malewarethreat

what is malware
trojen
toojen infection 
worms?
botnets

virus :human assitant
worms:no human assitant
rootkit::modify the os to hide
trojen:hidden inside file

BackDoor::
easter egg
logic bomb

what is trojen
spyware
keylogger etc executable code
disable firewall
replace/delete os files
disaple antivirus
add botnat
how trojen communicte and hide

overt chennel
which we people know like mp3,png etc
covert chennel 
which are hidden like website 

trojens running ports;;
2 death
80 executer
21 balde runner
1095 rat
2023 ripper
etc..

port listen:commnicate with another system

in windows::
 netstate /?(like help)
 netstate -ab|more
 netstate -aon |more
 above 2000 PID consuint more spaces
 
 clues 
 ctr+alt+del not working
 random starts
 antivirus not working disable u cant enable
 task bar disabled
 in search we get different websites
 mouse key reverse
 hidden behind legimate software
 
 infections::
 create your monster
 byusing trojen horse
 or either write some illegimate scripts
 
 
 create trojen
easy way to getting into computer
phical access,via emial.fate applicatons
torrent
freeware
VNC
shrink wrapped

evading anti virus::
changing checksum

write your trojen
msfvenom in kali linux



top 10 list of trojen:::
like beast
super dale
notification trojen
proxy server trojen(victim server to trojen)
FTP server trojen(uses port 21) full access of system
VNC Virtual network computing, 
http/https trojen uses port 43/443(traffic convert into base64)
command shell common netcat(inbound and outbound connection create)
documment trojen(transmit via mail)
Email trojen
number one ::RAT (remote access trojen)(example back orifice,netbus)


Demo of Beast::

Virus::
virus execute every time os boots
application launch activity virus
it can tranismit via communcation media like extra peripherial drives


worms::
copy itself and spread ourself into system
doesnt require human interaction denial of server attack
example::: sql slammer based on prove of concept (slow down internet traffic/router crashed)


type of virus and worms::
file virus 
cluster virus (modify entry set)
boot sector virus()
micro virus (micro in excel. transimit via email)
polymorphic (changing insertation order,rewrite itself)
metamorphic
cavity(file overriding,override host files)
encryption virus
camoflus(copy of exe file)
shell virus
file extension
tunneling


Life cycle of malware::
creation
replication
discovery (detection)
resolution
purging

in circle order clock vice

set pharse
infection phase
replication
needs an event
setup
startup
TSR
attack phase 
corruption
delete

dns poisning
web server hacking
click jacking
Search engine optimization

emial headers::
hoax-slayer.com

malware detection::

create worms and malware::
tools::
easy shamasy
terabit virus maker
IWMT

investegation::
ship dip
doing in virtualization
quarantine the network
disable share folder

tools for investgation::


copy malware
Bin text(product collect string values into binary files)
UPX (collect compress method)

hard to port::
wireshark,
sysinternals
process explorer

debug stuff::
autorun
IDA Pro


online malware testing
virustotal.com
malwareprotectioncenter

tools::
tcpview
autoruns
driverview
SFC(system file checker tools)

virus discovery methods::
scanning

antivirus (checking signature string in database)
code analysis
integrity checking
tripwire
interceptors
levels:
antivirus
plgin for sql ,exchange
create policy for companey(policy for antivirus,malware)
watch download
update software
attachment issues
what's source
KEEP INFORMED
scan system daily
check media
popups
chat files
firewall and UAC


server
physical side