What Malwares Are ?
Types of Malwares.
How do they infect hosts ?
How do they Hide ?
How do they propagate?
How They can be Detected ?
Demo (Real scenario).
3. What is A Malware ?
Malicious Software :
• any software that brings harm to a computer system
which steal protected data, delete documents or add
software without user permission.
• Generally they are stealthy and Invisible.
Virus is a computer program usually hidden within another
seemingly innocuous program that produces copies of itself and
inserts them into other programs or files, and that usually performs
a malicious action (such as destroying data or corrupting the
6. Trojan Horse
Known as "Trojans" , is a type of malware that disguises itself as a
normal file or program to trick users into downloading and
installing malware. A Trojan can give a malicious party remote
access to an infected computer.
It is possible for the attacker to steal data (logins, financial data,
even electronic money), install more malware, modify files,
monitor user activity (screen watching, keylogging, etc), use the
computer in botnets.
Computer worm is a program that replicates itself in order to spread
to other computers. Often, it uses a computer network to spread
itself, relying on security failures on the target computer to access it.
Unlike a computer virus, it does not need to attach itself to an
It doesn't need any user intervention.
Worms often spread by sending mass emails with infected
attachments to users contacts.
Backdoor is a technique in which a system security mechanism is
bypassed undetectably to access a computer or its data. It
exploits undocumented processes in the system's code to
secretly control a program, computer or network, while
attempting to remain undetected.
Some backdoors are placed in the software by the original
consists of 2 components -: the client and its server(s)
A rootkit is a type of software designed to hide the fact that an
operating system has been compromised, sometimes by
replacing vital executable(s). Rootkits allow viruses and malware
to “hide in plain sight” by disguising as necessary files that your
antivirus software will overlook.
An attacker can install it once they've obtained access on the
In other words, rootkits are all about hiding things.
15. How Do They Hide ?
Hiding in plain sight:
• An entry in process list.
• Unknown process name.
• Unexpected Process.
• Process binary at unusual location.
• Process with unexpected user account/privilege.
Hiding deep inside:
• No entry in process list.
• Unexpected library.
• Unusual usage of system resources.
• Re-appearance of some files after deletion.
22. Malware Symptoms:
Computer is running extremely slow (seems like a Virus).
Antivirus and firewall protection is unexpectedly disabled.
Modifications on the Registry
Unwanted toolbars on your web Browser.
Even if you remove them, they might return each time you restart your
Unfamiliar and peculiar error messages.
programs won't run or files won't open.
can't access certain drives on your computer.
Analyze program behavior:
Attempt to delete file
Attempt to modify the boot sector
Running the executable in a VM
File activity & Network TCP/UDP
Detect change by comparing checksum.
Beware of pop-ups!
Have an Anti-virus & Anti-Malware that is up to date.
“It is not possible to build a perfect virus/malware detector “ (Cohen)
Do Not Fear Malwares, Understand how they work!
It’s not just Computer malwares: There’s Mobiles, ATM, POS … Malwares.
Don’t Trust Unknown sources.
Avoid Malwares is easier then removing.