1.2 Malware & common attacks Flashcards
What is a malware?
malicious software, can aim at gather information or take control of your computer and make it a botnet
What are the different type of malware?
- viruses
- crypto-malware
- worms
- trojan horse
- rootkit
- keylogger
- adware/spyware
- botnet
How to get a malware?
can be dl via a click on an email, or via web page pop up, or via a vunerability
What is a virus?
a malware that can reproduce itself through file systems or network
What is the different virus type ?
- program viruses (in applications)
- boot sector viruses (when the OS boot)
- script viruses
- macro viruses (inside a macro in microsoft office)
- fileless virus
What is a fileless virus?
type of malware that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.
How fileless malware work?
1/user click on malicious website link
2/ website exploit a vulnerability
3/ launch powershell and dl payloads in RAM
4/ run powershell script and exec in memory
What is a worm?
type of malware that self replicated and self spread through a network
How a worm can be detected?
by a firewalls and IDS/IPS before the infection, the worm should be signature based
What is a ransomware?
malware that employs encryption to hold a victim’s information at ransom
What is crypto malware?
same as ransomware, the data are encrypted and the ransom needs to be paid if you want the data back
How to protect against ransomware
- have a backup
- update OS
- update apps
- update antivirus/malware to get the latest signature
what is trojan horse?
software that pretend to be something else and in reality you are installing a malware, once it is inside in can open backdoor or dl file etc
what is a PUP
Potentially Uwanted Software that can be dl by a trojan (eg agressive browser toolbar, unwanted ad etc)
what is a backdoor?
can be open thans to a malware. It is a undocumented way of gaining access to a computer without having to redo the whole attack for the hacker. SOme software like Linux includ backdoor to the kernel
How to prevent a trojan?
- update antivirus with the lates signature
- have a backup
- don’t click on unknown link
What is a rootkit?
type of malware that give access and modify file on the kernel (and not the OS), it can be invisible
Is a rootkit can be identified?
yes some antivirus can and software that secure boot exists
what is a spyware?
type of malware that steals sensitive info and gather data. It can analyse the activity on internet and use keylogger to capture credential once the victim log in a website. It can be install via a trojan
how to protect against spyware/adware?
- antivirus/anti malware with latest signature
- know exactly what you are installing
- do backups
What are bots?
type of malware that infects a device to make it a bot remotely contolled by the hacker
what is botnets ?
a group of bots working toghether. It can be used to do DDos, relay spam, proxy network traffic
How to prevent for bot ?
- update OS
- update antivirus/malware
- identify an existing infection
- prevent command and control (block at firewall, IPS)
what is a logic bomb?
type of malware that is triggered when a logical condition is met such as after a number of transactions have been processed, or on a specific date. Difficult to spot cos logic bomb can delete themselves and no signature predefined in antivirus
