Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:05,266 Welcome to this new lesson of Introduction to Malware Analysis 2 00:00:08,433 --> 00:00:12,433 Now lets talk about the main types of malware 3 00:00:13,266 --> 00:00:20,832 Virus or Worm: is a Malware that is capable of copying itself and spreading to other computers. 4 00:00:20,833 --> 00:00:28,966 Rootkit: is a Malware that provides the attacker with privileged access to the infected system and conceals its presence 5 00:00:28,966 --> 00:00:32,966 or the presence of other software. 6 00:00:32,966 --> 00:00:40,899 Backdoor / Remote Access Trojan (RAT): This is a type of Trojan that enables the attacker to gain access to, 7 00:00:40,900 --> 00:00:49,900 and execute commands on the compromised system. If you are interested in this kind of malware Metasploit plataform, is amazing. 8 00:00:49,900 --> 00:00:56,333 A downloader try to establish a connection to a Command and Control Center and download malware, 9 00:00:56,333 --> 00:01:05,566 sometimes is confused by a dropper but this last one execute itself almost immediately, for example could camouflaged in a word macro 10 00:01:05,566 --> 00:01:15,032 if you allow the macro, the payload try to infect the system. Will be doing a simple downloader exercise later on this course. 11 00:01:15,033 --> 00:01:20,966 Ransomware: Malware that holds the system for ransom by locking users files. 12 00:01:20,966 --> 00:01:25,832 We’ll have a big section for ransomware ahead on this course. 13 00:01:25,833 --> 00:01:30,533 Adware: Malware that presents unwanted advertisements. 14 00:01:30,533 --> 00:01:39,566 Information stealer: Malware designed to steal data such as banking credentials or keystrokes from the infected system. 15 00:01:39,566 --> 00:01:47,466 Some examples of these malicious programs include keyloggers, spyware, sniffers, and form grabbers. 16 00:01:47,466 --> 00:01:51,466 We'll have a big section dedicated to keyloggers. 17 00:01:51,466 --> 00:01:59,466 Botnet: is an army of infected equipment, waiting to receive instructions from the command-and-control center 18 00:01:59,466 --> 00:02:05,332 controlled by the attacker. The attacker can then issue a command to these bots, 19 00:02:05,333 --> 00:02:13,633 which can perform malicious activities such as Distribution denial of service attacks or sending spam. 20 00:02:13,633 --> 00:02:23,066 Trojan: is a Malware that disguises itself as a regular program and trick users to install it on their systems. 21 00:02:27,166 --> 00:02:37,832 Malware components. Payload: This is the core component of malware, it’s the code that carry on the main malicious actions. 22 00:02:37,833 --> 00:02:42,599 Obfuscator: Usually a packer or protector to encrypt or compress the malware. 23 00:02:42,600 --> 00:02:47,433 Persistence: How the malware manages to stay in the system. 24 00:02:47,433 --> 00:02:55,633 Stealth component: Hides the malware from antivirus, analysis tools and security researchers. 25 00:02:55,633 --> 00:03:01,866 Armoring: Protects the malware from: antivirus, debuggers, decompilers, disassembler, etc. 26 00:03:01,866 --> 00:03:08,666 Command and Control Center (C&C): This is the control center that malware try to connect to for further instructions. 27 00:03:08,666 --> 00:03:17,499 Managed by the attackers, try to establish a connection line to victim system to exfiltrate data, send malware and more. 28 00:03:20,100 --> 00:03:24,100 Command and control center also known as c and c, cc or c two 29 00:03:25,233 --> 00:03:33,233 Command and Control center is a server that attacker use to send instructions to infected hosts and receive data exfiltration 30 00:03:33,233 --> 00:03:37,233 made by the malware installed in those hosts 31 00:03:37,233 --> 00:03:43,999 Once the malware installs itself could try to make contact to CC for further instructions. 32 00:03:44,000 --> 00:03:55,933 For example a keylogger makes contact to CC to send the stolen keystrokes, or a ransomware connects to a CC asking for an ecryption key. 33 00:03:55,933 --> 00:04:02,433 Will see this in more detail in the correspondents keylogger and ransomware sections. 34 00:04:06,500 --> 00:04:10,600 CC could also be used to try to download more malware 35 00:04:10,600 --> 00:04:18,933 A successful CC must remain anonymous, a popular way to do this is using TOR 36 00:04:18,933 --> 00:04:24,299 Tor is a navigator that enable people to browse the internet anonymously, 37 00:04:24,300 --> 00:04:30,233 achieves this by disguising your identity moving your traffic across different Tor servers, 38 00:04:30,233 --> 00:04:33,333 and encrypting that traffic. 39 00:04:33,633 --> 00:04:39,966 We can see the attacker in this picture, and the red line means there's not encryption, 40 00:04:39,966 --> 00:04:45,732 but once in tor, the green line indicates that the data is encrypted. 41 00:04:45,966 --> 00:04:54,032 In this cloud could be many tor routers, once the data reach out destination, the data arrives decrypted, 42 00:04:54,033 --> 00:05:02,466 but if someone try to trace back this traffic, to try to catch the attacker, is necessary ask for the logs in these routers 43 00:05:02,466 --> 00:05:09,132 and tor does not store ip's, then is very powerful for anonymity 44 00:05:09,133 --> 00:05:14,666 The extension .onion indicates the site can only be access through TOR, 45 00:05:14,666 --> 00:05:20,699 that's why usually ransomware rescue notes, asking for money, use .onion links, 46 00:05:20,700 --> 00:05:26,466 because it makes very difficult to trace those links back, to the attackers. 47 00:05:29,866 --> 00:05:35,699 thanks and please join me on the next lesson. 6082