Malware | Coconote

Overview

This lecture explains different types of malware, how they infect computers, their impacts, and measures to protect against them.

Malware includes software like viruses, worms, trojan horses, rootkits, spyware, ransomware, and cryptomining malware.
Malware can steal data, encrypt files, display unwanted ads, or allow attackers remote access.
Some malware types self-replicate (viruses, worms), while others disguise themselves as harmless programs (trojans).

Malware exploits vulnerabilities in operating systems or applications to gain access.
Outdated security patches increase risk; keeping systems updated prevents many attacks.
Users can infect their systems by clicking malicious links or downloading infected files.
Some malware, like worms, spread automatically without user action.

Trojans appear to be legitimate software but contain hidden malware.
Trojans often require user interaction to install.
Once installed, trojans can download additional malware or open backdoors for attackers.
Antivirus software may detect and block trojans, but up-to-date threat databases are essential.

Rootkits hide deep within the operating system, often at the kernel level, making detection difficult.
They can evade standard antivirus scans.
Secure Boot (in UEFI BIOS) helps prevent rootkit and boot sector virus infections by verifying operating system integrity.

Viruses are malware that replicates with user action, often spreading via networks or removable drives.
Boot sector viruses infect the boot process and load before the operating system, making them hard to remove.
Secure Boot protects against boot sector viruses.

Spyware monitors user activity, collects browsing habits, and may include keyloggers to capture keystrokes.
Keyloggers record everything typed, including passwords and sensitive information, and send it to attackers.
Spyware is often installed through trojans and can bypass network encryption.

Ransomware encrypts user files and demands payment (usually in cryptocurrency) for decryption keys.
The best recovery is deleting affected files and restoring from a clean backup rather than paying the ransom.

Cryptomining malware uses system resources to mine cryptocurrency for attackers, causing significant performance issues.
Users may notice high CPU usage as a sign of infection.

Malware — malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.
Trojan Horse — malware disguised as legitimate software that tricks users into installing it.
Rootkit — malware that hides deep within the operating system to evade detection.
Virus — self-replicating malware that spreads with user action.
Boot Sector Virus — malware that infects the boot sector, running before the OS loads.
Spyware — software that secretly monitors user activity and collects data.
Keylogger — type of spyware that records keyboard input.
Ransomware — malware that encrypts files and demands payment for their release.
Cryptomining Malware — malware that hijacks system resources to mine cryptocurrency.

Keep your operating system and all applications updated with the latest security patches.
Run and regularly update antivirus and anti-malware software.
Enable Secure Boot in your system BIOS/UEFI settings.
Make regular backups of important data to recover from ransomware or similar attacks.