The different types of malware threats are described in terms of their threat potential and characteristics such as how they spread through a network.
- [Instructor] Before we start exploring response strategies I wanted to establish some baseline understanding about what you may be dealing with. Malware comes in several different forms and functions, ranging from moderately annoying to really dangerous. First, adware. Adware is ignored by most anti-malware applications because it generally doesn't harm the operating system or your data. It annoys the user by occupying their screen and the internet browsing time with advertising.
So much, that the advertising takes resources away from what you want the computer to do. And then there's spyware, which started out as a companion to adware, harvesting information about your web browsing habits to sell to advertisers. Eventually, it became more nefarious as the people writing them realized they could use the same engine to harvest information more valuable than browsing patterns. Spyware then became a vehicle for identity theft. What has traditionally been known as a computer virus is rarely discussed anymore.
This type of malware infects a program on your computer so that its payload or its destructive code is released whenever you run that program. There may have been some nasty viruses over the years, but because they rely on users to launch the infected program, they're easy for anti-malware to find and remove. Worms, on the other hand, were a nasty step in the evolution of malware. The software we call worms will do two things that emulate mother nature's worms.
First, they eat their way through to undermine the stability of your computer. This means loss of data and damaged operating systems. The second thing they do is self-replicate. Computer worms spread very quickly as they exploit vulnerabilities in the host operating system to copy themselves to as many nearby computers as they can. Worms have been known to spread across the world in a matter of hours. Another common delivery vehicle is the Trojan or Trojan horse.
Just as the Greeks used this decoy to attack Troy from the inside, a Trojan horse will be an attachment or web download that looks harmless or even attractive until it's attacking you from the inside. Different sources will describe Trojans differently because the internal attack can take on many forms. What makes a malware a Trojan horse is not the specific attack, but how it got on your system. Ransomware is another class altogether.
The app limits access to some part of your system and then tells you there's a way to pay to get it back. This has taken three different forms so far. The first ransomware masqueraded as antivirus software falsely reporting problems that they could fix if you bought their product. Later, we began to see what appeared to be accusations of illegal behavior that would be resolved if you paid a fine or a fee. More recently, WannaCrypt became more bold as it rendered common document types useless and demanded a ransom payment to restore access to these files, a ransom that increased in value if the user did not pay quickly enough.
And there are other annoyances known as bloatware or crapware and these are not considered malware, because these applications don't alter the functionality of the computer other than to just bog it down with junk. These usually appear as passengers on other downloads. Downloads that you didn't realize had brought along so many friends. Because spyware and adware behave differently than viruses and other types of malware, some of the methods discussed in this course may be helpful, but more targeted strategies would be necessary.
Moving forward, we're going to be focusing on ransomware, but the strategies presented can be applied to various types of viruses, worms, and Trojans as well.
- Determine whether worms or viruses are a bigger problem.
- Describe the fundamental characteristic of ransomware.
- Recognize the first step in stopping the spread of a network problem.
- Explain the key benefit of stopping processes in active memory.
- Name a benefit of using WSUS for updates.