Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 2
2. Lecture-02: Identify Malware (Malicious Software).
Terminology identifies malware. What is malware? Malware means malicious software. Any program, any form, we call them malware. Which harm your system, your devices, your network, your services, we call them malware. And normally I give an example of these to all students. Malware is like bad people, you know. In the world you will face types of people. Maybe he is a good guy, and, maybe, he is a bad guy, and he will damage the society, he will steal things, he will kill people. Maybe, he will blast something, whatever you say. But at the end of the day, he is also human. We are also humans. We are of the same nature, same humans, but one human is doing something else, the other is doing something else. The same is malware, the same like a program – Word, Excel, Zoom, anything. Browser, PDF-program, anything like this one. But he is doing a bad thing. It will explode, it will steal, it will harm, it will damage your system and services. So, it is called a malware.
There are so many malwares. Basically, malware is an umbrella term. Many things come under this malware. There are viruses, worms, Trojans, rootkits, adware, scareware, logic bombs, etc. So, many things come under this category.
Let me on on the server that I can show you something as well. So, just give me a minute. Okay, so many things come under this malware. So, I just want to describe all this terminology one by one.
The first one is virus. What is virus? It is, basically, the executable file and it will look like a normal application, which I told you. You can never understand who is a good guy or a bad guy. When you are dealing with him, so, then you know he is a good guy or a bad guy. Virus is the same thing. It is like an executable file which exists in your system, and your services, and your network. It will not harm anything until and unless you activate them. Either there are some other application activated.
So, it’s like a human. Bad guy, but it will not damage you until you tease them. Maybe, you say, “Wow, what the hell are you?” And you will say something to him then. He is a bad guy. Otherwise, if you are not saying anything to him, he will not harm you. Like a dog. When a dog is in the door and when you pass away, and when you don’t tease it, so it will not say anything to you. But when you’re trying to tease it like to show something, definitely the dog will be activated. So, the same thing is a virus. It is an executable file. It will not activate under any other application in your system. Either you click on it to activate it to damage your system. So, we call them viruses. Okay, we know virus is just not executed, it will not be executed until and unless some application activates them either you.
Another one is adware. Adware means advertising-supported malware. Malware, we know, malicious software; and adware means and advertising malware. Basically, whenever you visit any website either on your system, it will pop up again and again, “Congratulations, you win this, you win this”, like this type of things. And when you click on it, they will ask you to pay something. Either they will say, “Activate this application to get your money in something.” So, it will steal your data, your credit card, or any other thing. Here we know because we are computer literate, but those we don’t know about anything computer and we just come up. So, definitely they will click on it and they will damage the system. So, it is called adware. If I go to a browser, maybe, I can show you. There is one website. If I remember the name… Geek pranker or something. Last time I showed it in order to talk to the guys. So, yeah, this one. So, it is like advertisement, like this one, it will show you. And a pop-up will come to you. So, when you click and you put your data like that, it can damage your system, download viruses to our system. There are so many things it can do. So, we call them adware.
Then another one is ransomware. Ransom money, you know, ransom in movies and when you kidnap something and you pay for it so they will return the person. So, we call them ransom money.
This is called ransomware, where we know mal is taken from the malware meaning malicious. So, again, this is a type of malware, which is called ransomware. And ransomware, there are few examples: CryptoLocker, CryptoWall, and WannaCry which was the more famous from Russia, WannaCry, one, which damaged the huge word in 2017.
So, what is ransomware? Basically, they will ask the money to pay. It will lock your device in such a way. Let me show you here. Look at it. So, your system will be not… Your every data will be encrypted. Until you put the key here, too, and they will ask the money, which you can address them, you will pay the money, and when you pay the money, okay, they will send you the key. It’s also not guarantee that they will send you. Like When WannaCry had dominated the server. So, they paid them huge money but some of them, they give them the key, but some of them, they do not give the key because they already took money from someone else to down their server, maybe, governmental websites. So, they didn’t even take the money from two sides, but whenever up to them. So, they will put the key and unlock it; and then you can use your system. This is called ransomware. And WannaCry was one of the famous one.
Yeah, you can use your system, you can reinstall Windows, an application you can use. But the data which is encrypted, it will be not, again, usable, neither you can recover them. Because when the data is encrypted, so it’s impossible and very difficult to recover it. Yeah, if it is normal data and it is deleted either something happens you can recover. There are so many things to recover. So, keep in mind. Maybe, you are thinking that you cannot use the system. No, you can use it, but you have to ferment the whole hard drive. Your data is gone and now you can reinstall operating system and can use. So, this is called ransomware.
And the next one, this is Trojan. Trojan is basically taken from that, maybe, you know, Trojan, Trojan horse. You remember this story, maybe, you already know the story of this Trojan. What happened? The Romans, they attacked on them and those in the end was not like item, bombing, those types that we have to attack someone. So, what they’ve done, basically, they have a wall, a big wall to protect a city. So, nobody was to enter them and attack on them, and they were protected as well from their dogs. So, what they do then. They made a Trojan like this one and they put an army inside a big Trojan and they put their army inside and they gifted it to those guys. So, they opened their door when they took them. So, at night, they opened the door. They came over from the Trojan and they attacked. In such a way they did their job.
So, this has been taken from Trojan. Trojan is also a malicious program, which appeared like a regular application, because in the end and they didn’t know this, and this was a gifted thing, they didn’t know that inside there was an army. So, from outside, it looks like something else, and inside there’s something else. So, this is taken from Trojan. Trojan appears like a regular application, but when you it, it will steal your data and will damage your system. It will unauthorizedly access your system. It can do many things you can do. And you can create a Trojan letter. In the course, if I remember, I will create and will show you practically.
Another one is worm. What is worm? Worm is also a malware just like a virus, but there is a small difference between virus and worm. Basically, virus will not activate, which I assure you, I told you, until you activate them either any other application activator. But worm will activate and replicate themselves automatically and it doesn’t require any application to activate them. This is the difference. And it will down your server, and will consume your bandwidth, and will cause your network, and then will distribute. If one system is infected is like a coronavirus, it will affect every family member. Automatically. Because it’s replicated automatically, it doesn’t require any activation. Okay, you know now this one.
Now going to spyware. Spy means to spy something, as we know. Spyware is also a common type of malware which will monitor your activities and will send to another person either any software. And normally when you download free application from Internet. So, it’s normally via-endorsed applications. So, you have to be careful about this one. So, it will spy your data, your credit card, and your bank detail, everything. Maybe, you download any free application. Okay, what they will do. So, whatever you type, because maybe you are working on your system. Suppose,, you are typing and not paid and you type your credit card number. Maybe, you are buying something from eBay, and you type your credit card number. Spyware will take your data. Okay, it will come, let me show if it is coming here. KeyLogger. No, this one has to show me, it will come after a while. Just to show you an application, it will come, so I will show you.
So, as behind the scenes running in your system, when you install something, so it will install automatically this spyware. And whenever you are doing something, it will send the detail to that guy. This is called spyware. So, it spies your detail, your credit card, your debit card, whatever you have, your sensitive data.
Another one is rootkit. So, rootkit is basically a combination of all those above, which I told you. And also, we use rootkit to get root access. Root basically means in Linux a route as like Administrator in Linux. Like in Windows, we have administrator, and in Linux we call them root. So, root basically is designed to get root access to your system. And if you have, suppose, an organization like a bank. Let me give an example of bank. In a bank and cash room, nobody can go there where the cash is there, we know the cash money. Money is there. So, not everybody is allowed to reach there. And, maybe, the bank manager can go there, either one or two more percent. But if you get a root access, i.e. administrative access, the manager access to reach there, this is called a root gate.
So, you can use any combination, spyware, malware, anything to reach to that level. Because if you get that malware like, oh, security guard exists, so you can do nothing because security guards are not allowed to go to cash room. They will say, “Why are you there without the manager permission?” So, it means we need such type of privileges, which we can reach to this specific room so we call them a rootkit.
And another is a keylogger. The keylogger is also a small application. When you install a free application, it will be activated behind your devices and whenever you type any keys on your system, it will be recorded like this one. So, let me go, I type one, I don’t know why it’s not coming there. Let me open it again, and I type these things. Ctrl C. No, let me open a new notepad. Suppose, I’m typing something, this I typed. So, basically, they’re going to basics and I’m showing you here, but it will be behind, you will not know anything about this, that there’s an application running. So, whatever I typed in the notepad. Okay, it’s not easy to come up here. So, when I click here, whatever I type here, it is there. I typed credit card number eby something here. Credit card number eby something. I typed, so it is here. And another notepad I open. So, whatever I type, it comes up here. Credit card eby and the other one will come later, a bit later. This one is great because this application is just to show you if it will be not like this in a top of the scale, it will be hidden. You don’t know anything. When you go to the browser and you buy something from eBay, I suppose, and you go to eBay and you type whatever here. Suppose, I typed www.google, whatever, so, this keylogger is behind the scene, this whatever you are typing, it’s storing those details, which I showed you here. And it will send to that guy. Whatever they’re using, any method, regardless of whatever you are doing in this screen capture. And even though this whatever I’m running is here and it will send the keylogger. Keylogger means whatever keystroke you type on your system, it will store those key and it will send them. And then that guy will analyze from their point, the same like this one. So, in this one, there is nothing but here I type a credit card reader to eBay and I get your credit card number and I can damage you. This is this is also a type of malware.
Another is scareware. As the name suggests scare to scare you and malware means malicious software. So, normally, if you are not computer literate, so a paper will come to you that there is a wireless is in your system by this antivirus and otherwise your system will be down in two minute or one minute or something.
So, you don’t know about the computer here because you are a computer engineer. We know this is just a fake something, but for those people, when they use a computer like H.R., I understand that people are any other people. They don’t know me in such a.
So, definitely they will be they will click on it. Okay. Two dollars. Okay, let me give them from my credit.
So, when they click on their went through this give to them and they saw my huge data will be lost from Exxon and what the hell I will do in Arizona position when the manager asked me where is this and find.
So, you scared them, this one.
So, this is a scare and this is another example of a. Logic bomb as well logic will trigger a response on an unspecified date and time will reach.
So, this is also a type of malware when you feel a time like an all. If you remember in XP, there was something happening 2000 to 2004 and XP. Because there was a logic bomb included in their.
So, in that time, breach automatically their weight aside, whatever you call it, didn’t do it in Milvia, so such terrible things. We call them Allergen one, which required a specific time between the speech and activated on their time. And let’s call them a larger bomb. Another moderate is more. It wasn’t just from two or more enemies bought and named network. Subordinate is basically a board and we’re doing everything we can whenever you say them, so they will do the same thing for you a little more. We call them. Subordinate is basically when you control some system on the Internet, maybe on Facebook, I will say that I am Mongul from you, okay? And I want to maybe you this is my picture. Just click on it when you click on it so it will control your system. It will control your system, which we call them a botnet, either Zambia. And then. What they will do, they will use your system to attack any other services.
So, at the end when somebody gets you, they will get you, not them. Because they are using your system to attack someone else because they think you want to control this guy, botnet or zombie. And they using so many methods, like a giant, like a Facebook chat room and so many things they will say this time this and this, I can give you a moneyless French Brandos in this thing. And when you send that, I will show you some other day. I will create a file and it is a small application and do the analysis and you can create new updates, something so mean. I will send a picture when you click on the picture in the background, there will be application. I will show you. Don’t worry, I. Just remind me some other day.
So, this is called botnet. This is also your type of malware to damage the system to Z, which is known for whatever. And last but not the least is some denial of services are either to be distributed denial of services. What is not denial of services mean the services will be deny. Nobody can access these services, so this means that we call them. Now. Let me see if my system is running okay, so that I can truly root through your.
So, this is called Denial-of-service System down this road, which is suppose a website, Facebook, dot com, Google dot com, YouTube dot com, and you send a huge traffic to make them known to the people will not access those services. We call them Denial-of-service. And for the dos and don’ts, what is the difference for those means you are using one single system to take on this or. Distributed denial of services, you are using so many soldiers to attack on the server to make them down, you are using so many. Client and for this client, maybe you are losing Bodney, you control many, many systems. And from the system, you are taking on a server.
So, this is a distributed denial of services. An example of are doing the right thing, their drug smuggler de DCP decreasing, flipping out, executing people living or dead before fluidic, ICMP flooding so many things out of the way. Let me show you one. Denial-of-service is our day, which is decreasing flooding our day. BCB seeing flooding our take means. You will only sink, but not will receive acknowledgement. Suppose, if somebody’s giving you that, suppose you have a shot and somebody come to you then to give me their secret. And when you move around to give them a secret, you disappear. Another person, Jim, and he will make you known in this way, many people are coming in, they said, give me the cigarette when you don’t down to give them the secret. He is not the sort of BCB is using three way handshake. But in decreasing flooding, you are just sending sink, but not receiving any acknowledgement in this way, the settlers will be moving around to give them the super secret box to someone. There is nobody else to receive them. And this year, the settlers will you will say what the hell is going on? Those people came to my shop and everybody said, give me that box up cigarette when I turn around to give them only one single, nobody was there. And this way I come down. I cannot do any I cannot provide the services.
So, this is a denial of services. Let me show you from here. Okay. I am a Web server running, which is as in server, okay? And by installing solar and this site, I have a new Linux route and the password is Tor. By Diffa. Okay. All of this expe is. Be config. One nine two two one six two and one one four one one three, and I believe this call and this is they are on the same network, so hopefully they the same might be. One thirty five, so XP is one thirty three, let me do this and be scintillating early, but before doing their one. Let me explain this. I can execute an hour, so let me go to one nine two one four four three. One one four three. What was the IP? One through three, sorry, the worst what I be one three three.
Sorry, HDTV. One one four three, so I can read you. I can reach to them to expose them so it’s not an issue. One one three. Let me create a single. From. This is sorry, this Carnelian makes. Don’t worry about if you don’t know about this one, just need to show you what’s going on in this one. No need of this one. And let me be there as a small screen. I assure these guys, as well and the other forces, this the script, it’s been weak and used to do this type of attack.
So, let me go to Colin in this. And. Best. Okay, so the IP is one thing to do. It’s being seen with the head with a flood of them. Okay, and if I do XP, let me show you one thing more from Wireshark. If there is a wilsher so I can assure you it will soon only sink bigger, not three way handshake. Okay, and let me do whatever they can to enter. Okay, still I extra symbolism after a while, it will dawn this is starting to look at is a bit slow now. Okay, and let me just Amul Bridge will be not accessible. It’s slow now because our take is going on, and after a while it pretty smart, but it’s not. If I stop this or after awhile it will be available. Control, see, okay. Now it’s come up, it’s come on this day, what’s going on, basically, this carnelian exists in being singular. Let me show you if I was stuck here. More two properties in the SA1, okay? And let me. On this one. Okay, and let me do DCP.
So, it’s okay now they will listen to the old record, assuming they will sing, to sing, sing, sing, sing, no acknowledgement, no, we need acknowledgement three way handshake. You know, if I missed this one, there will be a three way handshake. Yeah, the sing, sing, acknowledgment and acknowledgement. Let me show you.
So, this is the normal behavior. Now I will show you the other one.
So, this is the acknowledgement, okay? And this is singing. Okay, this is sing. This is sing acknowledgment. And this is the acknowledgement. These are the three way handshake. Now let’s do our take. What is the difference between this one, okay, and let me do it. I know this will be done, but you will see sing precarity eastaugh. Now this is a huge effort.
So, let me stop it and let me show you here. You will see sing sing quickly before we are receiving sing and sing acknowledgment and acknowledgment through dialogue its. And by the way otherwise you will see if it is Abusada you will see here only sing sing sing.
So, this will be sing. Let me on them and this will be on this. Or it was not accessible to the proper people. Uses.
So, this is a guy who doesn’t either. In no way to do it, let me out attention. Let me do another one, so let me go to here and Claude. We are, Michael, and this is outage, let me see if is a man. Don’t worry about this system, we’ll just never talk. This is just to show you how it is working. Let me okay, let me that right. Click on the cloud configuration and sure. Special it is and then it is basically networking.
So, let me take this one, okay? Two zero one. Okay, and let me move to Sara. Because I’m coming to you to here, let me be so the simplest way is easier to slash one IP address directly into mathematically from their cloud.
So, then I will do our work. Let me show you the amount of. He has one zero zero and still didn’t get the IP elsewhere. Interface easy to slash, one shouldn’t dominate things like this one, so. Now, kid, a student getting. Did I connect to the proper net, Claudia? Just one minute. And. Okay. Let me take another cloud of this cloud is not working, you can take from that cloud directly, Clearstream. It’s the same thing I would buy their way out of this way and zero one. Okay. Okay, now let’s see, I just need to verify the IP so that I can show you another. Okay, let me assign strategically for somebody in this marketing group, 192 168, and what is the range? Uh. If think so, our range is one one four. Okay, so let me go to one one for give them as opposed to a hundred two five five five five two five five zero no shirt and being denied being the carnelian excitement. Then we will do one ninety two one sixty eight one one four one thirty four Tiscali Lennix IP. You see this one one one four, one thirty five.
So, for some reason, I’m not reachable, okay? No issues. I mean, there is some issues, so let me do it here quickly. In my system. Okay, and let me start cuddliness. And make them. Naturally, you can use any interface. Okay, it is okay and start. Just to show you what is dusty. There are so many men there. Not only this, it is being dubbed Intertek. Okay, you can use their method to send a huge data being very far. It is not allowed on any file. I suppose if I being from here, supposing my bringing aid to it will get. It’s responding me, okay, but if I send a huge dish in, which is lenth okay and dish, sorry if I send those in record so it will not reply Hugel. And see why you are sending a huge idiota. You just want to change their name reachable, an so you can invite them to Dubai is why you are sending ten thousand to anybody for one week. This is by far the behavior I show them, these guys and 40 year old Pallotta firewall. Industrial production profile, if you guys remember, so you cannot put a huge. File size here, because this become like flipping or a better day, either ICMP day, so it’s not acceptable. We can move this material to hide the Sibiu and RAM and make down this hour, same as before, but for as a small Membrey, then you can use to store the one and you can see the flooding or either make flooding or take so many things to do it.
So, let me show you if it is on, let me take any street from here.
So, I did this doctor and let me connect to the cloud. Okay. By the way, let me show you two together and one switches when. Okay, and let me take this close to the switch and switch to router, and this one let me know that the Olympics is on and on.
So, this is Colin Lennix with the road and daughter of the pastor. Okay. And their time, what I can do, I can assign I agree to this to interface by be stupid because there is already a name on it. Okay, so just as easy as, you know, Aviator’s. You, Sepinwall, should have known, okay? So, I’ve been prophase believe it will get a VIP from the Earth after a while, which is one one full range of something.
So, let’s we’re. Yes, getting VIP now one on one for one thirty one, okay? So, an obvious strategy for the Arctic.
So, let me come in. Okay, and if anything, what is the idea of this one two one one four one 92? So, now let me go to here and there are so many utility, one of them is. Yashima. Yes, this is a utility where you can clear so many deck like a DCB floating out there, so many are due to be, but this time I will say really silly, silly, because they are running, too, if I should see my neighbor.
So, I have only one neighbor, which is sewage. And also if I use their shoes, you know, I have only one packet now you will see in the CBO show. Sure, prosy Sibiu.
So, my fee is zero percent using Lizzi, no limit to our from LanzaTech and flooding BP. Okay, now you will see this routon. C.P.U question simply work will increase if it is hurting. Let me see there for CBP and neighbor. Okay, so this is not a idea and that is going to the speech.
So, let me the switch and the broader, because this is going to be clear that it will come here, but it’s not coming to.
So, let me show you to be able to look at so many neighbors will come aboard as well. Let me stop there. Colonics. Assuming so many climb and pull down the mistyping control scene and shows you the traffic, huge traffic is out at this one. Let me clear them and show you again clear be control. Choosing to be nothing is important. Let me know, Nortec from Carly Lympics lingerie. Oh yeah. Are me. See you. You see you as well. For Rosie’s CPA to use only zero percent in one minute nine because our game was done before and last five minutes.
So, let’s do it again and again and we’ll do stretching again now is stuck in there because it’s inducing. And so let me stop. List of.
So, where is List of Danger Square now and let me say, this is the St. Charles. Do you guys come up now? So, the CBO is 100 percent utilized. And if I see anyone is to in two minutes, so it’s like a week earlier choosing be.
So, by the way, it has to show me so many traffic, well, as well let me send. Yeah, it’s been an not from traffic will be before CVP neighbor, you will see so many neighbors. Look, this is generated by e-mail, which we are used to all. To the history being flooding our data down the street in search warrant to search that outer. There is cemetaries, another one is make. How many markers is being let me clear this one. Clear, Chris. Interesting to me. Interesting little dynamic. It clear them and show me there is nothing new. It is the same way you another day, which we call them let me are dead from CMT of. McCarthyist guys, Makaha, Makov. Okay, it is done in this one, this studio you produce, da da da da da da.
So. A new limits removal. By the way, I got to show you make flooding, but unfortunately there attitude is that is not available here.
So. I believe it is a make or make of utility renewal time and enter there will flood the database. There will also be interest in so many others. Will just to show you a few examples. Let me stop this one.
So, this is denial, Denial-of-service Tanon, the Saroya. Do you know what the terminology is? okay.