This week, we learned about Malware.
Malware, or Malicious Software, is a software that is specifically created to damage, disrupt, or gain unauthorized access to a computer system. One way to identify malware using network forensics methodology is through Security Information and Event Management (SIEM). It involves collecting log and event data generated by an organization’s applications, security devices and host systems and bringing it together into a single centralized platform, it detects threats and creates security alerts.
Example of Malware:
- Worms: spread via phishing or software vulnerabilities. When a worm has installed itself into your computer’s memory, it self-replicates and infects the whole machine and potentially the whole network. Worms can modify or delete files, steal data, install backdoors, inject malware onto computers. You can identify and remove worms using anti-virus tools and dedicated removal tools.
- Trojan Horse: malicious program that is disguised to look like a legitimate file so users will download them. Trojans are a doorway and they need a host to work. Trojan horses can delete, modify, and capture data, spy on your device, gain access to your network, harvest your device as part of a botnet. They can be identified and removed using anti-malware softwares.