Chapter 6 - Malware Flashcards
(35 cards)
Threat Vector
Vulnerabilities that COULD be exploited
Attack Vector
The way vulnerabilities WILL BE/WERE exploited (it’s a sequence of event)
Boot Sector Virus
Virus that boots up with the system
Marco (Virus)
performs a set of actions; it’s embedded in the document
Program Virus
looks for app files to attach to the app code, so that it opens up each time with the app
Multipartite Virus
With each system boot it looks for a program to attached itself to its code; can re-install itself with every boot
(BOOT+PROGRAM VIRUS)
Encrypted Virus
Virus of which malicious code is deciphered making it harder to find
Polymorphic Virus
Its code changes with each execution (instead of encrypting itself, its code changes)
Metamorphic Virus
More advanced polymorphic virus; rewrites the entire code
Stealth Virus
It’s a technique virus uses so it’s prevented from detection (e.g. encrypted virus, poly/metamorphic virus)
Armored Virus
focus on making analysis difficult for researchers and security programs (obfuscation techniques like encryption, compression, and code packing)
Hoax
It’s a social engineering technique meant to scare people
Worm
Oppositely to a virus it can replicate itself without human intervention (application) and spreads far and wide
Trojan
Disguised software that has malicious code along with the regular app of the code (is a virus APART from performing the expected tasks)
R.A.T
Remote Access Trojan - provides attacker with the remote access of victim’s machine
What are the methods to protect from ransomware?
1) Backups
2) Regular Updates
3) Staff training
4) MFA
How to act in an event of ransomware attack?
1) NEVER PAY
2) Disconnect from network
3) Notify authorities (unless the policy states otherwise)
4) Restore the backup
Zombie
A part of the BOTNET; it’s a compromised device
Botnet
A network of compromised devices (Zombies); controlled remotely
Command and Control Node (C-2 Node)
A device controlling the Botnet
What are Botnets used for?
1) Storing illegal content on victim’s machines (zombie devices)
2) Pivot points (enables lateral movement; acts a a middleman; data exfiltrated through a zombie) e.g. spreading through IoT devices through the network
3) Disguise in the events of attacks
4) Coin mining
5) Using the computing power to break encryption
6) DDoS (Mirai Botnet)
*often only 20-25% of computing power is used not to alarm the users
Rootkit
A software designed to gain admin level of permission (going from Ring 3 to Ring 0)
Kernel Mode
Operating in the “Ring 0” - highest permission level allowing access to drivers, sound cards, video displays etc.
Shim
Piece of software placed in between network components; shim can intercept and alter system behaviors like hiding files or bypassing security controls