1 00:00:00,300 --> 00:00:04,500 Few of the most popular Malware types are discussed in this section. 2 00:00:05,510 --> 00:00:09,310 Malwares are usually categorized based on the method of infection. 3 00:00:10,380 --> 00:00:18,150 How they spread and by their intentions, good understanding of malware types will help in building defence 4 00:00:18,150 --> 00:00:18,800 against them. 5 00:00:20,520 --> 00:00:22,470 The first one is Virus. 6 00:00:23,750 --> 00:00:28,580 This type of malware attach themselves to clean files and do the harm. 7 00:00:30,290 --> 00:00:35,870 Typical intentions of a virus include deleting or corrupting the core system files. 8 00:00:36,990 --> 00:00:45,370 Trojans, these malwares appear as legitimate, often useful programs, but have malicious intent. 9 00:00:46,230 --> 00:00:49,440 The name trojan is derived from the Greek mythology. 10 00:00:50,850 --> 00:00:58,200 The Trojan Horse is a story from the Trojan War about how Greeks entered the independent city of Troy 11 00:00:58,560 --> 00:00:59,610 and won the war. 12 00:01:01,020 --> 00:01:08,580 The Greeks constructed a huge wooden horse and hit a select few force of men inside the horse. 13 00:01:09,520 --> 00:01:17,980 The Greeks pretended to sail away and the Trojans, the opponents pulled the horse into the city as 14 00:01:17,980 --> 00:01:18,840 a victory trophy. 15 00:01:19,970 --> 00:01:26,240 That night, the Greek force crept out of the horse and opened the gates for the rest of the Greek army, 16 00:01:26,930 --> 00:01:29,720 which had sailed back under cover of the night. 17 00:01:30,930 --> 00:01:35,630 The Greeks entered and destroyed the city of Troy, thereby ending the war. 18 00:01:37,010 --> 00:01:44,990 Similarly, Trojans enter a computer as unsuspecting software and create back doors are unauthorized 19 00:01:44,990 --> 00:01:46,550 access to an attacker. 20 00:01:48,690 --> 00:01:56,610 Worms this type of malware is known to spread itself using various methods, they make use of attached 21 00:01:56,610 --> 00:02:04,740 storage like USB stick mapped networks share in a computer and some worms can even send their own 22 00:02:04,740 --> 00:02:08,600 copies to all the email addresses in the address book. 23 00:02:10,670 --> 00:02:18,770 Ransomware, ransomware are the type of malware that encrypts the files on a system and demand a ransom 24 00:02:18,890 --> 00:02:20,060 in order to decrypt it. 25 00:02:21,310 --> 00:02:26,640 These are very popular as they give a direct financial benefit to an attacker. 26 00:02:28,420 --> 00:02:38,200 Spyware, Spywares are malwares designed to collect sensitive information like passwords, credit card numbers, 27 00:02:38,440 --> 00:02:45,610 surfing habits, etc. Some spyware even take pictures and record audio using the built-in camera and 28 00:02:45,610 --> 00:02:46,240 microphones. 29 00:02:47,920 --> 00:02:55,140 Adwares, adwares or not usually malicious in nature, but are designed to serve you adds. 30 00:02:56,050 --> 00:03:01,040 However, adwares can be a gateway to other malwares on your system. 31 00:03:01,820 --> 00:03:07,210 Also, these adwares consume system resources rendering the computer slow. 32 00:03:08,520 --> 00:03:09,150 Botnet. 33 00:03:10,230 --> 00:03:19,590 The word botnet is derived from two words, robot and network, which literally means robot on the network, 34 00:03:19,950 --> 00:03:26,520 just like a robot, follows the orders of a master botnet, follow the instruction of a master computer 35 00:03:26,730 --> 00:03:28,410 called as command and control. 36 00:03:29,400 --> 00:03:36,860 These botnets, also referred to as zombie computers, are often used to launch attacks on other targets. 37 00:03:38,910 --> 00:03:46,170 Rootkits, rootkits infects the device drivers like audio drivers or network drivers or video drivers 38 00:03:46,170 --> 00:03:51,510 because drivers run even before the operating system is booted. 39 00:03:51,840 --> 00:03:59,640 It is usually difficult to detect a rootkit because antivirus only starts after the operating system 40 00:03:59,640 --> 00:04:00,270 is booted up. 41 00:04:02,230 --> 00:04:10,750 Key logger, a key logger is a type of spyware specifically designed to capture keystrokes of an infected 42 00:04:10,750 --> 00:04:11,210 computer. 43 00:04:12,010 --> 00:04:15,460 These recorded keystrokes are later sent to an attacker. 44 00:04:16,920 --> 00:04:24,690 Another type of malware is a scareware this type is usually designed to trick the user into buying unnecessary 45 00:04:24,690 --> 00:04:29,580 software like a fake antivirus program or sometimes more dangerous software. 46 00:04:31,040 --> 00:04:38,030 Logic bomb, logic bomb is a malicious piece of code that will trigger when a specific condition is met, 47 00:04:38,810 --> 00:04:47,090 like start doing a SYN flood attack on a company, ABC, exactly midnight of 25th December 2021. 48 00:04:47,090 --> 00:04:54,980 or if my name does not appear in the payroll for three consecutive months, then 49 00:04:55,190 --> 00:04:56,420 delete some data. 50 00:04:58,810 --> 00:05:04,400 Backdoors, backdoors allow an attacker to gain unauthorized access to a victim's computer. 51 00:05:05,200 --> 00:05:10,330 These malware are sometimes referred to as RAT's. Remote Access Trojans. 52 00:05:11,760 --> 00:05:18,270 These compromised machines can be used to launch attacks on the other systems or they might be used to do 53 00:05:18,270 --> 00:05:20,850 internal reconnaissance in a company's network. 54 00:05:23,650 --> 00:05:30,460 It is important to understand that a malware in reality is usually built using behaviors of different 55 00:05:30,460 --> 00:05:37,530 types of malwares, that is, you cannot clearly categorize any malware into one specific category. 56 00:05:38,610 --> 00:05:43,320 To make this point more clear, let us look at an example of a ransomware. 57 00:05:44,680 --> 00:05:50,890 Obviously, because it is a ransomware, a part of the code needs to take care of encrypting the file 58 00:05:51,730 --> 00:05:53,060 on the infected machine. 59 00:05:53,680 --> 00:05:55,900 This makes the malware ransomware. 60 00:05:57,150 --> 00:06:03,720 However, the attacker might want this malware to spread to as many machines as possible so there will 61 00:06:03,800 --> 00:06:07,830 be part of the code that will replicate the malware, making it a worm. 62 00:06:09,580 --> 00:06:14,560 attacker might want to keep connection with the compromised machine, either to pass the decryption 63 00:06:14,560 --> 00:06:16,960 keys or any other instructions. 64 00:06:18,170 --> 00:06:24,430 So a part of the code keeps connecting to attackers machine, making this malware a botnet. 65 00:06:25,440 --> 00:06:31,950 Finally, the attacker might package this whole malware into a wallpaper or a legitimate sounding software 66 00:06:32,250 --> 00:06:37,950 like registry cleaner or speed booster, etc., thus making this program a Trojan. 67 00:06:38,970 --> 00:06:45,630 So even though theoretically we learn different types of malware, in reality, they usually appear 68 00:06:45,630 --> 00:06:47,640 as a combination of malware types.