Chapter 8 - Malicious Software Flashcards
Malicious software (malware)
any program that contains instructions that run on a computer system and perform operations that the user does not intend
How does malware attack all three tenets of cybersecurity
- Confidentiality - malware can disclose your organization’s private information
- Integrity - malware can modify database records, either immediately or over a period of time
- Availability - malware can erase or overwrite files or inflict considerable damage to storage media
System infectors
target computer hardware and software startup functions
File infectors
attack and modify executable programs
Examples of executable programs
COM, EXE, SYS, and DLL
Data infectors
attack document files containing embedded macro programming capabilities
Lifecycle of a virus
Virus is dormant -> the user transmits an infected object to another computer -> the virus locates and infects suitable objects on the new computer
Rootkits
malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised
Rootkits are…
difficult to detect and remove
Ransomware
attempts to generate funds directly from a computer user by limiting access to data through encryption
Spam
consumers computing resources bandwidth and central processing unit (CPU)
Why is spam dangerous?
Diverts IT professionals from more critical activities and may contain malware
Worms
self-contained programs designed to propagate from one host machine to another using the host’s own network system
How are worms different from viruses?
Unlike viruses, they do not require a host program to survive and replicate
Trojan horses
programs that masquerade as useful programs while hiding malicious intent
Trojan horses are…
the largest class of malware
How do trojan horses spread
through emails, website downloads, social networking sites, and bots
Logic bombs
programs that execute a malicious function of some kind when they detect certain conditions
Logic bombs can…
cause immediate damage or can initiate a sequence of events that cause damage over a longer period
Logic bombs typically originate from…
organization insiders because they have more detailed knowledge of the IT infrastructure
Active content
dynamic objects that do something when the user opens a webpage
Vulnerabilities of active content
Users inadvertently download bits of mobile code which gain access to the hard disk and do things like fill up the desktop with infected file icons
Add-ons
companion programs that extend the web browser
Malicious add-ons
browser add-ons that contain some type of malware
