1.1 Compromise & Malware Flashcards
spyware
- spawn browser pop-up windows
- modify DNS (Domain Name System) queries attempting to direct user to other websites, often of dubious provenance
ransomware
type of Trojan malware that tries to extort money from victim
adware
browser plug-in displays commercial offers and deals
- some adware may exhibit spyware-like behavior, by tracking the websites a user visits and displaying targeted ads
crypto-malware
- class of ransomware that attempts to encrypt data files
- user will be unable to access files without obtaining the private encryption key, which is held by the attacker
botnet
set of computers that has been infected by a control program called a bot, that enables attackers to exploit the computers to mount attacks
Remote Access Trojan (RAT)
functions as a backdoor, and allows attacker to access PC, upload files, and install software on it
spyware
program that monitors user activity and sends info to someone else
- can occur with or without user’s knowledge
rootkit
backdoor malware that changes core system files and programming interfaces, so that local shell processes no longer reveal their presence
logic bomb
malicious program or script that is set to run under particular circumstances or in response to defined event, such as admin’s account becoming disabled
worm
type of virus that spreads through memory and network connections, rather than infecting files
mine
- scripted trap that runs in the event an account is deleted or disabled
- anti-virus software is unlikely to detect this kind of malicious script or program, so the security specialist would not be able to discover the script during an investigation
- mine would become known once it gets executed and causes damage
Remote Access Trojan
- functions as a backdoor
- allows attacker to access PC, upload files, and install software on it
- allow user to use computer in a botnet to launch Distributed Denial of Service (DoS) attacks
- can allow user to use computer in a botnet to launch mass-mail spam attacks
- must establish connection from compromised host to a Command and Control (C2 or C&C) host or network operated by attacker
tailgating
social engineering technique to gain access to a building by following someone else (or persuading them to “hold the door”)
T or F. While viruses can be removed with antivirus, if the files are encrypted, chances are they will not be recoverable
True
T or F. Keeping operating systems and applications up-to-date before an infection is vital to prevent getting infected in the first place
True
mitigate effects of keylogging
use a keyboard that encrypts the keystroke signals before they are sent to the system unit
logic bomb
malicious program or script that is set to run under particular circumstances or in response to a defined event
shoulder surfing
refers to stealing a password or PIN (or other secure information) by watching user type it
What type of malware could remove Explorer, Task Manager, and PowerShell from a user’s Windows computer?
rootkit
A support specialist runs a virus scan and finds a user’s computer to be compromised with a Trojan. The user suspects that the Trojan got installed while shopping online, and the specialist feels that the attacker likely captured transaction information. The specialist suggests which method to mitigate this type of attack in the future?
use keystroke encryption software
If a user’s computer becomes infected with a botnet, which of the following can this compromise allow the attacker to do? (Select more than one)
- launch a mass-mail spam attack
- launch a Distributed Denial of Service (DDoS) attack
- establish a connection with a Command and Control server
For an attacker to perform a Distributed Denial of Service (DDoS) attack, which of the following control programs would allow the hacker to compromise devices and turn them into zombies?
bot
An IT staff member used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user received pop-up ads, frequent crashes, slow computer performance, and strange services running when the staff member turns on the computer. What most likely happened to cause these issues?
The user installed Trojan horse malware
A few end-users contacted the cyber security department about browser pop-ups on their computer, and explained that some websites they visit redirect them to other sites they did not intend to navigate to. The security team confirmed the pop-ups and noted modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users’ computers?
spyware infected computers