Malware

Learning outcomes:

• Explain the characteristics of the different types of malware
• Discuss what a vulnerability is and why they are dangerous
• Describe various attack vectors such as viruses, worms, and social engineering
• Analyze protection methods and their likely effectiveness

Would you like to download my PowerPoint to follow along?

• Malware
• Ransomware (US Government site on how to stop Ransomware
• Zombies
• Why people make malware in general
• Malware Types
• Viruses
• Must be run to infect the system
• Email attachments
• Social media links
• Unknown shortened links (bit.ly)
• Example: Shlayer Virus
• Worms
• Come looking for you
• Self replicating
• Example: Conficker worm
• Trojans
• Malware embedded in legitimate programs
• Free software
• Pirated Content
• Example: Rakhni Miner
• Root Kits
• Malware that gets deeper into the system then most programs
• Can mask the intrusion
• Got root?
• Example: Rootkit Examples (2023): The 10 Worst Attacks of All Time
• Anti-virus Software (AV)
• Databases (fingerprinting)
• Behavioral diagnostics
• Micro-virtualization
• How to remove Malware according to the FTC
• Honey Pots
• What is a honeypot
• Example:
• GitHub: Honeypots
• Cowrie Honeypot Analysis
• Email
• Chain mail
• Embedded links
• Spam
• Phishing(more on this in Social Engineering)
• How to avoid email scams by CISA
• Websites and Spoofing
• Phishing
• Fake URLs
• Scareware
• Bad Ads
• Social Media and fake news
• Viral news stories
• Fact checking
• Trust and the internet
• Vulnerability: Software Updates
• What happens if you don't update
• What happens if you do
• Does everything still run?
• Was the update legitimate?
• Vulnerability: Zero Day exploits
• Window of vulnerability
• Zeroday emergency response team (ZERT)
• Non vendor patches
• Selling zeroday exploits
• Ethics!
• Vlnerability: Hardware and Networking
• Printers
• Switches
• Routers
• Vulnerability: People

Suggested Activities and Discussion Topics:

• Malware Identification Challenge: Divide into small groups of 3-4 or pairs. Discuss and identify the type of malware you believe is described in each of the scenarios. Remember to briefly explain your reasoning. Scenarios:
• A friend sent you an email attachment, and after opening it, your computer started behaving strangely.
• You downloaded a free software program from an untrusted website, and now your computer displays pop-up ads even when you're not online
• Your computer's antivirus software detected a file named 'virus.exe' in your downloads folder
• Research and write a short report on a specific type of malware, its history, and preventive measures against it. Remember to use the CRAP\CRAAP test
• Discussion suggestion: Malware, short for 'malicious software,' comes in many forms and can have a wide range of impacts on individuals and organizations. In your opinion, what do you believe is the most dangerous type of malware and why? Consider factors such as its potential for spreading, the extent of damage it can cause, and the difficulty of detection and removal. Share your thoughts and discuss
• Follow the instructions on this PDF (accessible HTML version)

Would you like to see some more classes? Click here