Ch-3

Question 1

Types of malware

Answer 1

Ransomware - Takes control of host and demands ransom to release. Includes crypto-malware.
Trojans - Malware designed as a legitimate software.
Worms - Spread themselves
Viruses - Spread and multiply themselves
Rootkits - Designed to allow attackers backdoor access.

Question 2

Botnet C&C

Answer 2

Client-Server mode - All effected bots connect back to a host C&C. Typically connected via HTTPS for the obscurity and security.
Peer to Peer- Botnets connect to each other. Making it harder to take down a single C&C. Typically encrypted peer to peer traffic. Look for behavior-based patterns as well as large datasets.

Question 3

Types of viruses

Answer 3

Memory - remain in memory while the system is running

Non-memory - Execute and spread and the shutdown

Boot sector - Reside in the boot sector of a drive or storage media

Macro - Use macros or code inside word processing software or other tools to spread

Email - Spread via email as attachments or using flaws within the email client.

Fileless - Spread in typical ways, once in they inject themselves into memory and conduct further malicious activity, including the ability to reinfect the system at reboot. The only stored artifact of their life is the artifacts of their persistence techniques

Question 4

Malicious code

Answer 4

Can happen locally or remotely. They are scripts or custom built code that exploit PowerShell, bash, python, apps, plugins, and macros.
Defended by using ‘constrained language mode’, restricting macros, and restricting use of built-in programming tools.