Malware Overview - Computerphile
ฝัง
- เผยแพร่เมื่อ 30 พ.ย. 2017
- Malware comes in many shapes and sizes, here's an overview of how some of it works. Enrico Mariconti is part of the UCL Security group.
UCL Link: bit.ly/C_UCL-people
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
A channel about computers and they record a screen with a camera.
I'm amazed.
"RISC architecture is gonna change everything."
"Yeah. Risky's good."
10/10
I mean... they weren't wrong...
I really wish they would do an episode on the CC servers themselves. I've always wondered where these servers are physically on the internet. Obviously they aren't just run out of the hackers garage so where are they?
Just to comment on the last part - Dropbox keeps the history of all changed files for up to 30 days (or longer with a paid account). That means that you would be able to restore your files if you notice that they have been encrypted in the past month.
So if I were to install Windows 10 on my PC, what kind of infection would that be?
It would be a rootkit. A self inflicted one.
So if I were to install Windows 11 on my PC, what kind of infection would that be?
Awesome video I would like to see more advanced videos on this topic. I'm happy to see education on this subject and I think it is worthwhile to continue the conversation
Everyone interested in this channel should check out this new (2017) podcast called Malicious Life. It's a show about the cyber security industry, hackers, etc. Usually covering one topic in one or few episodes.
Von Antero link?
Most ransomware will not activate the "warning" screen unless they have encrypted a sufficient amount of data.
Hristo.Bogdanov This is a big big problem indeed. There would be signs like unexplained high CPU and disk usage causing computer slowdown, but it would be kinda silly to unplug everytime that happened (since windows background processes do that often, and other background processes) so it's still a big problem.
RedButtonProductions I n my wi dows 7 specialist class I forgot how to set up performance monitors for just cpu usage.
So if I were to install something from an allegedly anti-malware site, and it was malware, what kind of infection would that be? It wasn't XSS or an SQL injection.
www has more syllables than world wide web
Not to mention the fact that literally _no one_ calls it that, lolll
I slightly hate you, dude! 😁 Your profile pic made me think I had a scratch on my phone's screen. I was confused for a moment 😂😂😂.
As far as I know Dropbox does offer (limited) versioning, so I guess it will be hard for any type of malware to mess with it in a destructive way.
Speaking on backups, I also keep a "cold storage" backup with an unpowered harddrive along side a NAS. The risk I think would be in restoring the data from a "cold backup", though I'd imagine booting to a live disk to do the restore, I think could solve this problem.
I suspect that a more worrisome problem with backups is work/inconvenience involved with doing it. (How often could you expect a person to make a backup in any form?)
Does ransomware target any backups that exists on a separate subnet from your local network?
could we get a video for regular to advanced internet users on personal password storage?
Dropbox isn't a backup solution. I've used spideroak and I also have my own immutable zfs snapshots. If you have to "do a backup" then its not a backup, its a fallible human manual copy. Backups must be automatic and incorruptible.
So much fun to watch. Especially on a Linux machine.
Deleting files is easy to catch and undo. But what if the malware instead overwrites the file with empty/dummy content? Will Dropbox allow you to get an older copy?
That's exactly it: if your backup software and service supports file versioning, unless the malware encrypts a file more times than the number of revisions your backup software/service maintains, you should be able to go back to a previous revision instead of paying to have your files decrypted. But as mentioned, being constantly connected is a risk.
Yes, just like DropBox alot of network backup services keep a history of changes, so if malware encrypts the current backup state, you can restore files from a date before the infection.
Brant Wedel If a hacker has owned your machine he owns the computer itself. Unless you have had network security training there is little more that you can do as a home user. At a business sure there are things to do, but if a hacker really hates you he can encrypt your driver and revoke network privileges. Even worse they could attack your modem/router to infect any computer on the network.
Really nice. If someone wants to study more on malware what material do you suggest to study on? I've found pretty old material.. nothing recent
What do you mean by "studying malware" ?
The Zoo is a repository u can find on github ..it has almost all type of malware ...including ransomware..u can play with it !!
Bernarax Loesgeldt studying how malware is done and how Can you detect One.
The history you have on Dropbox can also be used on windows it's called Shadow Copy or Previous File History. BUT there are Malwares out there that are smart enough to also delete them. That is the reason why your day to day account should not have admin privileges. Only an admin can delete the shadow copies so it would be stopped and you could take your device to the desinfection then login to the admin account and use Previous File History to recover files. But do it in Robo Copy or Xcopy as long filename/paths could lead to problems that the files can't be recovered.
Was just reading about crptyovirology today; good stuff.
I guess the ransomware looks for the file signature instead the extension. So it would not work changing the backup file extension to avoid the malware to detect it... So, keep your system up to date to avoid this kind of situation.
Guys, anyone know of discord for pc having any malware on it? If so, what kind? It said something about the chat never closing even when I close my browser??
if you were to panic and quickly hard shutdown your computer, would it be possible to boot from another disk and recover the data without also accidentally copying the malware?
It would be possible. Most Malware need internet connection beside Ransomware.
The thing about malware is that it's a program and the program is running for one reason or another. If the program never executes then the malware cannot do any harm.
Malware can be run in two main ways.
1: The user runs it expecting it to be something else. Also known as a Trojan.
2: The malware is using/exploiting the operating system/web browser or otherwise to make it run without the user necessarily running it themselves. Also known as a Worm.
Once the malware has infected the machine, you may as well consider every single program/executable/source code/whatever that can execute to be infected. That is, you cannot rely on anything that has been stored in the machine after the fact to be clean.
While it's uncommon nowadays, it's still possible to infect documents (which will be infected with some exploit to make the code run again) or any other data that is interpreted by software with security holes in them.
So to answer your question, yes it's possible to boot from another disk. And you would do well to ensure that that machine doesn't ever execute anything from the infected drive nor does it access any data outside a sandboxed environment to where any executions are contained within the sandbox.
Of course, eventually there will be a permanent fix to any new malware. Holes will be patched, anti-virus software will be able to clean out infected files and the malware will be detected and prevented from executing at all.
But before that happens (and it usually takes long enough for at least a few thousand users to be affected) it needs to be identified and reliably detected and cleaned.
Not to mention, there's been malware out there capable of disabling anti-virus software. So users think they are safe but in reality, the malware has made any protection you have completely pointless.
In summary though... Malware HAS to execute one way or another to function. If it cannot execute it will not do any harm.
famitory Really depends on what the malware is doing and how fast you realize you've been infected. Most malware won't give its self away with flash on screen gui or messages untill after its done with whatever it was designed to do. but by that point you're already infected. Everything is done in the background completely hidden away from you (for obvious reasons).
Oh and one more thing... The only way to be safe is to not use computers for financially sensitive stuff. Nor anything to do with privacy.
In essence, don't do anything on a computer you are not ready to give up to some random stranger.
Cadde
so in other words do nothing on you computer at all.
So if I got ransomware on my machine I turn it off immediately. I take out the hard drive to get it backed up by someone else in another machine... But the ransomware is still on the hard disk. Won't the ransomware be either part of the backed up data or just boot right up again as soon as the hard drive has power?
Nik Saunders The only surefire way is to back up the drive externally BEFORE it's infected. That way you can just purge the drive losing minimal data.
But if you failed that most important step than you may be able to load that drive in a sandbox environment and recover something if you stopped the encryption fast enough. You are correct though that the infected drive will still be infected whatever you do here, so you've got to be super careful to not run anything on the drive.
Thanks for the responses. I guess best first step is don't get infected :)
best first step is backup.
i got an maleware software which i unistalled ? am i safe though?!
When in doubt, run a program or web-browser through "Sandboxie" (not "a" sandbox, but the actual application called Sandboxie).
If you're *really* doubtful, try VirtualBox or HyperV. Oh, and disable JavaScript.
What about when the command and control server domains exist in a darknet?
This is a VERY general over view and doesn't really properly explain how (As an example) not all that fall under the same category are even very similar. Botnets are a great example, sometimes yes, they are set up for financial gain but sometimes it's just to perform DDoS attacks or other things along those lines. I know it's a short TH-cam video and it's difficult to explain everything in that time that is easy to understand, but it can make people think all viruses which are randomware are the same and so on.
A bit more off topic though, you should have someone explain how anti-viruses won't protect you all the time as it drives me insane when people put 100% trust into things thinking "Oh, I have *Generic Anti-Virus* so I'm safe to download something called virus.exe". People typically encrypt viruses nowadays (Btw, very basic explanation here as there's usually more done to have less detection) by having the virus itself encrypted and binded with another exe called the stub that will unencrypt and run the virus after virus scans show it's safe to run. That's usually how many people still get infected today, even with anti-viruses installed.
If command and control DNS / discovery is such a big problem, why haven't the malware authors turned to decentralized means like namecoin or attestation on a blockchain to coordinate command-and-control? It would be difficult or maybe impossible for security researchers to block that...
Hence your videos have a lot of talking in them, it would be nice to have subtitles made for the videos when they are released because its hard for me to understand the video.
It would also make translating the videos to other languages easier.
Hope you consider this :)
"...put in some parameters", eh? Putin some parameters. I got you. Now we know where it came from, without using any science.
1:27 "I.S.P. rocks find out more" Is this a parody of the T-Mobile advertisement that is omnipresent recently?
Surely advanced malware won't immediately announce it's presence if it still needs time to infect local machines.
Can randsomeware affect encrypted HDDs?
Do you mean encrypted HDDs that the OS is operating from? If so, definitely yes. As long as the hdd is communicating with the os then it can be encrypted by the ransomware, the encryption would just lie withing the base encryption already provided by the hdd.
No, I meant e.g., to have an encrypted external HDD that is directly connected to the computer at all times, but a password is needed to access anything within the drive.
I think i would depend on how the randsomware is designed then. If you are opening the drive and using it regularly, then access to the un-encrypted interface to the drive exists, but I do not know enough about how this type of interface is protected and if the ransom ware targets this interface. It definitely could happen, because if you are accessing the files in the hard drive, then you are operating at a level "above" the encryption if that makes sense.
gaben and computerphile collaboration confirmed 13:22?
Can you add the tag “yt:cc=on” ?
Unfortunately, he didn't mention the newest type of malware, which abuses the victim's CPU or even GPU to mine bitcoin.
All my data is on a NAS with versioning enabled and the user I run under doesn't have permission to remove old versions. If I ever get hit by ransomware, I'll just roll all the files back to the pre-encryption state. Bring it on, bad guys!
I had to pause the video after 1 minute to go see Hackers one more time.
I just made the traffic lights turn rainbow, after that movie.
I will translate what you said: "I had to pause the video after 1 minute to go see a young Angelina Jolie."
It took me a moment to realize he was saying Dropbox and not Dropbooks.
is this chillindude829
The shaking camera thing is kind of annoying.
Everyone who turn ON subs for this guy
Where is this accent from?
I think he's Italian.
i think India
He's italian
From idubbbz obviously
Definitely an italian name
With a channel for nearly 1 mil subs I am very surprised with the amount of views.
Always, Always, Always have backups of your important data stored unconnected from your computer, NEVER, NEVER, NEVER pay the criminals that infect your computer. If you pay the ransom, then your only encouraging this criminal behavior to continue.
his left eye is lower than his right eye
i think that means that the last letter in his password is lower case.
I like haa-kers 😂
Are stolen bank details really worth hundreds of dollars? The fraudsters will still need to recruit a money mule so they can get money out through transactions that can't easily be tracked and reversed.
Brought to you by google drive
THIS IS WHY I ONLY USE PORNHUB
Hack the planet!
Proprietary software is often malware!
Not like "legitimate" malware, but by definition yes, more than not it is.
It can often spam you with adverts, and be very hard to remove (shitty macafee security and some other bloatware). It can seriously harm your privacy and security by having lots of holes and some deliberate backdoors (windows 10). It can even install itself forcefully (windows 10 again, also the bloatware that comes on many computers and smartphones).
/r/StallmanWasRight
dropbox ? eweweeeee.... Have people not heard of removable media ?
What if you lose that "removable media"?
Then buy another one and copy everything back.
How does one copy back lost data?
By having it stored on a PC too.
Well their is a 3 save policy but not everyone does it.
Repeat after me:
Algorithm, algorithm, algorithm, al - go - ri - thm.....
I must not be a hacker because I had hard time understanding a single word he said.
John Doe lol. IT is a language unto itself.
പണികിട്ടുമോ 🙄🙄🙄
First one to like this video😂
I had to stop watching this video after 1:07 when I realized the last three paragraphs, he started to get excited at the ending of the last sentence and the accent got thicker and thicker until I had no idea what the last 5 or 6 syllables were and just completely had no idea what his point was.
I'm sorry but you're on a campus. *Make use of the speech/debate lab.* I don't care if you're tenured! Do it!!
Button up the shirt.