It is highly recommended you watch the Windows Performance Toolkit Spyware Detection courses. The malware analyzed in this course was originally written for those courses but it has now transformed into a nasty beast. This malware can automatically turn on your webcam, take screen shots of your desktop, record audio from any microphone and record everything you type on your keyboard. Knowing what a multithreaded application is will go a long way during our source code discussions.
- [Instructor] If you have access to the exercise files for this course, you can download them to your desktop. The data collection files we analyze in this course are included for each video. The files come zipped. Inside this folder is the file we analyze. There's also this NGENPDB folder. These are the symbols for the collection so that you can see the function names. To get the most out of this course, I encourage you to follow along with the files I have provided. Now if you don't have access to the exercise files, that's okay, you can still follow along to see how this malware works and how to detect it.
- Analyzing malware
- Reviewing the overall structure of the malware
- Collecting malware data
- Finding and analyzing keylogger patterns
- Analyzing screen recordings
- Analyzing webcam recordings
- Analyzing microphone recordings
- Recording prevention tips