attackers know that a great deal of sensitive information is put into your computer using the keyboard so this would be a great place to perform key logging and capture every keystroke that you make when you're typing something into your PC this might include all of the website URLs you visit it could be passwords and usernames it might be credit card information and other Financial details and anything else that you might type into your system key logging malware will stay resonant on your system it will capture all of these keystrokes to a file and usually once or more times a day that file will be sent to the attackers so they now have a record of everything you typed into your computer we often talk about protecting the data sent across our Network by using encryption or vpns sometimes we'll discuss storing files in encrypted form using full disk encryption or single file encryption but the attackers know that if you're typing something into the keyboard that process is not encrypted that's a perfect place to capture your username and password or your credit card number this key longing software can do a lot more than simply capture your keystrokes they can be used to capture the information that you store in a clipboard maybe they take screenshots of what you have on your screen at any particular time and store that information there may be instant messages or chats that can be stored as part of the key logger and maybe anything that you search in a search engine query can all be logged stored and sent to an attacker with this key logging software W this is keylogging software that's included with a utility called Dark Comet a dark comet is a rat or a remote access trojen it's malicious software that an attacker can use to capture your keystrokes screenshots and other information from your computer on the left side is a notepad where I typed in username Professor Messer and a password of not a real password and then I show you the key logger on the right side that has captured all of this information it captured what I typed typed when I typed it it even recognized when I put in a space and then used a delete key so that I can make that all one single word the key logger captures everything stores it in a file and that file is occasionally sent to the attacker another type of malicious software is a logic bomb a logic bomb is waiting for a particular event to occur and when that event occurs the bomb is then detonated on that system this might be waiting for a particular date and time and when that date and time arrives IES the system then reboots erases data or makes changes to that system or this may be something related to what the user is doing maybe we're waiting for a particular user to log in and as soon as that user logs in the bomb then executes logic bombs are usually something created by an in user or created by someone who has a particular goal in mind and because of that it's not malware that we've seen run on another system so there generally is not an antivirus or anti-malware signature associated with a logic bomb this makes a logic bomb very difficult to identify but there are monitoring tools that you can put into a system to look at Key files and make sure that no one has modified or changed anything associated with those critical operating system files an example of a logic bomb creating a problem for an organization occurred on March 19th of 2013 in South Korea a malicious email was sent to Banks and broadcasting companies that had an attachment and if that attachment was run it installed a Trojan onto user's computer a day later on March the 20th of 2013 at 2 p.m. local time the logic bomb activated based on that time of day when it activated it deleted everything that was in storage and the master boot record of the system where the Trojan was installed the system was then rebooted but of course the operating system had just been deleted so when the system started up again there was no operating system to start because the this Trojan was sent to a bank a number of the systems within the bank were affected by this logic bomb but perhaps none more important than the automatic teller machines associated with the bank these were also infected by this logic bomb and on March 20th at 2m. local time all of the ATMs were deleted and also rebooted to no operating system on those ATMs if you tried to use the ATM after the system was rebooted you saw a message that said boot device not found please install an operating system on your hard disk as I mentioned earlier it's difficult to identify where a logic bomb may have been installed because there are no known signatures that you can use to try to identify them there are things you can do within the normal processes and procedures of your organization for example you may have a series of processes and procedures that limits the change of any core operating system files and you may set up monitoring that can identify when any of these files may have been changed which might give you a heads up that something has been modified that could be a logic bomb this is also another good idea to perform constant monitoring to make sure that every user in your organization only has the rights and permissions necessary for that user to do their job the days of having everyone run as administrator rights are over primarily because of the security concerns that can be based around that issue and certainly because someone with additional rights and permissions could easily install a logic bomb another security concern you may have heard of is a rootkit the name root in rootkit comes from the Unix Superuser of root very similar to the administrator that would be in a Windows environment a rootkit generally hides itself in the kernel of the operating system this makes it part of the OS itself which means it's very difficult to identify this rootkit with traditional antivirus or antimalware software when the rootkit is running it's running as part of the operating system so you probably won't see it listed if you tried to list out all of the tasks or processes on this particular computer instead it simply is part of the OS and anything the operating system is doing will include the malicious code that's part of this rootkit and since this rootkit is effectively invisible to your anti virus or antimalware software it has full run of your computer not all rootkits are part of the kernel and if they are running as a traditional process in your operating system you still might be able to identify with antimalware software if you believe your system has been infected with a specific type of rootkit there are a number of Standalone rootkit removal tools that are specific to different root kit variants obviously this is something you would use after you would become infected so it may not prevent the root kit from causing problems but it may be able to remove the root kit so you can perform some type of mitigation of your personal files in order to combat these root kits we've created processes within the uifi bio called secure boot secure boot will look for an operating system signature and confirm that nothing has changed with the kernel of that operating system before the system is booted this means that even if the root kit does manage to get installed your system will stop this root kit from running when it boots up and effectively preventing that root kit from causing any additional problems on your system