J1uUTLTK

1Malware 
2what is ?
3mal + ware = malicious software
4designed to infiltirate and damage computers without the user consent. 
5the term malware encompasses all the diff. types of threats to your computer such as :
6viruses, spywares , worms ,trojans etc.
7
8Purpose of Malware !!
9why do we need malware ? why were they created at first place ?
10> to do things without user's permission 
11> to Steal files 
12> to steal stored passwords 
13> to hijack into computer
14> to hijack core computing functions
15> to monitor the activity of the user
16> to delete sensitive personal data
17> to encrypt sensitive data 
18> to extort money
19 
20Types of Malwares :
21
221. Virus: vital info resource under sieze 
23	disrupts the normal functionality of computer 
24
25	they are genearlly masked with executable files (i.e attached to exe files)
26	the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious program.
27	Normally, the host program keeps functioning after it is infected by the virus.
28	although they can not replicate themselves outside the network . but has the ability to replicate and attach itself to other files locally 
29 	Viruses spread when the software or document they are attached to is transferred from one computer to another using the network,
30	 a disk, file sharing, or infected email attachments.
31	
322. Worm: 
33similar to viruses , replicate itself outside the n/w as well	
34self replicating without host program and spreads without any human interaction or directives from the malware authors.
35worms are standalone software and do not require a host program or human help to propagate
36A worm enters a computer through a vulnerability in the system and takes advantage of 
37file-transport or information-transport features on the system, allowing it to travel unaided
38
393. Trojan 
40malicious s/w represents as valid 
41> A Trojan is another type of malware named after the wooden horse that the Greeks used to infiltrate Troy. 
42> It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. 
43> After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops)
44 to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). 
45> Trojans are also known to create backdoors to give malicious users access to the system. 
46> Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. 
47> Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
48
494. Spyware
50Software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer's consent,
51 or that asserts control over a device without the consumer's knowledge.
52
535. Ransomware
54kind of malware that is used to extort money by infecting the user.
55it encrypt all the files on a user's system using a strong encryption algoritham. Then demands for ranson to issue a decrypting key to retrieve / decrypt the user data .
56
576. Rootkit
58Programs that hide the existence of malware by intercepting (i.e., "Hooking") and modifying operating system API calls that supply system information. 
59Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower to include a hypervisor, master boot record, or the system firmware.
60 Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components.
61 Rootkits have been seen for Windows, Linux, and Mac OS X systems.
62
637. keyloggers 
64special kind of Spyware 
65The action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. 
66Data can then be retrieved by the person operating the logging program. A keylogger can be either software or hardware
67-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
68
69What are shells?
70Shell can simply be described as a piece of code or program which can be used to gain code or command execution on a device (like servers, mobile phones, etc.).
71
72Types of shells
731.	Reverse shell
742.	Bind shell
75
76Reverse shell
77A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved.
78 
79Figure 1: Reverse TCP shell
80
81
82Bind shell
83Bind shell is a type of shell in which the target machine opens up a communication port or a listener on the victim machine and waits for an incoming connection. 
84The attacker then connects to the victim machine’s listener which then leads to code or command execution on the server.
85 
86Figure 2: Bind TCP shell
87There are a number of popular shell files. To name a few: Reverse TCP Meterpreter, C99 PHP web shell, JSP web shell, Netcat, etc.
88 One thing which is common between all these shells is that they all communicate over a TCP protocol.
89-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------