Name: Complex Malware Attacks
Uploaded: 2023-03-20T14:40:17Z
Duration: 12 min 47 s
Description: After completing this video, you will be able to recognize additional, more complex malware attack types like fileless viruses, command and control bots, and crypto malware.

Strong cybersecurity practices are essential to every organization, be it a school, hospital, or company. These videos review common cybersecurity strategies, as well as common threats and how to identify them.

Cybersecurity

After completing this video, you will be able to recognize additional, more complex malware attack types like fileless viruses, command and control bots, and crypto malware.

Complex Malware Attacks

In this lesson, we're going to step it up a bit and look at some more advanced or complex types of malware. Some of these we've already mentioned and some of these can be common, but we're going to put them in this category. Most malware attacks that we see today are more complex. They're "multi-phased" so they go through a kill-chain on a system, for example, several steps. They're "Stealthy" so they can evade different types of anti-virus systems. Even those that, even the ones that use heuristic systems. They can evade, they can change their nature. They're "Polymorphic", they can encrypt certain files. They can run in memory only. And we'll be looking at of those "Fileless viruses" here.

So this is the list "Rootkits", "Backdoors", "Fileless or memory only viruses", "Botnets", which are the most common type of distributed denial of service attack "Crypto malware", which includes ransomware "Logic bombs", which I mentioned in the previous lesson, "Stegomalware", "Polymorphic packers", "Multipartite viruses" and some "Emerging variants" that you might want to be aware of by using different web sites like Sands dot org and they're at risk or other vendors updates through e-mail, texting through other types of bulletins.

A rootkit is a category of malicious software where the goal is to advance administrative level or root level control over a system, "Rootkits" are modules that are placed in unauthorized areas to do things like access data, monitor different actions, escalate privileges or elevate privileges, modify programs or code or even the registry in windows or configuration files in Linux and then conduct further exploits.

The term rootkit, by the way, is a combination of root, which represents the root user in a Unix or Linux system or administrator in a Windows system and KIT, which is a software malware tool kit. These can be difficult to detect because they're initiated often before the operating system is fully loaded into memory or fully booted so it can target the BIOS or the UEFI, the bootloader system files. They can install hidden files, hidden processes, they can run processes beneath the surface and even install hidden user accounts. And because rootkits can be installed in firmware software, they have the ability to intercept data from network connections, keyboard input or output and other peripherals.

Next, we have "Backdoors". you can see in the diagram here, you get access through a backdoor, create a session and then compromise the machine. "Backdoors" are considered Trojan programs and they're most often masqueraded as some actual real program like a game or a device driver or a patch. That's why it's so important to digitally sign all of your code. A backdoor can be closely related to the results of a botnet attack because it can attack more than one system.

Typically, it generates a covert channel back to a command and control server or a C2 server or another member of a botnet. The remote attacker, once the machine is compromised, can control the system. These are also becoming more common on mobile devices. Some "Backdoor exploits" include collecting system and personal data from the system and even attached storage devices like FireWire drives. Perform denial of service attacks on other systems.

That's part of a distributed denial of service and botnet. They can run and terminate tasks and processes typically in the background without the user knowledge. They can connect to other servers or other members of the botnet and download additional files for a multi-phased attack.

Often those files are encrypted and are actually decrypted by the backdoor code. They can upload files in other content. They had the ability to audit the systems status and gather information, and the information that's gathered can be used to elevator escalate privileges or part of the kill -chain of a more advanced persistent threat coming later. They can open remote command line shells on Windows and Linux systems that can modify computer settings like the registry or configuration files, and they can even shut down or restart systems.

One of the more emerging types of viruses are viruses that run only resident in memory. These are called "FiIleless Viruses". They operate in memory without being stored in a file or installed directly on a machine Fileless viruses or memory only viruses will go directly into memory addresses in RAM and the malicious content actually never reaches a hard drive. This is an evolutionary strain of malicious software and this is one of the key categories that anti-virus vendors and anti-malware vendors are dealing with right now.

That's why they're using more advanced systems like machine learning and A.I. to discover these fileless viruses. They have a tendency to target high value systems like banks and brokerage firms, telecommunications companies and government agencies. Couple of examples would be Frodo and Dark Avenger. We've mentioned "Bots and Botnets", quite a few times already, but let's officially learn what they are.

Bots are the most common form of a distributed denial of service attack today. The robot network or the botnet consists of a zombie computer, one that's been infected and a master command and control C&C or C2 server to remotely control victims. And many victims are unaware that they're actually part of the botnet or have been infected with the robot malware.

The communication historically occurs over Internet Relay Chat (IRC) but more often than that, we're seeing malware create encrypted channels to do covert activities with other bots on the network, bot-centric peer to peer networks and even social media like Twitter, have been victims of botnets.

Bots can exploit trade data, they can do keystroke logging. They can scan your memory for intellectual property or personal identifiable information or identity theft. They can even force a system to participate in mining cyber currency and more. A botnet typically operates this way. The botnet operator will infect computers by sending the malicious bot malware. Again, that can be a Trojan, it can be a drive-by malware from a Web site. It can be through a phishing attack. Lots of different attack vectors.

The malicious bot is self-propagating malware like a worm that infects the hosts and then connects back to their command and control server, much like a remote access Trojan. In addition to its worm like abilities to self propagate, it also can log keystrokes and do a lot of other things that we just mentioned. Once the bot infects the host, it will connect back to the C2 server and wait for commands. Once the command and control server has that channel maybe through IRS or through a web site, it will then send instructions to each bot in the botnet to execute actions.

When the infected hosts, known as zombies, receive the instructions, they begin doing their nefarious activities. For example, exfiltrating data, sending it back to the C2 server, which can be sold on the dark web. We've already talked about "Crypto Malware" because ransomware is a common form of crypto malware. But technically, it's an advanced and evolving form of ransomware that encrypts a user's files and demands ransom.

Sophisticated cryptomalware uses advanced encryption mechanisms so files can't be decrypted without a unique key. What we're looking at here is a crypto locker infection chain. [Video description begins] On the screen there is a linear diagram of the steps that a crypto malware follows to encrypt a user's files. [Video description ends]

The user receives spam with a malicious attachment or it's part of a phishing attack, spearfishing, whaling or watering hole. The malicious attachment, which is usually a variant of the ransomware downloads another variant. In this example, the ZBOT variant exhibits several routines, including downloading a CRILOCK variant. The CRILOCK variant encrypts files to force users to purchase the private encryption key.

What makes crypto malware and the new sophisticated forms different than just run-of-the-mill ransomware is its ability to have polymorphic variants that are being used and running, often changing their behavior during the lifecycle of the kill chain. A logic bomb triggers the exploit or malware when a certain event occurs.

For example, when a mouse moves, when a file is accessed or a program is run. A logic bomb could detonate at a certain date or timestamp. It can go off when a program is executed or the number of times a code is run. A logic bomb can wait to go off during a major event like the World Cup or the Super Bowl or on a holiday. Even if you identify the logic bomb after it detonates, it's often too late to salvage the corrupted data or undo the damage done.

So, it's a good idea to have good backups of all your valuable data and maintain adequate updated anti-virus and anti-malware protection not just on the endpoints, but across your network enterprise. "Stegomalware" is based on steganography. Steganography can be broadly defined as anything done by a cracker to hide data in an unexpected channel. Now, even though it can involve an encryption key, it's technically not encrypting the data. It's hiding it inside of other files. So, for example, a JPEG picture of a dog playing with bubbles might actually contain destructive malware.

Recently, a dangerous banking remote access trojan has hidden its settings in the icon file of a web site. That's an example of stegomalware. And many stegomalware hosting sites are buried deep in the Tor or the Onion Router Network. Common tools are "Steghide", "rSteg" and "Chrypture". Keep in mind, if you use a tool like "Steghide" to actually hide the files and create the stego solution or stegomalware, you need to use the same tool to reverse the process. "Polymorphic packers" are malware variants that have the ability to change and move in stages.

For example, starting out in RAM memory and then moving into compressed RAR files deep in the file system, once an event occurs. Polymorphism is used in email attacks and drive-by exploits. They're also in advanced persistent threats once the cracker has a foothold to a remote access Trojan or a rootkit. Polymorphic packers are tools that bundle up different types of malware into a single package or module. This can be loaded into an email attachment or drive-by malware from a web site.

Finally, we have "Multipartite viruses". This is also known as "multipart virus or multipart malware". It's a combination of file and boot/system infector viruses. A file infector virus attacks the executable files with the .exe and .com extensions. So, when you execute the infected file, the virus attaches itself to other program files. A boot sector or system and effector will plant itself in the system's boot sector and infect the master boot record. This virus is activated when you boot up the system. So multipartite means simultaneously attacking the boot sector and executable files or other areas of the system or application.

Join us for an assortment of livestreams where we cover topics such as interview prep, introductions to programming languages, project walkthroughs  — and so much more!

All Livestreams

There is a lot of excitement around AI, but what is it and how could it be relevant to your career? Watch these videos to learn the basics of AI and Machine Learning.

Artificial Intelligence

Augmented reality is alive and well. Learn how to make your first AR experience using the popular web framework A-Frame — with guidance from our Curriculum Developers.

Augmented Reality

Learn how to build a Web Dev Portfolio with Codecademy.

Building a Web Dev Portfolio

No matter what your coding goals are, the best place to start is by building a strong foundation. In this live series, we learn Computer Science fundamentals that are similar to content you’d see in a first-semester CS101 college course.

CS101

Cloud computing and its related services have unlocked seemingly endless possibilities for organizations with an online presence. These videos give an overview of what cloud computing is and what business considerations are made when adopting cloud tools.

Cloud Computing

Welcome to the Community Club & Study Group Events playlist, which are hosted by our incredible Club Captains. This collection features a series of engaging and informative events hosted by our dedicated Club Captains from around the globe. Whether you're interested in Web Development, Python programming, or simply want to connect with tech enthusiasts from different cities, this playlist has something for everyone.

Explore sessions from vibrant cities like Seoul and New York City, where our Club Captains share their expertise and insights on a variety of topics. Each event is designed to help you expand your knowledge, enhance your skills, and connect with a community of like-minded individuals.

Join us as we dive into the world of technology, learn from industry experts, and get inspired by the innovative projects and discussions led by our passionate Club Captains. Don't forget to subscribe and hit the notification bell to stay updated on the latest events and content!

Happy learning and coding!

Community Club & Study Group Events

A playlist of Quick Tip videos for Codecademy Chapter Leaders.

Community: Chapter Leader Quick Tips

Join our Chapters for live conversations on various topics — including NFT art and how to break into a technical field.

Community: Chapters

We think that connecting with other learners is the best way to learn. Explore some of our past community-led events here!

Community: Events

Hackathons are a great way to test your knowledge and flex your skills. Check out our hackathon presentations here.

Community: Hackathon

Explore the world of creative coding with p5.js, an open-source JavaScript library. We'll create drawings, animations, and video sculptures in this beginner-friendly series.

Creative Coding with p5.js

Companies can collect vast amounts of data and struggle to properly use it. Data Analytics is used to interpret and communicate relevant patterns of data for a business. These videos explore how companies utilize data analytics, and current popular tools.

Data Analytics

Data Science is used in a variety of ways to help businesses make decisions. In these videos we explore data science best practices, considerations for what tools to use, and the basics of machine learning.

Data Science

How data is presented can be as important as how it is collected. These videos explore foundational strategies and best practices to ensure that your data visualizations are meaningful and accurate.

Data Visualization

There are a lot of terms and acronyms in the world of programming. Explore the definitions of common terms used in popular languages and frameworks.

Definitions

DevOps is a series of practices that fosters a culture of collaboration between the Development and Operations team in software development. This playlist explores the benefits of DevOps, and how it is practiced in organizations.

DevOps

An understanding of Github and Git commands is essential for anyone looking to work in a collaborative software development space. These videos explore the features of Git, as well as branching and merging, two of the most important skills for collaborating on Github.

Developer Tools

HTML and CSS lie at the heart of web development. We explore some of their uses with these tutorials and explainers.

HTML & CSS

Preparing for a career in a technical field? Check out these interview tips — including advice on building a portfolio and showcasing your skills.

Interview Prep

Emojicode is a real programming language with a playful emoji syntax in place of traditional programming keywords. Learning it can bring some smiles and fun to your programming journey. Join us for an introduction to this silly language.

Intro to Emojicode

TypeScript builds on your JavaScript foundation so you can develop higher-quality, less error-prone code faster. Learn more about this in-demand language as Codecademy Curriculum Developers guide us through an introduction.

Intro to TypeScript

JavaScript has many functionalities, from web development to gaming applications. We break down the programming language and explain how it works with these tutorials.

JavaScript

From Product Manager to Data Scientist, we take a look at different careers in tech and what these roles entail.

Jobs in Coding

Experience a full day of learning to code with interactive instruction and guided discussions by the Curriculum team at Codecademy.

Learn From Home Day

Learn UI/UX

See how people around the world are reshaping their lives by learning to code.

Learner Stories

Linear regression is a fundamental machine learning algorithm used for predictive modeling and data analysis. Learn more about it as Codecademy Curriculum Developers guide you through our course: Linear Regression in Python

Linear Regression with Python

Machine learning is one of the fastest expanding fields in tech, with applications in all parts of life. Watch these videos to learn the basics of Machine Learning.

Machine Learning

Almost everything we do creates data, and knowing how to investigate and communicate it is key. Our Curriculum Developers show us how to summarize data and run hypothesis tests following our Skill Path: Master Statistics with Python.

Master Stats with Python

Mobile development is a massive field with a variety of unique tools. These videos explore two essential tools for mobile developers, the Android operating system and Flutter software development kit.

Mobile Development

Official Codecademy Events

Whether you’re solving for skill gaps, building a more innovative and resourceful team, or aiming to onboard quickly, Codecademy Teams helps your whole company build the right tech and professional skills to quickly adapt to industry shifts and meet changing business needs.

Product Demos

Since its release in 1994, Python stands tall as many developers’ favorite programming language. Explore its many capabilities with these livestreams and tutorials.

Python

The R language is a popular tool for Data Analysts. Learn more about this free, open-source programming language with these livestreams.

We asked recruiters in our community to share advice for people navigating the job-hunting process — from tips for optimizing your resume to advice on acing the technical interview.

Recruiter Advice

We show you how to get started on your coding projects — from setting up developer tools to pushing your code to GitHub.

Setting Up

Just starting out on your coding journey? We’ve gathered tips for helping you start — including advice on how to choose your first programming language and how to remember everything you’re learning.

Tips

Our Curriculum Developers will lead you on a journey as you go from complete beginner to proficiency with data visualization, using Python. This is a weekly series that will lead you through our entire Visualize Data with Python Skill Path.

Visualize Data with Python

Web Design includes any skills used to create and maintain a website. These videos explore the foundational web design skills of adding styling to a website with CSS and HTML, as well as best practices in responsive web design.

Web Design

Join the millions learning to code with Codecademy.

Welcome to Codecademy

You know all of those app ideas you’ve been wanting to create? Swift and SwiftUI can help you bring them to life for iOS. Learn how to build your very own iPhone app from start to finish in this live series.

Complex Malware Attacks

More videos

Learn more on Codecademy

Introduction to Cybersecurity

Cybersecurity for Business

Resources

Support

Resources

Support

Plans

Community

Subjects

Languages

Career building

Mobile

Mobile