NCTxYsvc

1Malware 
2what is ?
3mal + ware = malicious software
4
5designed to infiltirate and damage computers without the user consent. 
6the term malware encompasses all the diff. types of threats to your computer such as :
7viruses, spywares , worms ,trojans etc.
8
9Purpose of Malware !!
10why do we need malware ? why were they created at first place ?
11> to do things without user's permission 
12> to Steal files 
13> to steal stored passwords 
14> to hijack into computer
15> to hijack core computing functions
16> to monitor the activity of the user
17> to delete sensitive personal data
18> to encrypt sensitive data 
19> to extort money
20 
21Types of Malwares :
22
231. Virus: vital info resource under sieze 
24	disrupts the normal functionality of computer 
25
26	they are genearlly masked with executable files (i.e attached to exe files)
27	the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious program.
28	Normally, the host program keeps functioning after it is infected by the virus.
29	although they can not replicate themselves outside the network . but has the ability to replicate and attach itself to other files locally 
30 	Viruses spread when the software or document they are attached to is transferred from one computer to another using the network,
31	 a disk, file sharing, or infected email attachments.
32	
332. Worm: 
34similar to viruses , replicate itself outside the n/w as well	
35self replicating without host program and spreads without any human interaction or directives from the malware authors.
36worms are standalone software and do not require a host program or human help to propagate
37A worm enters a computer through a vulnerability in the system and takes advantage of 
38file-transport or information-transport features on the system, allowing it to travel unaided
39
40stuxnet :::::::::::::    	https://www.youtube.com/watch?v=TGGxqjpka-U
41
423. Trojan 
43malicious s/w represents as valid 
44> A Trojan is another type of malware named after the wooden horse that the Greeks used to infiltrate Troy. 
45> It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. 
46> After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops)
47 to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). 
48> Trojans are also known to create backdoors to give malicious users access to the system. 
49> Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. 
50> Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
51
524. Spyware
53Software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer's consent,
54 or that asserts control over a device without the consumer's knowledge.
55
565. Ransomware
57kind of malware that is used to extort money by infecting the user.
58it encrypt all the files on a user's system using a strong encryption algoritham. Then demands for ranson to issue a decrypting key to retrieve / decrypt the user data .
59
606. Rootkit
61Programs that hide the existence of malware by intercepting (i.e., "Hooking") and modifying operating system API calls that supply system information. 
62Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower to include a hypervisor, master boot record, or the system firmware.
63 Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components.
64 Rootkits have been seen for Windows, Linux, and Mac OS X systems.
65
667. keyloggers 
67special kind of Spyware 
68The action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. 
69Data can then be retrieved by the person operating the logging program. A keylogger can be either software or hardware
70-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
71
72What are shells?
73Shell can simply be described as a piece of code or program which can be used to gain code or command execution on a device (like servers, mobile phones, etc.).
74
75Types of shells
761.	Reverse shell
772.	Bind shell
78
79Reverse shell
80A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved.
81 
82Figure 1: Reverse TCP shell
83
84
85Bind shell
86Bind shell is a type of shell in which the target machine opens up a communication port or a listener on the victim machine and waits for an incoming connection. 
87The attacker then connects to the victim machine’s listener which then leads to code or command execution on the server.
88 
89Figure 2: Bind TCP shell
90There are a number of popular shell files. To name a few: Reverse TCP Meterpreter, C99 PHP web shell, JSP web shell, Netcat, etc.
91 One thing which is common between all these shells is that they all communicate over a TCP protocol.
92-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
93
94Creating Malware 
95RAT: Remote Administration tool 
96Dark Comet Example