1
00:00:14,850 --> 00:00:19,770
In the last lecture we saw on the virus, the working of virus.

2
00:00:20,190 --> 00:00:28,650
So now once you know how the virus performs in this lecture, you will see the different types of viruses.

3
00:00:29,190 --> 00:00:33,690
But before that, we will see indications of virus attacks.

4
00:00:34,320 --> 00:00:37,470
So what are the indications of a virus attack?

5
00:00:39,120 --> 00:00:48,750
Well, computer beeps with noticeably then try will automatically changes are the most common is a constant

6
00:00:48,750 --> 00:00:50,740
pop up window appears on your screen.

7
00:00:51,780 --> 00:00:57,720
Well, if the system acts in an unprecedented manner, you can suspect virus attack.

8
00:00:58,530 --> 00:01:06,740
However, not all glitches can be attributed to virus attacks due to misconfiguration or the hardware

9
00:01:06,750 --> 00:01:09,720
failure when the system can act abnormally.

10
00:01:10,170 --> 00:01:14,760
But that does not mean that every abnormal behavior type is a virus.

11
00:01:15,480 --> 00:01:24,570
Well, suspicious hard drive activity or freezing of browser window suddenly can also be an indication

12
00:01:24,570 --> 00:01:25,260
providers could.

13
00:01:26,370 --> 00:01:33,050
As a security expert, you must be able to tell why this is causing a virus attack.

14
00:01:33,510 --> 00:01:35,530
What are the implications of that?

15
00:01:36,030 --> 00:01:40,350
Suppose a victim comes to you and tells you that this is this is happening.

16
00:01:41,100 --> 00:01:47,340
You should be able to identify which attack is going on, which type of virus has been affected.

17
00:01:47,550 --> 00:01:54,240
That victim's computer lack of storage space can also be an indication of virus attack.

18
00:01:54,720 --> 00:01:59,530
Since the virus replicates itself, it eats up a lot of space on your hard drive.

19
00:02:00,240 --> 00:02:02,880
How does a computer get infected by a virus?

20
00:02:02,910 --> 00:02:06,660
What is the type of the propagation of a virus when?

21
00:02:07,110 --> 00:02:12,600
Well, when a user accepts files and downloads without checking properly from the source.

22
00:02:13,770 --> 00:02:20,850
Security experts always tell you to check the hashes or download the files only from the legitimate

23
00:02:20,850 --> 00:02:28,590
source, then opening infected email attachments that is phishing or installing pirated software.

24
00:02:28,620 --> 00:02:33,660
This is one of the most important way of propagating a virus.

25
00:02:34,020 --> 00:02:36,270
Never download pirates off the list.

26
00:02:36,900 --> 00:02:44,520
Security experts always tell the new lonas that it is always better to pay the price for the software

27
00:02:44,850 --> 00:02:48,350
rather than paying thousands of dollars to recover the data.

28
00:02:49,530 --> 00:02:57,030
They're not updating and not installing new versions of plugins using portable medias, clicking malicious

29
00:02:57,030 --> 00:02:58,050
online ads.

30
00:02:58,620 --> 00:03:06,130
Connecting to untoasted networks are some of the ways in which a computer can get infected by viruses.

31
00:03:07,050 --> 00:03:11,250
Now let us see one by one what other types of viruses.

32
00:03:11,730 --> 00:03:19,830
Make sure you closely listen to this video, because as a certified professional or as a cybersecurity

33
00:03:19,830 --> 00:03:24,540
enthusiast, you must be able to tell the difference between two viruses.

34
00:03:25,410 --> 00:03:32,040
Because if anyone comes at you telling the cause or what is happening, you can just simply say that

35
00:03:32,040 --> 00:03:32,730
it's a virus.

36
00:03:33,150 --> 00:03:34,650
You have to be specific.

37
00:03:35,130 --> 00:03:42,780
Such questions are asked during interviews because clearing these fundamental is more important than

38
00:03:42,780 --> 00:03:43,670
running the tools.

39
00:03:44,220 --> 00:03:50,030
Anyone can run the tools, but it is more important to know the concepts behind these tools.

40
00:03:50,220 --> 00:03:59,850
So let us start with the first type of virus that is system and is music to various moves.

41
00:03:59,850 --> 00:04:07,230
And B.R. that is master would record to another location on the hard drive and copy itself to the particular

42
00:04:07,240 --> 00:04:09,640
location of the master would record.

43
00:04:10,140 --> 00:04:13,280
This is known as the system or the board Securus.

44
00:04:13,740 --> 00:04:21,450
So what it does is this word is copy's the NBA to some random location and NBA location is very important

45
00:04:21,450 --> 00:04:22,170
for a system.

46
00:04:22,710 --> 00:04:31,170
And what this world does is that these this word is copies itself into the mean mood location so that

47
00:04:31,680 --> 00:04:33,600
it gets to replicate itself.

48
00:04:34,020 --> 00:04:36,990
This is the main function of a board Securus.

49
00:04:37,800 --> 00:04:45,000
The next is the fireworks file, whereas in infect files which are executed or interpreted in the system

50
00:04:45,420 --> 00:04:57,210
such as Comm, ETECSA, ASIC or OPG Emeny and backfills file viruses can either be direct action or

51
00:04:57,210 --> 00:04:57,750
memory loss.

52
00:05:00,330 --> 00:05:04,230
The next step is the multipotent and macro viruses.

53
00:05:05,100 --> 00:05:12,150
Multipotent viruses infect the system, butel sector and executable files at the same time.

54
00:05:12,840 --> 00:05:14,100
So seehofer.

55
00:05:14,160 --> 00:05:21,760
Destructible viruses are macro viruses, infect the files, created a Microsoft Word or Excel.

56
00:05:22,020 --> 00:05:30,600
So whenever an Excel file is corrupt or if you observe that Excel files behaving abnormally, you can

57
00:05:30,600 --> 00:05:33,420
guess that it may be Makarova else.

58
00:05:34,290 --> 00:05:40,860
Most macro viruses are written using macro language that is visual basic for applications.

59
00:05:40,980 --> 00:05:50,910
VVA macro viruses infect templates or convert infected documents into template files while maintaining

60
00:05:50,910 --> 00:05:53,610
the appearance of ordinary document files.

61
00:05:54,930 --> 00:05:58,500
The next is cluster and stealth viruses.

62
00:05:59,340 --> 00:06:07,430
Cluster viruses modify directly table increase so that points users or system processes to the virus

63
00:06:07,440 --> 00:06:07,920
could.

64
00:06:08,460 --> 00:06:16,080
Instead of the actual program, cluster viruses will launch itself first when any program in the computer

65
00:06:16,080 --> 00:06:17,490
system is started.

66
00:06:19,150 --> 00:06:25,160
Still, tourists are also known as bundling letters, donating letters this year.

67
00:06:25,190 --> 00:06:30,430
The antivirus software, but intercepting its request to the operating system.

68
00:06:31,480 --> 00:06:35,870
This virus can hide itself by intercepting the antivirus software.

69
00:06:35,890 --> 00:06:42,700
The request to read the file and passing the request to the virus instead of the operating system.

70
00:06:44,040 --> 00:06:47,080
The next is the encryption virus.

71
00:06:50,040 --> 00:06:56,880
This type of virus uses simple encryption to answer for the call, the virus is encrypted with a different

72
00:06:56,880 --> 00:07:06,270
key for each infected file polymorphic virus, a polymorphic core, is a code that mutates while keeping

73
00:07:06,270 --> 00:07:08,240
the original algorithm intact.

74
00:07:08,910 --> 00:07:17,430
So a well-written polymorphic virus, therefore, has no part that is that stay the same on the same

75
00:07:17,430 --> 00:07:22,320
infection so you can see this virus and replicated over and over the time.

76
00:07:22,830 --> 00:07:24,720
So you can see how dangerous it is.

77
00:07:26,040 --> 00:07:28,040
The next is metamorphic virus.

78
00:07:29,910 --> 00:07:34,890
I haven't listed the morphic viruses, but I would like to give a short description.

79
00:07:35,670 --> 00:07:41,910
Metamorphic viruses rewrite themselves completely each time they are to infect a new executable.

80
00:07:43,040 --> 00:07:47,130
So from the description itself, these viruses are dangerous.

81
00:07:47,750 --> 00:07:53,300
You mean viruses are the types of viruses which are commonly found into e-mail attachments that infect

82
00:07:53,300 --> 00:07:53,870
PCs?

83
00:07:54,710 --> 00:07:59,930
File extension viruses are the viruses which are inside the file extension, for example.

84
00:08:00,680 --> 00:08:03,860
There is a file known as File Dot, BHP dot.

85
00:08:03,860 --> 00:08:11,570
The original file is a BHP file, but it is a hide or hidden inside would be defined.

86
00:08:12,170 --> 00:08:16,190
So this is how these viruses play an important role.

87
00:08:16,640 --> 00:08:24,470
And as a security student, you must be able to distinguish between these viruses if you have interest.

88
00:08:25,190 --> 00:08:31,190
We have provided some links so that you can go to those links or then you can go on Google and search

89
00:08:31,190 --> 00:08:32,660
for these types of viruses.

90
00:08:33,080 --> 00:08:35,620
What are the virus detection methods now?

91
00:08:35,630 --> 00:08:43,040
In order to identify which virus is has been affecting the system, it is important to detect those

92
00:08:43,250 --> 00:08:43,990
viruses.

93
00:08:44,570 --> 00:08:47,450
There are five steps in detecting notice.

94
00:08:47,870 --> 00:08:49,370
The first is scanning.

95
00:08:50,330 --> 00:08:56,480
Once the virus has been detected, it is possible to write scanning programs that look for signature

96
00:08:56,490 --> 00:09:03,650
screen characteristics, the virus, the nexted integrity, checking integrity, checking products,

97
00:09:03,680 --> 00:09:05,900
work by reading the entire disk.

98
00:09:06,350 --> 00:09:09,760
Recording Integrity Data then acts as a signature.

99
00:09:10,760 --> 00:09:17,540
Next is Interception The Intercept to monitors the operating system requests that are written to the

100
00:09:17,540 --> 00:09:24,410
disk code execution or code emulation encoding techniques.

101
00:09:24,590 --> 00:09:32,900
The antivirus executes the malicious code inside a virtual machine to simulate the CPU and memory activities.

102
00:09:33,170 --> 00:09:38,580
Therefore, from this, the antivirus software on the company was launched.

103
00:09:38,610 --> 00:09:43,100
The antivirus can get an idea of how the virus works.

104
00:09:43,340 --> 00:09:45,680
Basically the reverse engineering task.

105
00:09:46,500 --> 00:09:49,070
The last one is juristic analysis.

106
00:09:49,520 --> 00:09:54,290
Juristic analysis can be static or dynamic in static analysis.

107
00:09:54,590 --> 00:10:02,990
The antivirus analyzes the file format and chord structure to determine if the code is worded in the

108
00:10:02,990 --> 00:10:09,200
next lecture, which is going to be the last lecture of malware that we will see how to defend against

109
00:10:09,410 --> 00:10:10,220
these attacks.