MALWARE TYPES - Part 2

Logic Bombs: A piece of code that is on a target PC/Sever until it is triggered by an event. That event can be a specific date or time, or when a certain condition is met. The event is specific to what the programmer coded the malware to run.

• It could be a script that runs every payday, if their name isn't included (meaning they have been laid off/fired) in the payroll report, the malware is triggered to run a predetermined time afterward.
• Another event could be when the company hires the 250th (just picked a random number for the example), employee.
• The date is another possibility, launched on a specific date.

Worms: Worms are a type of malware that self-replicates. The worm moves through the network consuming bandwidth. Worms take advantage of weaknesses in certain networking protocols. 

Worms are known to take advantage of the weakness found in SMBv1, spreading through the network over port 445, Microsoft's file-sharing port.

USB flash drives tend to be one of the easiest ways to introduce a worm into the network. Users will find a USB on a table or floor, pick it up and install it to see what is on the device and to determine the owner. There are vendors that will have out free USBs that are infected at conferences like Def Con.

Botnets:  A botnet is a collection of Internet-connected devices, PCs, webcams, etc. These devices are normally on 24 hours per day and have decent bandwidth. The owners of these devices are unaware that their device is participating in the botnet. The devices are known as zombies and perform whatever the handler has programmed them to do:

• DDoS; Distributed Denial of Service attack on a single target
• Send SPAM from these devices
• Download other malware like keyloggers

Botnets typically use anywhere from 5,000 to 20,000 devices

One of the largest DDoS attacks happened in November of 2016, which was an attack against DNS servers. This time the bot was comprised mostly of DVR players and digital cameras.