Malware

Question 1

Malware

Answer 1

Software designed to infiltrate a computer system and possibly damage it, without the user’s knowledge or consent:
Viruses, Worms, Trojan horses, Ransomware, Spyware, Rootkits, Spam

Question 2

Virus

Answer 2

Malicious code that runs on a machine without the user’s knowledge and infects the computer when executed.
Boot Sector - stored in the first sector of a hard drive and are loaded into memory upon boot up.
Macro - embedded into a document and is executed when the document is opened by the user.
Program - infect an executable or application.
Multipartite - combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer.
Encrypted Virus
Polymorphic - advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection.
Metamorphic - virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)
Stealth
Armored - have a layer of protection to confuse a program or person analyzing it.
Hoax

Question 3

Worm

Answer 3

Malicious software, like a virus, but is able to replicate itself without user interaction.
Self-replicate and spread without a user’s consent or action.
Can cause disruption to normal network traffic and computing activities.

Question 4

Trojans

Answer 4

Trojan Horse - malicious software that is disguised as a piece of harmless or desirable software (perform desired functions and malicious functions)
Remote Access Trojan (RAT) - provides the attacker with remote control of a victim computer and is the most commonly used type of Trojan.

Question 5

Ransomware

Answer 5

Malware that restricts access to a victim’s computer system until a ransom is received.
Ransomware uses a vulnerability in your software to gain access and then encrypts your files.

Question 6

Spyware

Answer 6

Malware that secretly gathers information about the user without their consent.
Captures keystrokes made by the victim and takes screenshots that are sent to the attacker.
Adware - Displays advertisements based upon its spying on you.
Grayware - software that isn’t benign nor malicious and tends to behave improperly without serious consequences.

Question 7

Rootkits

Answer 7

Software designed to gain admin level control over a system without detection.
DLL Injection - malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime.
Driver Manipulation - an attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level; A shim is placed between two components to intercept calls and redirect them.
Rootkits are activated before booting the OS and are difficult to detect.

Question 8

Spam

Answer 8

Activity that abuses electronic messaging systems, most commonly through email.
Spammers often exploit a company’s open mail relays to send their messages.
CAN-SPAM Act of 2003.

Question 9

Summary of Malware

Answer 9

Virus - code that infects a computer when a file is opened or executed.
Worm - acts like a virus but can self-replicate.
Trojan - appears to do a desired function but also does something malicious.
Ransomware - takes control of your computer or data unless you pay.
Spyware - software that collects your information without your consent.
Rootkit - gains admin control of your system by targeting boot loader or kernel.
Spam - abuse of electronic messaging systems.