1 00:00:14,850 --> 00:00:19,770 In the last lecture we saw on the virus, the working of virus. 2 00:00:20,190 --> 00:00:28,650 So now once you know how the virus performs in this lecture, you will see the different types of viruses. 3 00:00:29,190 --> 00:00:33,690 But before that, we will see indications of virus attacks. 4 00:00:34,320 --> 00:00:37,470 So what are the indications of a virus attack? 5 00:00:39,120 --> 00:00:48,750 Well, computer beeps with noticeably then try will automatically changes are the most common is a constant 6 00:00:48,750 --> 00:00:50,740 pop up window appears on your screen. 7 00:00:51,780 --> 00:00:57,720 Well, if the system acts in an unprecedented manner, you can suspect virus attack. 8 00:00:58,530 --> 00:01:06,740 However, not all glitches can be attributed to virus attacks due to misconfiguration or the hardware 9 00:01:06,750 --> 00:01:09,720 failure when the system can act abnormally. 10 00:01:10,170 --> 00:01:14,760 But that does not mean that every abnormal behavior type is a virus. 11 00:01:15,480 --> 00:01:24,570 Well, suspicious hard drive activity or freezing of browser window suddenly can also be an indication 12 00:01:24,570 --> 00:01:25,260 providers could. 13 00:01:26,370 --> 00:01:33,050 As a security expert, you must be able to tell why this is causing a virus attack. 14 00:01:33,510 --> 00:01:35,530 What are the implications of that? 15 00:01:36,030 --> 00:01:40,350 Suppose a victim comes to you and tells you that this is this is happening. 16 00:01:41,100 --> 00:01:47,340 You should be able to identify which attack is going on, which type of virus has been affected. 17 00:01:47,550 --> 00:01:54,240 That victim's computer lack of storage space can also be an indication of virus attack. 18 00:01:54,720 --> 00:01:59,530 Since the virus replicates itself, it eats up a lot of space on your hard drive. 19 00:02:00,240 --> 00:02:02,880 How does a computer get infected by a virus? 20 00:02:02,910 --> 00:02:06,660 What is the type of the propagation of a virus when? 21 00:02:07,110 --> 00:02:12,600 Well, when a user accepts files and downloads without checking properly from the source. 22 00:02:13,770 --> 00:02:20,850 Security experts always tell you to check the hashes or download the files only from the legitimate 23 00:02:20,850 --> 00:02:28,590 source, then opening infected email attachments that is phishing or installing pirated software. 24 00:02:28,620 --> 00:02:33,660 This is one of the most important way of propagating a virus. 25 00:02:34,020 --> 00:02:36,270 Never download pirates off the list. 26 00:02:36,900 --> 00:02:44,520 Security experts always tell the new lonas that it is always better to pay the price for the software 27 00:02:44,850 --> 00:02:48,350 rather than paying thousands of dollars to recover the data. 28 00:02:49,530 --> 00:02:57,030 They're not updating and not installing new versions of plugins using portable medias, clicking malicious 29 00:02:57,030 --> 00:02:58,050 online ads. 30 00:02:58,620 --> 00:03:06,130 Connecting to untoasted networks are some of the ways in which a computer can get infected by viruses. 31 00:03:07,050 --> 00:03:11,250 Now let us see one by one what other types of viruses. 32 00:03:11,730 --> 00:03:19,830 Make sure you closely listen to this video, because as a certified professional or as a cybersecurity 33 00:03:19,830 --> 00:03:24,540 enthusiast, you must be able to tell the difference between two viruses. 34 00:03:25,410 --> 00:03:32,040 Because if anyone comes at you telling the cause or what is happening, you can just simply say that 35 00:03:32,040 --> 00:03:32,730 it's a virus. 36 00:03:33,150 --> 00:03:34,650 You have to be specific. 37 00:03:35,130 --> 00:03:42,780 Such questions are asked during interviews because clearing these fundamental is more important than 38 00:03:42,780 --> 00:03:43,670 running the tools. 39 00:03:44,220 --> 00:03:50,030 Anyone can run the tools, but it is more important to know the concepts behind these tools. 40 00:03:50,220 --> 00:03:59,850 So let us start with the first type of virus that is system and is music to various moves. 41 00:03:59,850 --> 00:04:07,230 And B.R. that is master would record to another location on the hard drive and copy itself to the particular 42 00:04:07,240 --> 00:04:09,640 location of the master would record. 43 00:04:10,140 --> 00:04:13,280 This is known as the system or the board Securus. 44 00:04:13,740 --> 00:04:21,450 So what it does is this word is copy's the NBA to some random location and NBA location is very important 45 00:04:21,450 --> 00:04:22,170 for a system. 46 00:04:22,710 --> 00:04:31,170 And what this world does is that these this word is copies itself into the mean mood location so that 47 00:04:31,680 --> 00:04:33,600 it gets to replicate itself. 48 00:04:34,020 --> 00:04:36,990 This is the main function of a board Securus. 49 00:04:37,800 --> 00:04:45,000 The next is the fireworks file, whereas in infect files which are executed or interpreted in the system 50 00:04:45,420 --> 00:04:57,210 such as Comm, ETECSA, ASIC or OPG Emeny and backfills file viruses can either be direct action or 51 00:04:57,210 --> 00:04:57,750 memory loss. 52 00:05:00,330 --> 00:05:04,230 The next step is the multipotent and macro viruses. 53 00:05:05,100 --> 00:05:12,150 Multipotent viruses infect the system, butel sector and executable files at the same time. 54 00:05:12,840 --> 00:05:14,100 So seehofer. 55 00:05:14,160 --> 00:05:21,760 Destructible viruses are macro viruses, infect the files, created a Microsoft Word or Excel. 56 00:05:22,020 --> 00:05:30,600 So whenever an Excel file is corrupt or if you observe that Excel files behaving abnormally, you can 57 00:05:30,600 --> 00:05:33,420 guess that it may be Makarova else. 58 00:05:34,290 --> 00:05:40,860 Most macro viruses are written using macro language that is visual basic for applications. 59 00:05:40,980 --> 00:05:50,910 VVA macro viruses infect templates or convert infected documents into template files while maintaining 60 00:05:50,910 --> 00:05:53,610 the appearance of ordinary document files. 61 00:05:54,930 --> 00:05:58,500 The next is cluster and stealth viruses. 62 00:05:59,340 --> 00:06:07,430 Cluster viruses modify directly table increase so that points users or system processes to the virus 63 00:06:07,440 --> 00:06:07,920 could. 64 00:06:08,460 --> 00:06:16,080 Instead of the actual program, cluster viruses will launch itself first when any program in the computer 65 00:06:16,080 --> 00:06:17,490 system is started. 66 00:06:19,150 --> 00:06:25,160 Still, tourists are also known as bundling letters, donating letters this year. 67 00:06:25,190 --> 00:06:30,430 The antivirus software, but intercepting its request to the operating system. 68 00:06:31,480 --> 00:06:35,870 This virus can hide itself by intercepting the antivirus software. 69 00:06:35,890 --> 00:06:42,700 The request to read the file and passing the request to the virus instead of the operating system. 70 00:06:44,040 --> 00:06:47,080 The next is the encryption virus. 71 00:06:50,040 --> 00:06:56,880 This type of virus uses simple encryption to answer for the call, the virus is encrypted with a different 72 00:06:56,880 --> 00:07:06,270 key for each infected file polymorphic virus, a polymorphic core, is a code that mutates while keeping 73 00:07:06,270 --> 00:07:08,240 the original algorithm intact. 74 00:07:08,910 --> 00:07:17,430 So a well-written polymorphic virus, therefore, has no part that is that stay the same on the same 75 00:07:17,430 --> 00:07:22,320 infection so you can see this virus and replicated over and over the time. 76 00:07:22,830 --> 00:07:24,720 So you can see how dangerous it is. 77 00:07:26,040 --> 00:07:28,040 The next is metamorphic virus. 78 00:07:29,910 --> 00:07:34,890 I haven't listed the morphic viruses, but I would like to give a short description. 79 00:07:35,670 --> 00:07:41,910 Metamorphic viruses rewrite themselves completely each time they are to infect a new executable. 80 00:07:43,040 --> 00:07:47,130 So from the description itself, these viruses are dangerous. 81 00:07:47,750 --> 00:07:53,300 You mean viruses are the types of viruses which are commonly found into e-mail attachments that infect 82 00:07:53,300 --> 00:07:53,870 PCs? 83 00:07:54,710 --> 00:07:59,930 File extension viruses are the viruses which are inside the file extension, for example. 84 00:08:00,680 --> 00:08:03,860 There is a file known as File Dot, BHP dot. 85 00:08:03,860 --> 00:08:11,570 The original file is a BHP file, but it is a hide or hidden inside would be defined. 86 00:08:12,170 --> 00:08:16,190 So this is how these viruses play an important role. 87 00:08:16,640 --> 00:08:24,470 And as a security student, you must be able to distinguish between these viruses if you have interest. 88 00:08:25,190 --> 00:08:31,190 We have provided some links so that you can go to those links or then you can go on Google and search 89 00:08:31,190 --> 00:08:32,660 for these types of viruses. 90 00:08:33,080 --> 00:08:35,620 What are the virus detection methods now? 91 00:08:35,630 --> 00:08:43,040 In order to identify which virus is has been affecting the system, it is important to detect those 92 00:08:43,250 --> 00:08:43,990 viruses. 93 00:08:44,570 --> 00:08:47,450 There are five steps in detecting notice. 94 00:08:47,870 --> 00:08:49,370 The first is scanning. 95 00:08:50,330 --> 00:08:56,480 Once the virus has been detected, it is possible to write scanning programs that look for signature 96 00:08:56,490 --> 00:09:03,650 screen characteristics, the virus, the nexted integrity, checking integrity, checking products, 97 00:09:03,680 --> 00:09:05,900 work by reading the entire disk. 98 00:09:06,350 --> 00:09:09,760 Recording Integrity Data then acts as a signature. 99 00:09:10,760 --> 00:09:17,540 Next is Interception The Intercept to monitors the operating system requests that are written to the 100 00:09:17,540 --> 00:09:24,410 disk code execution or code emulation encoding techniques. 101 00:09:24,590 --> 00:09:32,900 The antivirus executes the malicious code inside a virtual machine to simulate the CPU and memory activities. 102 00:09:33,170 --> 00:09:38,580 Therefore, from this, the antivirus software on the company was launched. 103 00:09:38,610 --> 00:09:43,100 The antivirus can get an idea of how the virus works. 104 00:09:43,340 --> 00:09:45,680 Basically the reverse engineering task. 105 00:09:46,500 --> 00:09:49,070 The last one is juristic analysis. 106 00:09:49,520 --> 00:09:54,290 Juristic analysis can be static or dynamic in static analysis. 107 00:09:54,590 --> 00:10:02,990 The antivirus analyzes the file format and chord structure to determine if the code is worded in the 108 00:10:02,990 --> 00:10:09,200 next lecture, which is going to be the last lecture of malware that we will see how to defend against 109 00:10:09,410 --> 00:10:10,220 these attacks.