1 00:00:04,400 --> 00:00:07,800 Speaker 1: Welcome to tech Stuff, a production from I Heart Radio. 2 00:00:11,920 --> 00:00:14,520 Speaker 1: He there, and welcome to tech Stuff. I'm your host, 3 00:00:14,680 --> 00:00:17,760 Speaker 1: Jonathan Strickland. I'm an executive producer with I Heart Radio 4 00:00:17,840 --> 00:00:21,040 Speaker 1: and how the tech are you So? On the tech 5 00:00:21,079 --> 00:00:25,079 Speaker 1: Stuff news episodes, I often end up talking about stories 6 00:00:25,320 --> 00:00:30,480 Speaker 1: involving malware, and I'm guessing you're all aware of malware 7 00:00:30,520 --> 00:00:33,080 Speaker 1: at least to some degree. If you work for a 8 00:00:33,120 --> 00:00:37,200 Speaker 1: company like mine, you'll hear about malware several times a month, 9 00:00:37,520 --> 00:00:40,760 Speaker 1: as we have an extremely proactive I T security team 10 00:00:40,840 --> 00:00:43,400 Speaker 1: that works hard to keep employees up to speed on 11 00:00:43,440 --> 00:00:47,000 Speaker 1: the dangers of malware and the various tactics used to 12 00:00:47,040 --> 00:00:51,200 Speaker 1: deliver payloads to targets. But I figure it's always good 13 00:00:51,360 --> 00:00:55,440 Speaker 1: to do a quick rundown on different variations of malware 14 00:00:56,120 --> 00:00:59,760 Speaker 1: and what they do. Now, keep in mind, well I'll 15 00:00:59,800 --> 00:01:04,200 Speaker 1: be talking about broad categories. You can sometimes find examples 16 00:01:04,319 --> 00:01:07,319 Speaker 1: of specific malware that kind of belonged to more than 17 00:01:07,400 --> 00:01:12,360 Speaker 1: one type or category. And I'm really I'm using categories 18 00:01:12,360 --> 00:01:16,720 Speaker 1: that are identified by Cisco because you have to take 19 00:01:16,760 --> 00:01:20,080 Speaker 1: definitions from somewhere. But as it turns out, because of 20 00:01:20,120 --> 00:01:23,880 Speaker 1: these similarities between different types, you can sometimes find other 21 00:01:23,920 --> 00:01:26,720 Speaker 1: companies that will define them in a slightly different way, 22 00:01:27,280 --> 00:01:31,280 Speaker 1: but I figure your Cisco is a pretty good authority 23 00:01:31,319 --> 00:01:35,320 Speaker 1: to build this episode off of. Just keep in mind, 24 00:01:35,319 --> 00:01:38,800 Speaker 1: if you do your own research, you might find variations 25 00:01:38,959 --> 00:01:41,880 Speaker 1: on what we'll be talking about here. So starting off, 26 00:01:41,920 --> 00:01:45,600 Speaker 1: before we even get into the different kinds, let's define malware, 27 00:01:45,760 --> 00:01:52,600 Speaker 1: so that term is short for malicious software malware. Back 28 00:01:52,640 --> 00:01:55,720 Speaker 1: in the early days of computing, I always just heard 29 00:01:55,720 --> 00:02:00,200 Speaker 1: of viruses, and you know, viruses are a subcategory. There 30 00:02:00,240 --> 00:02:05,120 Speaker 1: are a type of malware, and I actually to this 31 00:02:05,240 --> 00:02:09,960 Speaker 1: day still have to focus to refer to malicious software 32 00:02:10,000 --> 00:02:12,400 Speaker 1: as malware instead of just doing the lazy thing and 33 00:02:12,440 --> 00:02:16,040 Speaker 1: calling them all viruses. Because when I was a kid 34 00:02:16,440 --> 00:02:20,160 Speaker 1: and personal computers were first becoming a thing, that's what 35 00:02:20,240 --> 00:02:23,240 Speaker 1: we referred to all malicious software. It was all of virus, 36 00:02:23,680 --> 00:02:26,520 Speaker 1: partly because networking was not really a thing with personal 37 00:02:26,520 --> 00:02:30,520 Speaker 1: computers in the early days. So anyway, old habits die hard. 38 00:02:30,560 --> 00:02:34,000 Speaker 1: That's why I sometimes will still do it. But uh, 39 00:02:34,240 --> 00:02:36,880 Speaker 1: as I said, we'll see that virus is one subset 40 00:02:36,880 --> 00:02:41,360 Speaker 1: of malware. And because we're talking malicious software and not 41 00:02:41,520 --> 00:02:45,480 Speaker 1: just cheeky programs that are meant to cause mischief. We 42 00:02:45,560 --> 00:02:49,040 Speaker 1: typically will say that cyber criminals are the ones responsible 43 00:02:49,080 --> 00:02:51,799 Speaker 1: for developing the software in the first place, and they 44 00:02:51,800 --> 00:02:54,000 Speaker 1: may or may not be the same cyber criminals who 45 00:02:54,040 --> 00:02:58,240 Speaker 1: actually distribute the malware. Now, many folks will use the 46 00:02:58,280 --> 00:03:03,080 Speaker 1: word hacker to stand in for cyber criminal, but I 47 00:03:03,160 --> 00:03:07,960 Speaker 1: object to that because it implies that hackers collectively are 48 00:03:08,560 --> 00:03:12,880 Speaker 1: bad people. But if you'll forgive me a short tangent, 49 00:03:13,120 --> 00:03:16,160 Speaker 1: I'd like to explain why that's not really the case. 50 00:03:16,800 --> 00:03:19,960 Speaker 1: So the word hacker in the context of someone who 51 00:03:20,000 --> 00:03:23,440 Speaker 1: works with code dates back to the late nineteen fifties 52 00:03:23,480 --> 00:03:27,800 Speaker 1: and early nineteen sixties at m i T the Massachusetts 53 00:03:27,880 --> 00:03:33,359 Speaker 1: Institute of Technology in other words, and it an originated 54 00:03:33,400 --> 00:03:37,800 Speaker 1: of the college's Tech Model Railroad Club or t m 55 00:03:37,960 --> 00:03:41,760 Speaker 1: r C. In fact, there's this humorous definition that Peter R. 56 00:03:41,960 --> 00:03:46,280 Speaker 1: Sampson created for the term hack, which then could be 57 00:03:46,320 --> 00:03:51,040 Speaker 1: extended to hacker. And the definition for hack, according to Sampson, 58 00:03:51,320 --> 00:03:57,440 Speaker 1: is this hack something done without constructive end, a project 59 00:03:57,520 --> 00:04:02,720 Speaker 1: undertaken on bad self advice, an intrope booster, or to 60 00:04:02,800 --> 00:04:07,040 Speaker 1: produce or attempt to produce a hack. So noun and 61 00:04:07,160 --> 00:04:10,040 Speaker 1: a verb, and I do not wish to put words 62 00:04:10,080 --> 00:04:13,080 Speaker 1: into Mr Sampson's mouth, but I believe he may be 63 00:04:13,360 --> 00:04:17,040 Speaker 1: using the word entropy here to specifically refer to a 64 00:04:17,080 --> 00:04:22,599 Speaker 1: decline into general disorder. Anyway, the blossoming field of computer 65 00:04:22,680 --> 00:04:25,640 Speaker 1: science took on hacker to mean people who were putting 66 00:04:25,640 --> 00:04:30,559 Speaker 1: together code, sometimes fruitlessly, as they were trying to get 67 00:04:30,600 --> 00:04:34,359 Speaker 1: a system to do something specific, Like they had a 68 00:04:34,400 --> 00:04:38,359 Speaker 1: specific goal they were working toward, and they were hacking 69 00:04:38,440 --> 00:04:42,599 Speaker 1: their way to getting that goal to come true. And 70 00:04:42,760 --> 00:04:46,360 Speaker 1: you know, the early days of computer science there was 71 00:04:46,400 --> 00:04:49,200 Speaker 1: a lot of trial and error when it came to 72 00:04:49,320 --> 00:04:52,520 Speaker 1: writing code that could achieve a specific purpose. There are 73 00:04:52,560 --> 00:04:56,760 Speaker 1: a lot of early programs that essentially did what they 74 00:04:56,760 --> 00:05:00,360 Speaker 1: set out to do, but on careful review of the code, 75 00:05:01,240 --> 00:05:06,800 Speaker 1: as as Jonathan Colton might say, it is not elegant, uh, 76 00:05:06,839 --> 00:05:10,920 Speaker 1: and it does not really do the goal efficiently, and 77 00:05:10,920 --> 00:05:14,839 Speaker 1: that you know, it's it's really a poorly programmed piece 78 00:05:14,839 --> 00:05:16,720 Speaker 1: of code, except for the fact that it actually does 79 00:05:16,760 --> 00:05:19,840 Speaker 1: achieve what it set out to do. Now, later on, 80 00:05:20,120 --> 00:05:23,119 Speaker 1: the word hacker would be used to describe curious folks 81 00:05:23,160 --> 00:05:27,600 Speaker 1: who just wanted to know how different technological stuff works, like, 82 00:05:27,920 --> 00:05:32,240 Speaker 1: for example, how does a telephone network route calls. These 83 00:05:32,279 --> 00:05:37,200 Speaker 1: hackers would explore technology and technological systems. They would learn 84 00:05:37,279 --> 00:05:40,760 Speaker 1: all about the quirks of those pieces of tech, you know, 85 00:05:40,839 --> 00:05:44,599 Speaker 1: what made them tick, and perhaps most importantly, how to 86 00:05:44,720 --> 00:05:49,600 Speaker 1: make the tech do stuff it wasn't necessarily intended to do, 87 00:05:50,839 --> 00:05:54,360 Speaker 1: Because there's something really satisfying about figuring out a way 88 00:05:54,360 --> 00:05:57,760 Speaker 1: to achieve a result using tech that wasn't you know, 89 00:05:58,760 --> 00:06:02,800 Speaker 1: built to do that thing. It I think it kind 90 00:06:02,800 --> 00:06:06,159 Speaker 1: of taps into the same part of our brains for 91 00:06:06,240 --> 00:06:08,960 Speaker 1: the people who really enjoy doing things like designing Rube 92 00:06:08,960 --> 00:06:14,240 Speaker 1: Goldberg devices. Those are those needlessly complex devices that are 93 00:06:14,920 --> 00:06:20,719 Speaker 1: designed to carry out some uh trivially simple task. Well, 94 00:06:21,600 --> 00:06:24,200 Speaker 1: I think the same thing that that pleases folks who 95 00:06:24,240 --> 00:06:27,800 Speaker 1: really love Rube Goldberg devices is what pleases people to 96 00:06:28,440 --> 00:06:30,599 Speaker 1: learn how the system works and then find ways to 97 00:06:30,720 --> 00:06:35,240 Speaker 1: exploit it to do something different, not necessarily something bad, 98 00:06:36,080 --> 00:06:40,760 Speaker 1: but different anyway. The word hacker really is more general 99 00:06:41,320 --> 00:06:44,480 Speaker 1: than the specific use case of, you know, people who 100 00:06:44,520 --> 00:06:49,200 Speaker 1: make malicious software, or even person who wants to infiltrate 101 00:06:49,279 --> 00:06:53,760 Speaker 1: a secure system. There are hackers who fall into those subcategories, 102 00:06:54,279 --> 00:06:58,719 Speaker 1: but I wouldn't use hacker as a broad stroke brush 103 00:06:59,120 --> 00:07:03,880 Speaker 1: to say person with malicious intent. Um, but frequently that's 104 00:07:03,880 --> 00:07:07,240 Speaker 1: how we encounter the word in the media. And you know, 105 00:07:07,560 --> 00:07:12,200 Speaker 1: language is fluid, Language does evolve, so it could very 106 00:07:12,200 --> 00:07:14,560 Speaker 1: well be that I'm trying to hold back a flood 107 00:07:15,000 --> 00:07:18,080 Speaker 1: and I should just accept that. Hacker effectively now means 108 00:07:18,320 --> 00:07:21,600 Speaker 1: jerk face who wants to ruin your day, or maybe 109 00:07:21,720 --> 00:07:25,280 Speaker 1: ruin your computer, or maybe the company you work for, 110 00:07:25,840 --> 00:07:29,040 Speaker 1: or maybe the country you live in. It can get 111 00:07:29,080 --> 00:07:32,000 Speaker 1: pretty scary. Now, one other thing before we start to 112 00:07:32,000 --> 00:07:36,480 Speaker 1: dive into the categories. The folks who distribute malware are 113 00:07:36,560 --> 00:07:41,600 Speaker 1: not necessarily the same folks who built the malware. They 114 00:07:41,640 --> 00:07:45,120 Speaker 1: can be, but they don't have to be. There are 115 00:07:45,320 --> 00:07:49,720 Speaker 1: malware programmers for higher out there. We could actually call 116 00:07:49,800 --> 00:07:53,600 Speaker 1: them hacks, because one of the definitions of hack is 117 00:07:53,640 --> 00:07:57,080 Speaker 1: a person who does you know, work for higher It's 118 00:07:57,160 --> 00:08:01,960 Speaker 1: kind of like the gig economy, and often we associate 119 00:08:02,000 --> 00:08:05,120 Speaker 1: it with someone who does, you know, like bare minimum 120 00:08:05,200 --> 00:08:08,680 Speaker 1: quality work and does a lot of it in order 121 00:08:08,720 --> 00:08:11,280 Speaker 1: to make a living. So like a hack, writer is 122 00:08:11,320 --> 00:08:15,640 Speaker 1: someone who generates an awful lot of writing but isn't 123 00:08:15,680 --> 00:08:21,119 Speaker 1: necessarily deeply concerned about the quality of their work. So 124 00:08:21,720 --> 00:08:26,240 Speaker 1: we could refer to these malicious coders for higher as 125 00:08:26,360 --> 00:08:30,640 Speaker 1: hackers in that sense, slightly different context from what we 126 00:08:30,640 --> 00:08:34,600 Speaker 1: were talking about earlier. Now, these programmers go on to 127 00:08:34,679 --> 00:08:39,000 Speaker 1: create malicious software and then frequently they will sell it 128 00:08:39,280 --> 00:08:43,480 Speaker 1: on a dark market, like on the dark Web, where 129 00:08:43,480 --> 00:08:46,760 Speaker 1: people are are looking for pieces of malware that they 130 00:08:46,800 --> 00:08:51,959 Speaker 1: specifically want to use to target either a specific target 131 00:08:52,120 --> 00:08:56,200 Speaker 1: or general target, and they have a specific goal that 132 00:08:56,240 --> 00:09:00,040 Speaker 1: they want to achieve. Uh. Sometimes they'll even make a 133 00:09:00,480 --> 00:09:04,199 Speaker 1: software available for free for distribution, but more often than 134 00:09:04,240 --> 00:09:08,320 Speaker 1: not you'll find it as like a pay for tool, 135 00:09:08,480 --> 00:09:11,320 Speaker 1: a weapon you can use in your arsenal. Now, often 136 00:09:11,720 --> 00:09:16,040 Speaker 1: cyber criminals who purchase these pieces of malware will then 137 00:09:16,080 --> 00:09:20,040 Speaker 1: go on to tweak that malware put their own spin 138 00:09:20,120 --> 00:09:24,040 Speaker 1: on it. So very frequently we will find lots of 139 00:09:24,120 --> 00:09:28,320 Speaker 1: variations of certain types of malware, and if you do 140 00:09:28,360 --> 00:09:32,720 Speaker 1: a forensics investigation into the malware, you will discover that 141 00:09:32,760 --> 00:09:38,360 Speaker 1: there are some common threads of DNA among different types 142 00:09:38,400 --> 00:09:41,560 Speaker 1: of malware. That can also be useful because if there 143 00:09:41,600 --> 00:09:47,160 Speaker 1: are common elements between different distributions of malware, it can 144 00:09:47,200 --> 00:09:50,520 Speaker 1: be easier to scan for that malware and detect it 145 00:09:50,559 --> 00:09:55,240 Speaker 1: before it does too much damage. Um, the more different 146 00:09:56,040 --> 00:09:59,760 Speaker 1: a version is from its origin point, the more likely 147 00:10:00,000 --> 00:10:03,520 Speaker 1: it is going to escape immediate detection. This is one 148 00:10:03,520 --> 00:10:06,560 Speaker 1: of the reasons why anti virus software, which we will 149 00:10:06,559 --> 00:10:09,880 Speaker 1: talk about towards the end of this episode, is really 150 00:10:10,000 --> 00:10:13,840 Speaker 1: important because we get new variations on old malware all 151 00:10:13,880 --> 00:10:16,080 Speaker 1: the time, and if it's if it's a dramatic enough 152 00:10:16,080 --> 00:10:19,720 Speaker 1: departure from the original piece of malware, your anti virus 153 00:10:19,760 --> 00:10:23,160 Speaker 1: program may not pick up on it. So these things 154 00:10:23,160 --> 00:10:30,440 Speaker 1: have to be you know, investigated and then updated frequently. Okay, 155 00:10:30,520 --> 00:10:33,520 Speaker 1: I think we have laid all the groundwork we need 156 00:10:33,559 --> 00:10:36,240 Speaker 1: to lay. When we come back, we're gonna start with 157 00:10:36,480 --> 00:10:41,080 Speaker 1: the various types of malware and we'll we'll get it 158 00:10:41,200 --> 00:10:45,960 Speaker 1: going with a good old computer virus. But first let's 159 00:10:45,960 --> 00:10:57,720 Speaker 1: take this quick break, all right. As I said, we're 160 00:10:57,720 --> 00:11:00,640 Speaker 1: going to start with the computer virus. So the heck 161 00:11:00,880 --> 00:11:04,439 Speaker 1: is a virus within the context of malware. So a 162 00:11:04,559 --> 00:11:08,880 Speaker 1: virus is a piece of malicious software that gloams onto 163 00:11:08,960 --> 00:11:12,720 Speaker 1: a file that supports some form of macros like you know, 164 00:11:12,800 --> 00:11:17,000 Speaker 1: most document files do this, and so this this malicious 165 00:11:17,040 --> 00:11:21,200 Speaker 1: code is piggybacking on top of a file and it 166 00:11:21,240 --> 00:11:24,360 Speaker 1: is like a virus inside of a host. The host 167 00:11:24,400 --> 00:11:27,400 Speaker 1: in this case is the file that contains the malicious code, 168 00:11:27,720 --> 00:11:31,160 Speaker 1: and when someone opens up that file that has the 169 00:11:31,240 --> 00:11:35,720 Speaker 1: virus attached, it can activate the virus. So the file 170 00:11:35,880 --> 00:11:40,040 Speaker 1: that you're opening appears to be legit or safe, but 171 00:11:40,160 --> 00:11:44,320 Speaker 1: the malicious code that's within the the file then gets 172 00:11:44,360 --> 00:11:47,120 Speaker 1: to run rampant on your machine. Now, the goal of 173 00:11:47,120 --> 00:11:51,160 Speaker 1: your typical virus is to disrupt a computer system in 174 00:11:51,240 --> 00:11:54,160 Speaker 1: some way. Now may do this by placing a very 175 00:11:54,280 --> 00:11:58,200 Speaker 1: large demands on computer memory. So now your computer can't 176 00:11:58,200 --> 00:12:01,559 Speaker 1: really run anything properly because it's memory is completely taken 177 00:12:01,600 --> 00:12:05,280 Speaker 1: up by dealing with this virus. Or it might replicate 178 00:12:05,320 --> 00:12:09,880 Speaker 1: itself and or otherwise replicate nonsense information and fill up 179 00:12:10,200 --> 00:12:14,120 Speaker 1: your computer storage with garbage data. And it may even 180 00:12:14,160 --> 00:12:17,200 Speaker 1: overwrite files so that you can no longer access key 181 00:12:17,280 --> 00:12:19,760 Speaker 1: data or programs. That kind of thing. By the way, 182 00:12:19,800 --> 00:12:24,560 Speaker 1: overwriting files, that's like scorched Earth policy, because if you 183 00:12:24,640 --> 00:12:28,240 Speaker 1: delete a file, it doesn't actually leave your machine. The 184 00:12:28,400 --> 00:12:33,000 Speaker 1: deleted file is essentially marked by your computer as this 185 00:12:33,160 --> 00:12:36,360 Speaker 1: area of storage is now available, so we can write 186 00:12:36,400 --> 00:12:39,160 Speaker 1: over it if we want to. But if you haven't 187 00:12:39,240 --> 00:12:44,560 Speaker 1: overwritten anything. You can still retrieve deleted files. Overwriting files 188 00:12:44,880 --> 00:12:50,959 Speaker 1: makes retrieval way more difficult. There are entire forensics companies 189 00:12:50,960 --> 00:12:55,600 Speaker 1: out there that will take great strides to try and 190 00:12:55,600 --> 00:12:59,959 Speaker 1: retrieve information from overwritten files, but it's very hard to do. Uh. 191 00:13:00,520 --> 00:13:03,200 Speaker 1: A common feature of computer viruses is that they do 192 00:13:03,360 --> 00:13:08,960 Speaker 1: self replicate. That is a pretty standard uh component of 193 00:13:08,960 --> 00:13:12,400 Speaker 1: of computer viruses, and again they typically do that to 194 00:13:12,480 --> 00:13:16,040 Speaker 1: kind of gum up with a computer with copies of itself. Okay, 195 00:13:16,080 --> 00:13:21,040 Speaker 1: next up, let's talk about trojan's sometimes also called trojan viruses. 196 00:13:21,120 --> 00:13:25,280 Speaker 1: They do share some similarities with your bog standard viruses 197 00:13:25,280 --> 00:13:29,440 Speaker 1: that we just talked about. A trojan is malware disguised 198 00:13:29,480 --> 00:13:34,400 Speaker 1: as a legitimate file or program. So maybe you are 199 00:13:34,480 --> 00:13:38,840 Speaker 1: prompted to download a video player because you're trying to 200 00:13:39,000 --> 00:13:43,319 Speaker 1: play some sort of online content online media, but you're 201 00:13:43,360 --> 00:13:46,520 Speaker 1: getting a message saying, hey, you need to download this 202 00:13:46,600 --> 00:13:50,120 Speaker 1: media player if you want to watch this. Well, in 203 00:13:50,320 --> 00:13:52,640 Speaker 1: some cases, not in all of them. Sometimes this is 204 00:13:52,640 --> 00:13:56,079 Speaker 1: a legitimate message, but frequently this is a tactic that 205 00:13:56,400 --> 00:13:59,680 Speaker 1: criminals use to convince you to download a file that's 206 00:13:59,720 --> 00:14:04,080 Speaker 1: acte a trojan that's housing malicious software. Back in the 207 00:14:04,080 --> 00:14:08,199 Speaker 1: heyday of media piracy, there were lots of trojans disguised 208 00:14:08,240 --> 00:14:13,559 Speaker 1: as useful programs, so everything from pirated video games, to 209 00:14:14,200 --> 00:14:19,000 Speaker 1: productivity software suites, to even anti virus packages. Clever go 210 00:14:19,680 --> 00:14:21,280 Speaker 1: you would go and say, Hey, I don't want to 211 00:14:21,320 --> 00:14:24,280 Speaker 1: pay for this expensive piece of software, I'm gonna find 212 00:14:24,280 --> 00:14:28,680 Speaker 1: it online for free. There was a chance that the 213 00:14:28,840 --> 00:14:32,440 Speaker 1: free version you found was actually a trojan that was 214 00:14:32,800 --> 00:14:36,960 Speaker 1: housing malicious software. Now, typically once a person downloads the 215 00:14:37,000 --> 00:14:40,360 Speaker 1: trojan and then activates it, the trojan jumps in to 216 00:14:40,480 --> 00:14:46,080 Speaker 1: get access to sensitive data on the computer or computer device. 217 00:14:46,760 --> 00:14:50,000 Speaker 1: It might have some code that sends that data back 218 00:14:50,040 --> 00:14:52,720 Speaker 1: to the jerks who distributed the malware in the first place. 219 00:14:52,760 --> 00:14:55,160 Speaker 1: That kind of falls into another category we'll talk about 220 00:14:55,160 --> 00:14:59,840 Speaker 1: a bit later. So in those cases, the militia software 221 00:14:59,880 --> 00:15:04,920 Speaker 1: is collecting information that someone else should absolutely not have 222 00:15:05,000 --> 00:15:08,400 Speaker 1: access to. Could be your personal information, could be stuff 223 00:15:08,440 --> 00:15:11,840 Speaker 1: like your bank account, could be your medical records, could 224 00:15:11,840 --> 00:15:14,440 Speaker 1: be any combination of these, could be everything on your computer. 225 00:15:14,520 --> 00:15:19,240 Speaker 1: Really Now, something else that a trojan virus might have 226 00:15:19,640 --> 00:15:23,400 Speaker 1: within it is what's called a root kit attack. So 227 00:15:23,600 --> 00:15:27,600 Speaker 1: root kit it's attacking the root of your operating system 228 00:15:27,720 --> 00:15:30,920 Speaker 1: and the purpose of this is to give a cyber 229 00:15:31,000 --> 00:15:34,680 Speaker 1: criminal access to your machine, almost as if the cyber 230 00:15:34,680 --> 00:15:38,320 Speaker 1: criminal was sitting down at your keyboard directly. And when 231 00:15:38,320 --> 00:15:42,720 Speaker 1: a criminal gets administrative access to a computer, that's super 232 00:15:42,800 --> 00:15:45,240 Speaker 1: bad news. It can also lead to the criminal not 233 00:15:45,280 --> 00:15:49,760 Speaker 1: only just compromising one machine, but potentially launching attacks on 234 00:15:50,200 --> 00:15:54,840 Speaker 1: connected systems, so networked devices that that machine can is 235 00:15:54,880 --> 00:15:57,640 Speaker 1: connected to that could be the next vector of attack. 236 00:15:58,200 --> 00:16:02,920 Speaker 1: Trojan malware is often the delivery system for other specific 237 00:16:02,920 --> 00:16:07,240 Speaker 1: subcategories of malware, such as ransomware. So let's go ahead 238 00:16:07,280 --> 00:16:10,040 Speaker 1: and do that one now because it is so closely connected. 239 00:16:10,040 --> 00:16:12,840 Speaker 1: So this is category number three. We've had virus, we 240 00:16:12,880 --> 00:16:16,280 Speaker 1: have trojan virus. Now we have ransomware. And it's been 241 00:16:16,320 --> 00:16:18,880 Speaker 1: in the news a lot over the last couple of years. 242 00:16:18,920 --> 00:16:22,720 Speaker 1: There's been some high profile ransomware attacks over the last 243 00:16:22,760 --> 00:16:26,360 Speaker 1: few years. And it's similar in many ways to viruses, 244 00:16:26,400 --> 00:16:28,640 Speaker 1: and that the goal is to cut off access to 245 00:16:28,840 --> 00:16:34,240 Speaker 1: important programs, files, folders, entire directories, that kind of thing. 246 00:16:34,760 --> 00:16:37,320 Speaker 1: But the way it goes about this is slightly different 247 00:16:37,360 --> 00:16:40,960 Speaker 1: from viruses. So once ransomware has been injected into a 248 00:16:41,000 --> 00:16:44,840 Speaker 1: computer system, it will run an encryption program and it 249 00:16:44,920 --> 00:16:49,720 Speaker 1: will encrypt data on part or all of the computer system. 250 00:16:50,000 --> 00:16:52,800 Speaker 1: Often it will encrypt data on any part of the 251 00:16:52,800 --> 00:16:56,080 Speaker 1: computer system it can get access to, so the computer's 252 00:16:56,160 --> 00:17:00,360 Speaker 1: user will be unable to access those encrypted files because 253 00:17:00,560 --> 00:17:02,600 Speaker 1: to the computer all that data will just appear to 254 00:17:02,640 --> 00:17:06,480 Speaker 1: be gibberish. It won't look like useful files or programs, 255 00:17:06,480 --> 00:17:10,240 Speaker 1: it will just look like random data. And the companying 256 00:17:10,320 --> 00:17:14,200 Speaker 1: message will alert the user that some criminal has locked 257 00:17:14,200 --> 00:17:18,040 Speaker 1: away important stuff on this computer and that only by 258 00:17:18,080 --> 00:17:22,120 Speaker 1: paying a ransom, typically in some form of cryptocurrency, will 259 00:17:22,160 --> 00:17:25,639 Speaker 1: the user regain access to their programs and files. This 260 00:17:25,720 --> 00:17:28,400 Speaker 1: can also end up being a type of blackmail as 261 00:17:28,400 --> 00:17:32,159 Speaker 1: well for personal stuff. Like let's say that you have 262 00:17:32,400 --> 00:17:35,240 Speaker 1: your computer. You're not necessarily part of some big company, 263 00:17:35,280 --> 00:17:39,080 Speaker 1: but you get by ransomware, and the people who have 264 00:17:39,600 --> 00:17:41,960 Speaker 1: locked away your data are saying, hey, if you don't 265 00:17:42,000 --> 00:17:46,120 Speaker 1: want sensitive stuff on here leaked to the public, you've 266 00:17:46,119 --> 00:17:48,439 Speaker 1: gotta pay me. So that this can also come in 267 00:17:48,480 --> 00:17:52,399 Speaker 1: the form of blackmail. Well, what they're saying is if 268 00:17:52,400 --> 00:17:55,160 Speaker 1: you pay us, then we will give you the key 269 00:17:55,200 --> 00:17:59,320 Speaker 1: that will allow you to access your programs and files. Again. Uh, 270 00:17:59,400 --> 00:18:03,160 Speaker 1: so the criminal can grant access by sharing this mathematical key, 271 00:18:03,240 --> 00:18:06,440 Speaker 1: and that does allow for decryption, you can reverse the 272 00:18:06,560 --> 00:18:11,720 Speaker 1: encryption process and regain your files and programs and turn 273 00:18:11,760 --> 00:18:14,840 Speaker 1: it back into useful stuff. So the criminal is essentially 274 00:18:14,840 --> 00:18:18,679 Speaker 1: holding a user's programs and files or directories or whatever 275 00:18:18,800 --> 00:18:22,560 Speaker 1: hostage until they get paid a ransom. Now I've said 276 00:18:22,600 --> 00:18:25,440 Speaker 1: this many times on tech news episodes, but it bears repeating. 277 00:18:25,840 --> 00:18:28,880 Speaker 1: It is pretty much always a bad idea to pay 278 00:18:29,240 --> 00:18:33,280 Speaker 1: the ransom. It can be very hard to resist the 279 00:18:33,520 --> 00:18:37,280 Speaker 1: urge to pay to get to regain control of your systems, 280 00:18:37,520 --> 00:18:41,600 Speaker 1: but it's bad to do because paying reinforces that method 281 00:18:41,640 --> 00:18:46,120 Speaker 1: of attack. If criminals see that ransomware can make them money, 282 00:18:46,200 --> 00:18:49,600 Speaker 1: even if it only works one time out of five 283 00:18:49,640 --> 00:18:52,520 Speaker 1: times or anything like that, well that could be enough 284 00:18:52,560 --> 00:18:55,400 Speaker 1: to keep these attacks going. It's it's proven to work, 285 00:18:55,480 --> 00:18:58,119 Speaker 1: so they're going to keep doing it. So paying ransoms 286 00:18:58,160 --> 00:19:00,760 Speaker 1: really just ensures that more attack X will follow in 287 00:19:00,800 --> 00:19:07,080 Speaker 1: the future, maybe not directly against you, but definitely against others. Also, 288 00:19:07,160 --> 00:19:08,520 Speaker 1: another thing you need to keep in mind is the 289 00:19:08,600 --> 00:19:11,280 Speaker 1: victim can never be really sure that the criminal is 290 00:19:11,320 --> 00:19:14,800 Speaker 1: actually going to hand over the key needed to decrypt 291 00:19:14,800 --> 00:19:17,359 Speaker 1: the data. They could just take the money and run 292 00:19:17,800 --> 00:19:21,119 Speaker 1: and leave you with an encrypted system and then you 293 00:19:21,160 --> 00:19:24,240 Speaker 1: don't really have any options. You can try and decrypt it, 294 00:19:24,359 --> 00:19:29,280 Speaker 1: but like decryption programs can take a lot of computational 295 00:19:29,359 --> 00:19:31,879 Speaker 1: processing and a ton of time. This is one of 296 00:19:31,920 --> 00:19:36,640 Speaker 1: the things that quantum computers will completely transform in the future, 297 00:19:36,680 --> 00:19:40,719 Speaker 1: but we're not there yet. Well, criminals could do that. 298 00:19:40,840 --> 00:19:43,320 Speaker 1: It is risky for a criminal to just take the 299 00:19:43,359 --> 00:19:45,639 Speaker 1: money and run because if folks figure out who carried 300 00:19:45,680 --> 00:19:48,960 Speaker 1: out the attack, even if it's just like in general terms, 301 00:19:49,000 --> 00:19:52,160 Speaker 1: like you kind of know what hacker network was likely 302 00:19:52,240 --> 00:19:55,119 Speaker 1: responsible for the attack, well, that sends a message to 303 00:19:55,160 --> 00:19:58,320 Speaker 1: future victims that even if they pay the ransom, they'll 304 00:19:58,320 --> 00:20:00,479 Speaker 1: still get stuck. So there's no point in hang. So 305 00:20:01,480 --> 00:20:04,480 Speaker 1: criminals are not likely to hold back on it, but 306 00:20:04,560 --> 00:20:07,919 Speaker 1: it is a possibility still. It's always a bad idea 307 00:20:08,119 --> 00:20:11,600 Speaker 1: to really pay the ransom, but it can be difficult 308 00:20:11,600 --> 00:20:15,600 Speaker 1: to hold off. Criminals like to target companies and organizations 309 00:20:15,640 --> 00:20:20,320 Speaker 1: that have critical sensitive data on them, which obviously ups 310 00:20:20,359 --> 00:20:24,240 Speaker 1: the stakes considerably. So hospitals and other healthcare facilities are 311 00:20:24,280 --> 00:20:29,000 Speaker 1: frequent targets because there are literal life and death situations 312 00:20:29,000 --> 00:20:32,679 Speaker 1: connected to that data. It is not easy to deny 313 00:20:32,720 --> 00:20:36,600 Speaker 1: a ransom. When you think that people's lives literally hold 314 00:20:36,800 --> 00:20:41,320 Speaker 1: in the balance, that's a difficult thing to do. Um 315 00:20:41,359 --> 00:20:43,160 Speaker 1: The same can be said of a lot of government 316 00:20:43,160 --> 00:20:47,159 Speaker 1: agencies that have really sensitive information that they need access to. 317 00:20:47,720 --> 00:20:52,280 Speaker 1: It is difficult to resist paying that ransom. There are 318 00:20:52,280 --> 00:20:54,560 Speaker 1: a lot of potential ways that ransomware can find its 319 00:20:54,560 --> 00:20:58,360 Speaker 1: way onto a system, from targeted attacks to more kind 320 00:20:58,359 --> 00:21:02,399 Speaker 1: of broad approaches, like a phishing scam can be a 321 00:21:02,480 --> 00:21:06,080 Speaker 1: very broadway to get ransomware onto machines. If you don't 322 00:21:06,080 --> 00:21:09,200 Speaker 1: know what fishing is, then you are a sweet summer child, 323 00:21:09,480 --> 00:21:11,680 Speaker 1: and I really hate to chip away at your innocence. 324 00:21:11,760 --> 00:21:15,480 Speaker 1: But a phishing attack is when criminals create what seems 325 00:21:15,520 --> 00:21:20,280 Speaker 1: to be a legitimate message, or legitimate website or email, 326 00:21:20,480 --> 00:21:23,280 Speaker 1: that kind of thing, but it actually directs people to 327 00:21:23,359 --> 00:21:26,840 Speaker 1: either voluntarily give up information that they should not give up, 328 00:21:27,280 --> 00:21:31,119 Speaker 1: such as like a bank account number and log in information, 329 00:21:32,080 --> 00:21:35,160 Speaker 1: or it will direct people to a link that will 330 00:21:35,760 --> 00:21:40,040 Speaker 1: have them download the malware. Okay, we've got a couple 331 00:21:40,119 --> 00:21:42,639 Speaker 1: more types to talk about, but before we get to that, 332 00:21:42,720 --> 00:21:54,840 Speaker 1: let's take another quick break. Okay, next up, we're gonna 333 00:21:54,880 --> 00:21:58,040 Speaker 1: talk about worms so not the squiggly little guys who 334 00:21:58,080 --> 00:22:00,600 Speaker 1: live in apples and that kind of thing. We're talking 335 00:22:00,640 --> 00:22:04,040 Speaker 1: computer worms. And a computer worm is malware designed to 336 00:22:04,119 --> 00:22:07,640 Speaker 1: replicate itself very quickly and then to spread across numerous 337 00:22:07,680 --> 00:22:10,440 Speaker 1: connected devices on a network. So it's only job really 338 00:22:11,040 --> 00:22:14,440 Speaker 1: is to replicate and infect, and to do that as 339 00:22:15,000 --> 00:22:17,840 Speaker 1: as widely and quickly as possible. So if one machine 340 00:22:17,840 --> 00:22:20,800 Speaker 1: on a network gets hit, others on that same network 341 00:22:20,800 --> 00:22:24,399 Speaker 1: are in immediate danger. But how does the initial attack happen? 342 00:22:24,480 --> 00:22:27,560 Speaker 1: How does the worm get on you know, patient zero 343 00:22:27,760 --> 00:22:30,760 Speaker 1: in the computer network. Well, unlike a virus, a worm 344 00:22:30,840 --> 00:22:34,400 Speaker 1: doesn't rely on a host file in order to execute 345 00:22:34,400 --> 00:22:37,119 Speaker 1: its attack, So this isn't a case where a file 346 00:22:37,280 --> 00:22:39,639 Speaker 1: like a PDF or something happens to be carrying a 347 00:22:39,680 --> 00:22:44,000 Speaker 1: worm as well. The worm can infect through a direct download, 348 00:22:44,560 --> 00:22:46,840 Speaker 1: or it can be injected through some other means, such 349 00:22:46,880 --> 00:22:49,480 Speaker 1: as on a USB drive. By the way, just in 350 00:22:49,520 --> 00:22:53,760 Speaker 1: case you haven't heard this for a while, never connect 351 00:22:54,160 --> 00:22:58,280 Speaker 1: some found USB drive to your computer. You never know 352 00:22:58,760 --> 00:23:02,240 Speaker 1: if the drive on that USB drive has some executable 353 00:23:02,240 --> 00:23:07,280 Speaker 1: code on it that's just waiting to infect a network. Anyway, 354 00:23:07,520 --> 00:23:10,919 Speaker 1: once the worm is on an infected system, it copies 355 00:23:10,960 --> 00:23:13,920 Speaker 1: itself and sends those copies to other machines on the network, 356 00:23:14,200 --> 00:23:17,600 Speaker 1: all with the goal of disrupting operations and or destroying 357 00:23:17,680 --> 00:23:22,280 Speaker 1: data in the process. So those are also bad news. 358 00:23:23,440 --> 00:23:26,199 Speaker 1: The next two types of malware are very similar, so 359 00:23:26,240 --> 00:23:29,919 Speaker 1: we're just gonna put them together. We're talking spyware and 360 00:23:30,080 --> 00:23:34,000 Speaker 1: add ware. So spyware, as the name suggests, is this 361 00:23:34,080 --> 00:23:36,800 Speaker 1: malicious software that runs in the background on a machine, 362 00:23:37,200 --> 00:23:40,879 Speaker 1: real secret like, and then it sends information back to 363 00:23:40,920 --> 00:23:43,720 Speaker 1: a remote user. You heard me talk about this kind 364 00:23:43,720 --> 00:23:47,800 Speaker 1: of with the trojan viruses. Spyware can be delivered via 365 00:23:47,880 --> 00:23:53,879 Speaker 1: trojan and the whole purpose is to send sensitive information 366 00:23:53,960 --> 00:23:57,800 Speaker 1: back to the criminal. So spyware can also include specific 367 00:23:57,840 --> 00:24:01,080 Speaker 1: stuff like key loggers. These are programs that, as the 368 00:24:01,119 --> 00:24:05,640 Speaker 1: name suggests, record or log every single key stroke made 369 00:24:05,720 --> 00:24:09,320 Speaker 1: on a computer, so the criminal back home can use 370 00:24:09,320 --> 00:24:12,120 Speaker 1: that information to figure out stuff like log in credentials, 371 00:24:12,760 --> 00:24:17,200 Speaker 1: you know, banking information, all sorts of stuff. Well made 372 00:24:17,240 --> 00:24:20,719 Speaker 1: spyware will not alert the target that something is wrong. 373 00:24:21,960 --> 00:24:26,200 Speaker 1: It doesn't necessarily impact computer performance that much, at least 374 00:24:26,240 --> 00:24:29,040 Speaker 1: not to a noticeable degree. So the goal is to 375 00:24:29,080 --> 00:24:32,520 Speaker 1: stay under the radar for as long as possible to 376 00:24:32,600 --> 00:24:35,120 Speaker 1: get as much information as possible. This, by the way, 377 00:24:35,200 --> 00:24:38,000 Speaker 1: is why I say that James Bond is a terrible, 378 00:24:38,119 --> 00:24:41,200 Speaker 1: terrible spy. I mean the guy goes around and introduces 379 00:24:41,240 --> 00:24:45,200 Speaker 1: himself everywhere he goes. He violates like rule number one 380 00:24:45,280 --> 00:24:49,600 Speaker 1: of spy ishness, so that spyware. But then what is 381 00:24:49,640 --> 00:24:54,080 Speaker 1: adwere well, similar to spyware, adware monitors your computer use, 382 00:24:54,160 --> 00:24:58,120 Speaker 1: but instead of using the information to steal your personal 383 00:24:58,280 --> 00:25:02,480 Speaker 1: details or gain access to your accounts, adware is spying 384 00:25:02,520 --> 00:25:07,359 Speaker 1: on you in order to serve up more applicable ads 385 00:25:07,480 --> 00:25:11,800 Speaker 1: to you. This can include stuff like even hijacking your 386 00:25:11,800 --> 00:25:15,240 Speaker 1: web browser so that when you open up your web browser, 387 00:25:15,280 --> 00:25:18,840 Speaker 1: your homepage is no longer whatever it was before, but 388 00:25:18,920 --> 00:25:22,000 Speaker 1: now it goes to some other site that's connected to 389 00:25:22,040 --> 00:25:26,040 Speaker 1: the adware creators or their distributors. This can also lead 390 00:25:26,119 --> 00:25:29,760 Speaker 1: down pathways to other types of malware, so adware, while 391 00:25:29,880 --> 00:25:33,399 Speaker 1: it is not necessarily malicious on its own, can lead 392 00:25:33,920 --> 00:25:38,600 Speaker 1: you to downloading stuff that is malicious. Um and as 393 00:25:38,680 --> 00:25:42,440 Speaker 1: much nastier machines can also get bogged down with adware. 394 00:25:42,800 --> 00:25:46,080 Speaker 1: So even if it's not outright malicious, if a lot 395 00:25:46,119 --> 00:25:49,000 Speaker 1: of different adware gets on your computer, it can start 396 00:25:49,040 --> 00:25:54,359 Speaker 1: to affect your computer's performance over time. So because it 397 00:25:54,440 --> 00:25:58,680 Speaker 1: has been used for malicious purposes, because it's often part 398 00:25:58,680 --> 00:26:03,560 Speaker 1: of the the entire strategy of attack that that criminals 399 00:26:03,560 --> 00:26:08,560 Speaker 1: are using, it gets lumped in as a version of malware, 400 00:26:08,960 --> 00:26:14,680 Speaker 1: so it's it's not necessarily malicious, but it's used frequently 401 00:26:14,760 --> 00:26:18,400 Speaker 1: enough to be included on lists of malware. And finally, 402 00:26:18,440 --> 00:26:22,600 Speaker 1: the last version we have is called fileless malware. Now, 403 00:26:22,600 --> 00:26:25,520 Speaker 1: as that name alright says, this malware is not attached 404 00:26:25,640 --> 00:26:28,840 Speaker 1: to some sort of file that you download off the internet. Instead, 405 00:26:29,640 --> 00:26:33,960 Speaker 1: this malicious code lives in computer memory, so as long 406 00:26:34,000 --> 00:26:37,000 Speaker 1: as the computer is on, the code can do whatever 407 00:26:37,000 --> 00:26:40,240 Speaker 1: it was designed to do. You know, malware does different 408 00:26:40,280 --> 00:26:44,600 Speaker 1: things depending upon the attackers goals, but it just lives 409 00:26:44,600 --> 00:26:47,480 Speaker 1: in your computer memory, which means that if you reboot 410 00:26:47,520 --> 00:26:52,840 Speaker 1: your computer, while rebooting clears computer memory. Right. Memory is volatile, 411 00:26:53,240 --> 00:26:56,280 Speaker 1: meaning that when you turn off your machine and then 412 00:26:56,320 --> 00:27:00,159 Speaker 1: turning back on, well, the memory has been wiped. It 413 00:27:00,240 --> 00:27:02,400 Speaker 1: was it was white clean as soon as you turned 414 00:27:02,440 --> 00:27:03,720 Speaker 1: it off, and when you turn it back on, you've 415 00:27:03,720 --> 00:27:07,000 Speaker 1: got a blank slate. That's good in the sense that 416 00:27:07,040 --> 00:27:10,879 Speaker 1: you could then eliminate the malware that was living in 417 00:27:10,920 --> 00:27:13,639 Speaker 1: your computer memory, but it also erases all trace of 418 00:27:13,720 --> 00:27:18,000 Speaker 1: the fileless malware, so it makes investigating and computer forensics 419 00:27:18,520 --> 00:27:23,600 Speaker 1: really challenging. There are ways, by the way, that cybercriminals 420 00:27:23,600 --> 00:27:29,520 Speaker 1: create to create persistent fileless malware, where then involves infecting 421 00:27:29,640 --> 00:27:33,359 Speaker 1: some element of your computers operating system so that every 422 00:27:33,400 --> 00:27:37,040 Speaker 1: time it boots up, it injects this malware back into 423 00:27:37,080 --> 00:27:40,480 Speaker 1: computer memory. So there are those versions as well. Those 424 00:27:40,520 --> 00:27:43,760 Speaker 1: obviously are easier to investigate because if you find that 425 00:27:43,760 --> 00:27:48,720 Speaker 1: that root code in the operating system, you know what's happening. 426 00:27:49,280 --> 00:27:52,520 Speaker 1: But how do you inject malicious code into computer memory 427 00:27:52,560 --> 00:27:54,960 Speaker 1: to start with? There are actually a lot of potential 428 00:27:54,960 --> 00:27:59,640 Speaker 1: delivery systems, including piggybacking onto other types of malware, so 429 00:28:00,600 --> 00:28:03,600 Speaker 1: that that's one possibility, But another one is to leverage 430 00:28:03,640 --> 00:28:08,399 Speaker 1: vulnerabilities in known legitimate pieces of software. These kind of 431 00:28:08,440 --> 00:28:12,879 Speaker 1: exploits allow criminals to lean on trusted code to deliver 432 00:28:13,040 --> 00:28:16,360 Speaker 1: malicious payloads, and we've seen an increase in that kind 433 00:28:16,400 --> 00:28:19,119 Speaker 1: of activity over the last couple of years. It's really insidious, 434 00:28:19,200 --> 00:28:23,320 Speaker 1: right because you trust the software. It's software from a 435 00:28:23,400 --> 00:28:27,720 Speaker 1: legitimate source. It is not designed to be malware. It's 436 00:28:27,800 --> 00:28:31,159 Speaker 1: maybe it's productivity software, maybe it's you know something, It 437 00:28:31,200 --> 00:28:34,720 Speaker 1: could even be something that your your organization has installed 438 00:28:34,840 --> 00:28:38,720 Speaker 1: onto your work computer. Right, you might not have had 439 00:28:38,800 --> 00:28:42,360 Speaker 1: any hand in that. But if there's a vulnerability in 440 00:28:42,400 --> 00:28:46,760 Speaker 1: there that has not yet been patched out, and a 441 00:28:46,800 --> 00:28:49,960 Speaker 1: criminal figures out how to exploit that to deliver payloads, 442 00:28:50,560 --> 00:28:53,120 Speaker 1: that can be the vector where you get things like 443 00:28:53,240 --> 00:28:57,600 Speaker 1: fouleless malware injected into machines. There's really nothing you can 444 00:28:57,640 --> 00:29:01,680 Speaker 1: do about it because the the solution is further up 445 00:29:01,720 --> 00:29:06,640 Speaker 1: the chain. It's over with the the designers of that 446 00:29:06,640 --> 00:29:09,880 Speaker 1: that software that's been exploited, and you need to get 447 00:29:09,920 --> 00:29:13,640 Speaker 1: an update patched out to fix that problem, and that's 448 00:29:13,640 --> 00:29:17,320 Speaker 1: not up to you most cases. So that's really the 449 00:29:17,320 --> 00:29:20,080 Speaker 1: breakdown of the different types of malware. As I mentioned, 450 00:29:20,600 --> 00:29:23,920 Speaker 1: the delivery systems for these attacks are varied. You can 451 00:29:23,960 --> 00:29:27,800 Speaker 1: get these types of malware in various ways. There's no 452 00:29:28,000 --> 00:29:32,040 Speaker 1: single vector that's used by each and they can also 453 00:29:32,080 --> 00:29:34,120 Speaker 1: be used in combination with one another. So how do 454 00:29:34,160 --> 00:29:37,720 Speaker 1: you protect yourself against all these kinds of malware? Well, 455 00:29:37,760 --> 00:29:41,000 Speaker 1: one thing to do is to practice good computer security etiquette, 456 00:29:41,440 --> 00:29:44,600 Speaker 1: which includes careful web browsing. That means, you know, you 457 00:29:44,640 --> 00:29:47,360 Speaker 1: make certain that the sites that you're visiting are legitimate 458 00:29:47,880 --> 00:29:50,080 Speaker 1: and you're not just clicking on random links that have 459 00:29:50,120 --> 00:29:53,000 Speaker 1: been sent to you from like strange email addresses or 460 00:29:53,080 --> 00:29:56,640 Speaker 1: messaging services or something like that, or even text messages. 461 00:29:56,680 --> 00:29:59,800 Speaker 1: I get a lot of uh spam text messages now 462 00:29:59,840 --> 00:30:03,800 Speaker 1: that are clearly attempting to get me to visit some 463 00:30:04,240 --> 00:30:07,800 Speaker 1: link and are a phishing scam. Uh. Same with email. 464 00:30:08,200 --> 00:30:12,280 Speaker 1: Gmail in particular, A lot of phishing attacks have been 465 00:30:12,360 --> 00:30:16,760 Speaker 1: coming to my Gmail address, and Gmail usually was pretty 466 00:30:16,760 --> 00:30:20,440 Speaker 1: good at weeding those things out, but every now and 467 00:30:20,480 --> 00:30:24,479 Speaker 1: then I get a new kind of slate of of 468 00:30:24,720 --> 00:30:30,240 Speaker 1: clearly clearly they're phishing attacks. They're not well made because 469 00:30:30,480 --> 00:30:34,479 Speaker 1: if you even just look at the scent field, like 470 00:30:34,600 --> 00:30:37,400 Speaker 1: who these emails are going to, you'll see like, oh, 471 00:30:37,480 --> 00:30:40,560 Speaker 1: they're literally just doing a dictionary attack of email addresses, 472 00:30:40,600 --> 00:30:43,640 Speaker 1: and mine just happens to be in that list. So 473 00:30:43,720 --> 00:30:46,960 Speaker 1: this is not some sort of personalized message, but it 474 00:30:47,080 --> 00:30:51,040 Speaker 1: is a way of trying to cast a very wide 475 00:30:51,080 --> 00:30:53,760 Speaker 1: net and at least get a few bites where I 476 00:30:53,760 --> 00:30:57,200 Speaker 1: guess that's mixing metaphors. But if you catches in that 477 00:30:57,360 --> 00:31:01,320 Speaker 1: in that effort um. But that's not the only thing 478 00:31:01,360 --> 00:31:03,280 Speaker 1: you need to think about when it comes to good 479 00:31:03,280 --> 00:31:07,640 Speaker 1: computer security etiquette. Another is being super careful about who 480 00:31:07,680 --> 00:31:11,120 Speaker 1: you allow to access your physical computer, because a lot 481 00:31:11,160 --> 00:31:14,719 Speaker 1: of the quote unquote hacking attacks that we hear about 482 00:31:15,160 --> 00:31:18,680 Speaker 1: are not actually the result of some hoodie wearing hacker 483 00:31:18,800 --> 00:31:21,720 Speaker 1: wearing fingerless gloves and tapping away on a keyboard in 484 00:31:21,760 --> 00:31:25,120 Speaker 1: a dark room somewhere, their face only lit by the 485 00:31:25,160 --> 00:31:29,040 Speaker 1: screen across from them. Instead, a lot of the hacking 486 00:31:29,040 --> 00:31:31,640 Speaker 1: attacks are carried out by people who just get physical 487 00:31:31,680 --> 00:31:35,080 Speaker 1: access to machines. Typically they do this by posing as 488 00:31:35,120 --> 00:31:38,840 Speaker 1: someone like an I T professional who comes around and says, Oh, 489 00:31:38,880 --> 00:31:41,840 Speaker 1: I need to update your computer with this new security 490 00:31:41,840 --> 00:31:46,040 Speaker 1: package or new software update, something like that. That's a 491 00:31:46,160 --> 00:31:49,600 Speaker 1: very common way to get access to a machine. So 492 00:31:49,640 --> 00:31:54,480 Speaker 1: it's always vitally important to verify that someone who's claiming 493 00:31:54,960 --> 00:31:57,600 Speaker 1: to be updating your machine is actually who they say 494 00:31:57,600 --> 00:32:00,360 Speaker 1: they are, that they are authorized to do this before 495 00:32:00,360 --> 00:32:04,160 Speaker 1: you allow it to happen, because countless attacks start through 496 00:32:04,480 --> 00:32:08,480 Speaker 1: this very kind of social engineering, rather than you know, 497 00:32:08,600 --> 00:32:10,920 Speaker 1: trying three times to guess the password and getting it 498 00:32:11,000 --> 00:32:14,480 Speaker 1: right on the third time. Anti virus software is also 499 00:32:14,480 --> 00:32:18,320 Speaker 1: an important piece um. This kind of software can affect 500 00:32:18,360 --> 00:32:22,360 Speaker 1: computer performance during scans in particular, and I know that 501 00:32:22,400 --> 00:32:26,080 Speaker 1: gets frustrating, but it's still a good idea to have it. Essentially, 502 00:32:26,120 --> 00:32:30,360 Speaker 1: anti virus software typically refers to a library of known 503 00:32:30,520 --> 00:32:35,280 Speaker 1: malicious code. So there's this growing database of all the 504 00:32:35,360 --> 00:32:37,600 Speaker 1: kinds of malware that have been found out in the 505 00:32:37,680 --> 00:32:42,760 Speaker 1: wild and identified by various security experts. So that library 506 00:32:43,080 --> 00:32:46,560 Speaker 1: is updated frequently. No matter which anti virus software you're 507 00:32:46,840 --> 00:32:50,320 Speaker 1: you're subscribed to or using, they are relying on a 508 00:32:50,360 --> 00:32:53,600 Speaker 1: library like this. Some of them are updated more frequently 509 00:32:53,680 --> 00:32:56,080 Speaker 1: than others. Some of them are better and have more 510 00:32:56,080 --> 00:33:00,400 Speaker 1: examples than others because new code is constant a being 511 00:33:00,520 --> 00:33:04,040 Speaker 1: churned out as far as malware is concerned. So your 512 00:33:04,040 --> 00:33:08,840 Speaker 1: antivirus programs scans your computer for evidence of these examples 513 00:33:08,840 --> 00:33:11,840 Speaker 1: of known malicious code, and if it finds one, it 514 00:33:11,880 --> 00:33:15,320 Speaker 1: will sequester and isolate that code to mitigate any harm, 515 00:33:15,560 --> 00:33:18,720 Speaker 1: and often will automatically remove the code as well. Some 516 00:33:18,840 --> 00:33:21,800 Speaker 1: programs might actually require you to give the command to 517 00:33:21,880 --> 00:33:26,400 Speaker 1: remove the malware, but it will isolate it so that 518 00:33:26,480 --> 00:33:29,280 Speaker 1: it can't do any more harm. And I know that 519 00:33:29,320 --> 00:33:33,280 Speaker 1: a lot of antivirus programs can get expensive. Goodness knows 520 00:33:33,600 --> 00:33:36,560 Speaker 1: that they can really be obnoxious. Once your subscription is 521 00:33:36,560 --> 00:33:38,720 Speaker 1: starting to get close to the end, you'll just get 522 00:33:38,800 --> 00:33:42,320 Speaker 1: notification after notification of hey, your protection is expiring, do 523 00:33:42,360 --> 00:33:45,160 Speaker 1: you want to renew? But they really are a good 524 00:33:45,160 --> 00:33:50,000 Speaker 1: component for computer security. UH. They're also free antivirus programs 525 00:33:50,000 --> 00:33:53,000 Speaker 1: out there, and you know they vary in quality, but 526 00:33:53,120 --> 00:33:56,240 Speaker 1: really some protection is better than no protection at all. 527 00:33:56,360 --> 00:34:00,640 Speaker 1: So if you can't afford to subscribe to a like 528 00:34:01,520 --> 00:34:06,240 Speaker 1: big name UH provider like Caspersky or Norton or something 529 00:34:06,280 --> 00:34:09,640 Speaker 1: like that, then you can at least look for a 530 00:34:09,680 --> 00:34:15,040 Speaker 1: good free anti virus suite out there. Also, would the 531 00:34:15,080 --> 00:34:17,560 Speaker 1: operating system that you use on your device will be 532 00:34:17,600 --> 00:34:20,160 Speaker 1: a big factor as to whether or not you should 533 00:34:20,200 --> 00:34:22,919 Speaker 1: really have anti virus on there. I I honestly think 534 00:34:22,960 --> 00:34:27,040 Speaker 1: that for pretty much any device outside of iOS, you 535 00:34:27,080 --> 00:34:30,399 Speaker 1: need anti virus. iOS you really don't, but everything else 536 00:34:30,440 --> 00:34:34,440 Speaker 1: you you kind of do. However, that being said, if 537 00:34:34,480 --> 00:34:38,120 Speaker 1: you use a Windows based machine, you absolutely should have 538 00:34:38,160 --> 00:34:41,440 Speaker 1: antivirus software on there. And the reason is not because 539 00:34:41,440 --> 00:34:46,800 Speaker 1: Windows is just inherently more vulnerable than other platforms. Although 540 00:34:47,280 --> 00:34:50,799 Speaker 1: you know mac OS is locked down pretty tightly. It's 541 00:34:50,880 --> 00:34:54,640 Speaker 1: because there are more Windows based machines out there than 542 00:34:54,680 --> 00:34:58,080 Speaker 1: anything else, which in turn means that when criminals are 543 00:34:58,120 --> 00:35:01,920 Speaker 1: designing malicious software, they want to have the biggest impact 544 00:35:01,920 --> 00:35:05,080 Speaker 1: they can possibly have, So they're going to be programming 545 00:35:05,120 --> 00:35:08,399 Speaker 1: their malicious software for the platforms that are the most 546 00:35:08,440 --> 00:35:11,920 Speaker 1: plentiful out there. When it comes to things like personal 547 00:35:11,920 --> 00:35:15,960 Speaker 1: computers and work computers, that tends to be Windows based machines. 548 00:35:16,440 --> 00:35:19,760 Speaker 1: So when you know that most of the malicious software 549 00:35:19,760 --> 00:35:22,239 Speaker 1: out there is being written for Windows devices and you 550 00:35:22,320 --> 00:35:25,040 Speaker 1: use a Windows device, then in turn tells you you 551 00:35:25,040 --> 00:35:28,680 Speaker 1: should probably have antivirus software installed on your machine just 552 00:35:28,800 --> 00:35:32,680 Speaker 1: because you're more likely to be a target. Um, but 553 00:35:32,719 --> 00:35:35,319 Speaker 1: you know there are other platforms out there and they 554 00:35:35,320 --> 00:35:38,640 Speaker 1: are not immune. Mac operating system, while it has a 555 00:35:38,680 --> 00:35:42,560 Speaker 1: great reputation because Apple really locks down its system and 556 00:35:42,640 --> 00:35:46,520 Speaker 1: makes it very difficult to gain access to it, there 557 00:35:46,520 --> 00:35:50,920 Speaker 1: are still examples of malware written specifically for Mac OS, 558 00:35:50,960 --> 00:35:54,560 Speaker 1: and they have been on the rise in recent years. Uh, 559 00:35:54,600 --> 00:35:58,040 Speaker 1: there were years where Apple was enjoying security through obscurity 560 00:35:58,080 --> 00:36:01,880 Speaker 1: to some extent, meaning the US there were so relatively 561 00:36:02,040 --> 00:36:06,680 Speaker 1: few Apple devices on the market malware authors weren't really 562 00:36:06,719 --> 00:36:10,680 Speaker 1: targeting those machines. But then but that that's no longer 563 00:36:10,680 --> 00:36:13,480 Speaker 1: really the case. And as I said, while Apple takes 564 00:36:13,520 --> 00:36:18,040 Speaker 1: a very lockdown approach compared to the much more open 565 00:36:18,640 --> 00:36:21,720 Speaker 1: approach to seeing things like Linux and Windows based machines, 566 00:36:22,280 --> 00:36:26,200 Speaker 1: it is not immune to malware. There are people who 567 00:36:26,239 --> 00:36:29,560 Speaker 1: still think that max are immune to malware. They are wrong, 568 00:36:30,000 --> 00:36:34,640 Speaker 1: so keep that in mind too. Anyway, that's the rundown 569 00:36:34,840 --> 00:36:37,919 Speaker 1: on the types of malware, and my my cry for 570 00:36:38,640 --> 00:36:42,480 Speaker 1: UH people to install antivirus software on their machines and 571 00:36:42,520 --> 00:36:45,640 Speaker 1: practice good computer security. There are other things you can do. 572 00:36:46,080 --> 00:36:50,200 Speaker 1: Having a firewall installed on your network is really important. 573 00:36:50,840 --> 00:36:54,840 Speaker 1: UM Using VPNs is a good idea too in many cases, 574 00:36:55,239 --> 00:36:58,879 Speaker 1: like the combination of VPNs and anti virus are good 575 00:36:58,880 --> 00:37:01,560 Speaker 1: ways to stay protected. Depending upon the nature of what 576 00:37:01,640 --> 00:37:04,279 Speaker 1: you do on your computer, you probably want to use 577 00:37:04,280 --> 00:37:08,480 Speaker 1: a VPN and anti virus software to protect yourself. This 578 00:37:08,560 --> 00:37:13,120 Speaker 1: includes companies that you know are allowing workers to work 579 00:37:13,120 --> 00:37:17,520 Speaker 1: remotely and deal with sensitive information that the company does 580 00:37:17,560 --> 00:37:22,439 Speaker 1: not want to leave company computers. These are important things 581 00:37:22,480 --> 00:37:25,920 Speaker 1: to keep in mind. So I just wanted to do that. 582 00:37:26,440 --> 00:37:28,200 Speaker 1: This was going to be a tech Stuff tidbits. But 583 00:37:28,239 --> 00:37:30,640 Speaker 1: we're coming up close to forty minutes at this point, 584 00:37:30,680 --> 00:37:33,880 Speaker 1: so once again I babbled too much. But if you 585 00:37:33,920 --> 00:37:36,280 Speaker 1: have suggestions for topics I should cover in future episodes 586 00:37:36,280 --> 00:37:40,240 Speaker 1: of tech Stuff, whether it's a technology personality and tech 587 00:37:40,840 --> 00:37:44,400 Speaker 1: maybe it's a specific gadget and it's evolution that you 588 00:37:44,400 --> 00:37:47,239 Speaker 1: would like me to talk about. Anything along those lines, 589 00:37:47,320 --> 00:37:52,480 Speaker 1: anything really tech oriented or how tech impacts us in 590 00:37:52,480 --> 00:37:55,600 Speaker 1: our lives, I'm happy to hear it. You can reach 591 00:37:55,640 --> 00:37:57,239 Speaker 1: out to me in a couple of different ways. One 592 00:37:57,280 --> 00:37:59,640 Speaker 1: way is to download the I Heart Radio app. It 593 00:37:59,760 --> 00:38:02,480 Speaker 1: is free to download, it's free to use. You can 594 00:38:02,560 --> 00:38:04,919 Speaker 1: navigate over to the tech Stuff part of the app 595 00:38:04,960 --> 00:38:07,839 Speaker 1: just by typing tech Stuff into the search field. There's 596 00:38:07,840 --> 00:38:10,279 Speaker 1: a little microphone icon there. If you click on that, 597 00:38:10,400 --> 00:38:13,360 Speaker 1: you can leave me a voice message up to thirties 598 00:38:13,440 --> 00:38:16,240 Speaker 1: seconds in length, and if you like, you can even 599 00:38:16,280 --> 00:38:19,040 Speaker 1: indicate if I can use the voice message in a 600 00:38:19,080 --> 00:38:21,839 Speaker 1: future episode of tech Stuff. I will never use any 601 00:38:21,960 --> 00:38:25,000 Speaker 1: voice message unless I get your express permission. You have 602 00:38:25,120 --> 00:38:29,160 Speaker 1: my word on that, because I mean, I know I 603 00:38:29,160 --> 00:38:33,520 Speaker 1: wouldn't want someone to play a message just because I 604 00:38:33,680 --> 00:38:37,760 Speaker 1: said something into a microphone unless I intended that message 605 00:38:37,760 --> 00:38:40,319 Speaker 1: to be played, which is a good thing considering what 606 00:38:40,400 --> 00:38:43,000 Speaker 1: I do for a living, or if you prefer not 607 00:38:43,120 --> 00:38:46,319 Speaker 1: to speak into a microphone, which is total legit. You 608 00:38:46,360 --> 00:38:49,480 Speaker 1: can still reach me on Twitter. The handle for the 609 00:38:49,520 --> 00:38:53,640 Speaker 1: show is tech Stuff hs W and I'll talk to 610 00:38:53,640 --> 00:39:02,680 Speaker 1: you again really soon. Text Stuff is an I Heart 611 00:39:02,760 --> 00:39:06,520 Speaker 1: Radio production. For more podcasts from I Heart Radio, visit 612 00:39:06,560 --> 00:39:09,600 Speaker 1: the i Heart Radio app, Apple Podcasts, or wherever you 613 00:39:09,719 --> 00:39:11,040 Speaker 1: listen to your favorite shows.