between 284 00:22:19,340 --> 00:22:21,060 different types of malware discussed today. 285 00:22:21,890 --> 00:22:25,800 To recap, in this lecture, we learn what mulberries, what it can do. 286 00:22:26,210 --> 00:22:31,940 We explore the most common types of malware, looking at their capabilities and some concrete examples. 287 00:22:32,340 --> 00:22:37,610 Finally, we had a look at the malware metrics to better understand the relationship between different 288 00:22:37,610 --> 00:22:38,360 types of malware. 289 00:22:39,080 --> 00:22:40,790 With that, we conclude this lecture. 290 00:22:41,270 --> 00:22:43,590 If you have any questions, don't hesitate to ask us. 291 00:22:43,970 --> 00:22:45,320 See you soon in the next lecture. 32123

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.