Week 4: Dealing with Malware
Essential Questions
- How do I know when something might not be right with my computer? Or my network?
- What can I do when my computer's been attacked? Or my network?
- What can I do to protect my computer from being attacked?
Big Ideas
A part of keeping your IT infrastructure secure is understanding the ways that your devices or network might be attacked. You know about the actions people can take to try to access information they shouldn't, like impersonation, phishing, spoofing, or other social engineering attacks. Software can also be used to attack devices, other software, or a network. You've probably heard of viruses, worms, and Trojan horses. These and other types of software that attack a system are best classified as malware, because they are used with malicious intent to do harm–to a device, a network, and even people.
It's not enough to know what types of malware there are, you need to understand how to use technology and behaviors to protect systems, note the symptoms of potential malware infections, and ultimately detect and remove malware. You should know the seven steps for malware removal that CompTIA has identified as best practices and be able to demonstrate you can follow them in different situations.
Using technology and behaviors to prevent infection of devices and networks by malware is a routine job IT support specialists have to perform. You may also be responsible for helping the people who use your devices, software, and network understand how they can help prevent malicious attacks and stay safe while they use common applications, like email and web browsers.
Connection to Student Lives
Hopefully you haven't been the victim of a software attack on a computing device you use, but chances are, you have been. Malicious attacks on computers and networks are so common that most people who use computers eventually have to address them at one point or another. Some can just be annoying, as they can slow down your device or crash applications. Others can have far-reaching consequences that can ruin multiple devices, shut down a network, or hold the information for an entire business or school system for ransom. The best action is prevention, and so you should know both technology tools and behaviors you and others should use to prevent malware from successfully reaching your device and wreaking havoc.
Framing Problem
What steps can you take to keep your IT infrastructure safe from malicious attacks and to recover from them when they occur?
Cornerstone Assessment
Students will configure anti-virus software for routine use. They should be able to list and follow the seven steps CompTIA has identified as best practices for malware removal and document their progress.
DPI Standards
- NCCTE.2020.II22.02.02 - Explain logical security concepts.
- NCCTE.2020.II22.02.04 - Detect, remove, and prevent malware using appropriate tools and methods.
- NCCTE.2020.II22.03.03 - Use best practice procedures for malware removal
- NCCTE.2020.II22.03.02 - Troubleshoot and resolve PC security issues.
A+ Standards
TOPIC 14A: Detect, Remove, and Prevent Malware
TOPIC 14B: Troubleshoot Common Workstation Security Issues
Knowledge
- Classifications for viruses, including boot sector, firmware, program, script, and macro viruses, the ways they can infect computers
- The difference between a virus and a worm
- General characteristics of a Trojan Horse
- The danger of a rootkit and how it functions
- Main sources of malware infection
- Best practices for malware removal
- Guidelines for reducing malware effects
- Common symptoms of malware infection, including performance symptoms, application crashes and service problems, and file system errors and anomalies.
- Symptoms spyware or adware
- How to handle hoax virus alerts and rogue antivirus attacks
- The pros and cons of email filtering and the ways they might operate, such as using whitelists and blacklists
- Symptoms of spam being sent from your IP
- Guidelines for troubleshooting common workstation security issues
Skills
- List and apply the seven steps for malware removal identified as best practice by CompTIA.
- Access websites to conduct research on the latest malware attacks.
- Remove, or explain, a virus manually using tools such as TaskManager, regedit, msconfig, or Windows Recover Environment (WinRE)
- Configure on-access scanning in security software
- Schedule regular scans in security software
- Configure security software for regular malware pattern and antivirus engine updates
- Follow the steps to prevent reinfection after DNS spoofing
- Inspect a firewall configuration and reset it, when necessary.
- Use WindowsDefender and test that it detects some known threats.
- Inspect the Event Viewer to detect potential malware infection.
- Determine whether a web site's digital certificate is trusted, highly trusted, or untrusted
Vocabulary
Detect, Remove, and Prevent Malware
Malware
Virus
- Boot sector viruses
- Firmware viruses
- Program viruses
- Script viruses
- Macro viruses
Worms
Trojan Horse
- Backdoor application
- Rootkit
Spyware
- Keylogger
Ransomware
Antivirus software (A-V) and Anti-malware software
- Heuristic
On-access scanning
Troubleshoot Common Workstation Security Issues
Redirection
Digital Certificate
- Certificate Authority (CA)
Spam
Email filtering
Weekly Map
Monday
Introduction to problem: Preventing, Detecting, and Removing Malware
Online Pre-assessment (available for student practice, as well)
Team meetings to develop project plan and goals (refer to Activity 14-4)
Tuesday
Review content resources with whole group: 14A: Detect, Remove, and Prevent Malware
Small group and independent exploration of resources
Activity 14-1: Discussing Detecting, Removing, and Preventing Malware Infections
Contribute to team project
Wednesday
Review content resources with whole group: 14B: Troubleshoot Common Workstation Security Issues
Hands-on exploration with IT professionals: Activity 14-2: Using Antivirus Software
Team progress check with supervisor (using project plan)
Thursday
Hands-on exploration with IT professionals: Activity 14-2: Using Antivirus Software
Activity 14-3: Discussing Troubleshooting Common Workstation Security Issues
Contribute to team project
Friday
Progress check with whole group: Activity 14-4: Identifying Security Protection Methods
Online post-assessment
Lesson Ideas
It can be difficult to simulate the range of malware attacks on a device, but that does not mean that students can't still apply the steps for malware removal by using tools built into Windows. They should memorize and be able to list the steps in order. Students can be given hypothetical situations that they use to internalize and work through the steps using a variety of tools. Students should document their progress to demonstrate their learning and for possible use in the Help Desk knowledge base.
Students should work individually or in pairs to configure anti-virus software, if they have adequate permissions from your IT department. Activity 14-2 can be used to guide students through these steps using Windows Defender. Their work should include configuring on-access scanning and setting up regular scans.
Students may also find it interesting to determine whether an organization's IP address appears on a blacklist using mxtoolbox.com or another web-based resource. They should understand that when a trusted IP appears on multiple blacklists it is a symptom that someone may be using it to send spam messages.
Potential Resources
The Official CompTIA A+ Core 1 & Core 2 Instructor Guide for Exams 220-1001 and 220-1002
- Topic 14A: Detect, Remove, and Prevent Malware (pp. 788-799)
- Activity 14-1: Discussing Detecting, Removing, and Preventing Malware Infections (pp. 800-801)
- Activity 14-2: Using Antivirus Software (pp. 802-805)
- Topic 14B: Troubleshoot Common Workstation Security Issues (pp. 806-811)
- Activity 14-3: Discussing Troubleshooting Common Workstation Security Issues (pp. 812-813)
- Activity 14-4: Identifying Security Protection Methods (p. 814)
ITProTV
Professor Messer at ProfessorMesser.com and YouTube offers numerous free videos of various lengths for many of the topics for the CompTIA 220-1001 A+ Exam. They are easy to understand, narrated videos with visuals. If you are teaching a CompTIA course, the site notes "You're welcome to use them as much as you'd like, provided you embed the videos with the associated YouTube link or link directly to my site. Please click the "Contact Us" link at the top of our web page and let me know how you're using them."
- Professor Messer's 220-1001 Core 2 CompTIA A+ Training Course videos on ProfessorMesser.com. Search or scroll to find the topics you're interested in.
Entry Level I.T. Training from Technology Gee
- Preventing Malware (Article | Video – 12:56)
- Malware Removal (Article | Video – 3:38)
- Logical Security Concepts (Article | Video – 5:34) – introduced previously
- Troubleshooting PC Security Issues (Article | Video – 2:08)
Microsoft Support
- Windows commands
- Remove malware from your PC in Windows 10
- Configure Microsoft Defender Antivirus scanning options
- Manage the schedule for when protection updates should be downloaded and applied
- Review event logs and error codes to troubleshoot issues with Microsoft Defender Antivirus
- Understanding Malware & other threats
Other Articles and Resources:
A Brief History of Malware by Mary Landesman for Lifewire