The chances of you watching this video and never having to deal with malware is pretty small. But in this episode, what I want to do is let's just talk about malware. Now to get things started, what I want to say is that malware is nothing more than software that is running on your system that a you don't want it there and be it may or may not be doing something naughty in most cases, it's doing something naughty. So what I want to do in this episode is go through each of the different types of malware that are listed on the exam, starting with a virus. Now, it makes me laugh a little bit when I see the word virus on the exam, because really, virus is a very old fashioned term, viruses go back to the mid 1980s, arguably, and a virus is a piece of software that somehow gets on your computer.
Now keep in mind we're talking about before internet. So back in the old days, a virus would get on your computer through a floppy disk. You ever heard of those or more A modern, maybe a thumb drive. So what would happen is a virus would get on your system, it would attach itself often to operating system files or something like that. And it would go ahead and do two things. Number one, it would propagate.
So anytime someone else to in a floppy disk or punched in another thumb drive Well, the viruses job was to get itself onto that removable media. So it could spread itself out to other different types of devices. The other thing that it does is that a virus will activate now when we talk about activation. Back in the old days, they would do amusing cute things like the famous falling letters virus, or maybe you would see something would put a happy face up on your screen. But it didn't take very long for viruses to start doing really terrible things. Like for example, erasing the boot sector on your hard drive.
So the term virus is a little bit dated in that, really because we're so internet connected. Now we have to take some broader views. So going with that, let's go ahead and talk about adware. Now when I say adware, all I'm talking about are programs that try to put ads up. So they're pretty much web centric. And what will happen is you'll be on some web page, and suddenly something's going to pop up saying, oh, by this adware when it first came out years ago was in many people's opinion, kind of a good thing.
You know, you'd be trying to buy flowers from one website, and then all of a sudden, this thing would pop up and go, we will sell you the same flowers for half price. Over time, it became noxious, and we decided that adware was also a very, very bad thing. The next type of malware you're going to see on the exam is spyware. Now, spyware is kind of an interesting term, but basically what it means is that spyware is some form of malware that is hiding itself from you. So you don't see it up on the screen or anything. But what it's doing is it's phoning home one way or another.
It could be traveling What you're doing in terms of web browsing, it could be stealing cookie information. The bottom line is, is that spyware is something that we really, really don't want on our systems. A Trojan horse or as I say, a Trojan is a piece of software that does something like this. No, no, no, that's a real Trojan horse. What we're talking about when we say Trojan horse, we're talking about a piece of software that is running on your system. And it may do something, it could be a game or a chat tool or whatever it's so it's doing something nice, but it's also doing something naughty in the background.
So Trojan horses are not like viruses, they don't propagate on their own. There has to be something compelling about that application that says, Oh, I want to download this and run it type of thing. Now, that type of Trojan is kind of old fashioned these days. What we tend to see more than anything else when we talk about Trojans are what we call remote access Trojans, a remote access Trojan is a Trojan but the big differences is it doesn't do anything naughty until somebody in a remote location goes ahead and manually turns it on to do whatever naughtiness that it's going to do. So when we're talking about the Trojan horse, we've got the classic Trojans, and then we have the remote access Trojan. So when you're talking about a Trojan, remember, it's a piece of software.
That's something like that. Next is ransomware or crypto malware, same term. Well, what we're talking about here is a type of malware that does. In fact, a lot of people consider one of the most evil malware out there and it simply does something to your system, locks it in some way that you can't get to it until you pay somebody some money to have them go ahead and unlock your system. Now ransomware has been out for a few years now probably started originally with the infamous crypto locker. But there's a lot of derivations out there these days that can Do all kinds of naughtiness, and it is a big, big problem.
Now, next I want to talk about one of my absolute favorites, the logic bomb. A logic bomb has some similarities to a remote access Trojan. A logic bomb is a program that is sitting on a computer. It doesn't propagate, it has to activate but whereas a remote access Trojan would be activated remotely. A logic bomb kicks off because some event has taken place. Probably one of the best examples of a logic bomb would be say I'm a disgruntled employee, and I can actually create a logic bomb that will only go off if an administrator disables my account.
For example, if I was fired. Now there's a lot of malware out there that could be argued that it could be for goodness as much as for badness. So the two I'm talking about Right now are rootkits and backdoors. Now a rootkit. The name root is actually a clue is a piece of software that grabs administrative or very, very big privileges so that he can do things to other stuff that's running on the computer. Probably the most famous rootkit of all was the famous Sony rootkit back a long time ago.
And it's a great example of Is it good? Or is it bad because that Sony rootkit was used for digital rights management? So in that case, well, it was good for Sony. I don't know about the rest of us, though. rootkits are particularly notorious to detect because of the nature of their administrative or root level privileges, it can be a challenge to actually detect and get rid of them. So it's always a big deal.
Along with that is going to be a backdoor. Now, a backdoor is a piece of software that has some intentionally derived way to get into it to do something now If I were a developer of software, for example, and I would write a backdoor that would allow me to access somebody in a remote situation, so I could work on it, that might be a good thing. I could be that same developer. And I could put a backdoor into my software application that erases it. If you don't pay me on time, that might be a bad thing. So when we talk about backdoors, when we talk about rootkits, keep in mind that there is some argument for goodness but generally, when we call them malware, they're doing something bad.
Now, the next thing I want to talk about are isn't really so much malware itself as some aspects of what malware can do. And probably the best first example is going to be what we call polymorphic malware. polymorphic malware is malware that changes itself. The reason it changes itself is because any anti malware program is going to be using digital signatures to recognize these different types of bits of malware. Literally ones and zeros that define these different pieces of naughty programs. So a polymorphic is simply going to change its own code, just enough to confuse the digital signatures of your anti malware program.
And they're extremely common today. Now, an armored virus is a little bit different. an armored virus is a virus that is designed to make it hard for the anti malware people to figure out what's going on. The number one tool we use to get rid of malware is we get a piece of malware, and then we reverse engineer it to see how it ticks. So an armored virus is going to Well, first of all, it's going to have into its code, little like memory locations and stuff that make it hard to actually find the malware itself. And then along with that, it's going to have a lot of superfluous code that does absolutely nothing, whose only job is to confuse the reverse engineers.
So when we're talking about an armored virus, or we're talking About polymorphic that isn't just one piece of malware, it's just aspects of what they might do. Now speaking of aspects, we've talked about a lot of different pieces of malware in here. But one of the things we haven't talked about is what do they do. And probably one of the more common things that we see is what we call a key logger. Key loggers simply as the name and fers will record keystrokes letting people capture passwords or private information or whatever they might want. So a lot of different types of malware will use a key logging function to get bad information.
Now, the other way we'll see key loggers in a lot of situations is there'll be some type of little dongle a ps3 dongle that plugs into a keyboard or a little USB device that you plug in. And that device is simply there to record keystrokes.