Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ (SY0-601) TMM > Malware > Flashcards

Malware Flashcards

1
Q

Types of Viruses

A

Boot sector
Stored in the first sector of a hard drive and are loaded into memory upon boot up

Macro
Virus embedded into a document and is executed when the document is opened by the user

Program
Program viruses infect an executable or application

Multipartite
Virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer

Encrypted
Stealth
Armored (Have a layer of protection to confuse an analyst)
Hoax

Polymorphic
Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection

Metamorphic
Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Grayware

A

Software that isn’t benign nor malicious and tends to behave improperly without serious consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Rootkit

A

Software designed to gain administrative level control over a system without detection

DLL injection is commonly used by rootkits to maintain their persistent control

Rootkits are activated before booting the operating system and are difficult to detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Rootkits: DLL Injection

A

Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime

Occurs by the use of a shim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Rootkits: Driver Manipulation

A

An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level

Occurs by the use of a shim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Shim

A

A piece of software code that is placed between two components to intercept calls and redirect them

Malware authors can use shims to get around security features (like UAC) or to elevate privileges

Windows compatibility mode is an example of a shim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fileless Virus

A

Malware only running in memory

No artifacts left on the endpoint that can be detected with traditional file type-based tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Refactoring

A

The process of rewriting the internal processing of the code, without changing its external behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security+ (SY0-601) TMM (35 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions