Each type of malware has two defining characteristics: a propagation mechanism that determines how it spreads from system to system, and a payload that delivers malicious content to the infected system. In this video, Mike Chapple explains the types, consequences, and prevention methods for adware, spyware, and ransomware.
- [Instructor] As we talked about in the last video, each type of malware has two defining characteristics, a propagation mechanism, that determines how it spreads from system to system, and a payload that delivers malicious content to infected systems. We spoke about propagation techniques in the last video, now let's take a look at three different types of malware payloads, adware, spyware, and ransomware. We'll begin with adware. Advertising is a very common source of revenue generation online, just as it is on television, in newspapers, and in other media.
Normally, online advertising is quite legitimate. It's a way for people who provide content to generate revenue from that content. But where there's an opportunity to make money, there's also an opportunity for malware. Adware is malware that has the specific purpose of displaying advertisements, but instead of generating revenue for the content owner, adware generates revenue for the malware author. Adware varies based upon the type of mechanism that it uses to display ads to the user. It might redirect search queries to a search engine controlled by the malware author, or the malware author has an affiliate advertising arrangement.
It might display pop-up ads during browsing that the user might blame on the website they're visiting, or it might even replace the legitimate ads and web content with ads that benefit the malware author. Is adware irritating or dangerous? Well, that really depends on what ads are delivered and your perspective. If you're the content author, adware's very dangerous. If you're the end user, it might be a little more innocuous. The second type of payload, is spyware. Spyware is malware that gathers information without the user's knowledge or consent.
It then reports that information back to the malware author who can use it for any type of purpose, it might be identity theft or gaining access to financial accounts, or even in some cases, espionage. Spyware uses many different techniques, keystroke loggers capture every key a user presses, and they might report everything back to the malware author or they might monitor for visits to certain websites and capture the usernames and passwords used to access banks, or other sensitive sites.
Some spyware monitors web browsing. This might be used to later target advertising to that user, or report back on user activity. And finally, some malware actually reaches inside a system and searches the hard drive and cloud storage services used by that user, seeking out sensitive information. It might search for social security numbers or other details that can be useful in identity theft. The third category of malware is ransomware. Ransomware blocks a user's legitimate use of a computer or data until a ransom is paid.
The most common way of doing this is encrypting files with a secret key and then selling that key for ransom. A recent example of that is the CryptoLocker ransomware. CryptoLocker had a major outbreak starting in 2014 and continues to be prevalent today. It usually arrives in a user's inbox as an attachment to an email message. When the user opens that attachment, CryptoLocker encrypts many files on the hard drive, using strong RSA encryption. These might include office documents, images, or CAD drawings, some of the files that are most important to end users.
The decryption key for those files is kept on control server, under the control of the malware author, and the user is given a deadline to pay a ransom of several hundred dollars. The big question when a CryptoLocker infection occurs, is should you pay? Now your first response might be to say, no, you don't want to benefit the malware author. But it's a very difficult question when it's your files that have been encrypted and are no longer accessible. A recent survey showed that over 40% of those infected with CryptoLocker actually did pay the ransom, and an analysis of Bitcoin payments shows that the malware authors have received over 27 million dollars to date.
Fortunately there are things that you can do to prevent malware infections on systems under your control. The top three ways you can prevent malware are installing and keeping current anti-malware software on your systems. Applying security patches promptly. And, educating end users about the dangers of malware. Malware payloads might vary in their specific intent, but they all undermine system security. As a Security+ professional, you'll be expected to protect your organization against all types of malware.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities