LAB 6 DEFEATING MALWARE NET 332 COVERAGE Manual
LAB 6 – DEFEATING MALWARE NET 332
COVERAGE – Manual Removal of Malware using MBAM – Overview of how malware steals user information and location
WHAT IS MALWARE – Malware, or malicious software, is any program or file that is harmful to a computer user. – These malicious programs can perform functions such as: Data stealing, Encrypting or deleting sensitive data Altering or hijacking core computing functions Monitoring users' computer activity without their permission. Communicating the same to their servers.
TYPES OF MALWARE – Malware designed for different purposes Adware Scanners Trojans Redirects Decryptors Encryptors Root kits Spyware Backdoors Etc. ,
HOW MALWARE WORKS – Get installed through download or access of malicious sites or free downloads – Flash update, Adobe Update, etc. , – Freeware download – Free online virus scanning – Once installed, start propagating and infecting files.
WHERE CAN I FIND MALWARE FOR TESTING – Vxvalut. net – Malc 0 de. com – Clean-mx. de
HANDS ON MALWARE (SCAN & TERMINATE) – For this lab, we will use the previously configured windows virtual machine in the oracle virtual box. – Download the zipped folder ‘Malware’ from the Vdrive folder for Lab 6. – Download and install the MBAM from the Vdrive folder for Lab 6. – Disable the MBAM and windows defender and firewall. – Run the task manager and notice the normal processes of the windows image – Unzip the malware folder and double click on the malware files inside, to install them on the virtual machine
HANDS ON MALWARE (2) – Once the malware files are run, open the task manager: Ctrl + Alt + Delete and select task manager Right click the task bar and click on the task manager. – Notice and note down the additional processes you see in the task manager. Also notice the resources they consume The resources are not used for processing Hijacking to slow down the infected computer.
HANDS ON MALWARE (3) – Getting rid of the malware Enable the MBAM from the task manager and run a full scan of the computer. The MBAM should return with infections found message Delete the infections by clicking on ‘Remove Files’ Restart the virtual image Access the task manger again and check for processes previously noted (malware processes)
WHERE DO MALWARE STORE THE DATA – Malware come in different types such as scanners and spyware. Scan the user profile and computer for data and communicate the same to the provocateur servers Before the data is communicated, it is saved in a temporary location ‘cookies’ It’s a good practice to clean up/delete cookies often as possible. – Accessing and reading cookies can be of great help in dealing with malware proactively. Requires appropriate skill set and knowledge
ACCESSING & READING COOKIES – In Chrome –Goto. Settings – Select Advance Settings:
ACCESSING & READING COOKIES (2) – Under Privacy Settings –Select Content Settings – Select Cookies under content settings
ACCESSING & READING COOKIES (3) – Select ‘See All Cookies in Site Data’
ACCESSING & READING COOKIES (4) – Select any cookie to see its details – Cookie details are listed
Questions ?
- Slides: 15