Malware

Question 1

Malware

Answer 1

Any software that is designed to infiltrate a computer system without the user’s knowledge.

Question 2

Threat Vector

Answer 2

Specific method used by an attacker to infiltrate a victm’s machine. Breaks into system.

Question 3

Attack Vector

Answer 3

A means by which an attacker gains access to a computer to infect the system with malware. Breaks into and infects system.

Question 4

Computer Virus

Answer 4

Malicious code is run on a machine without the user’s knowledge, and this allows for the code to infect the computer wherever it has been run.

Question 5

Boot Sector Virus

Answer 5

Stored in the first sector of the hard drive and then loaded into memory whenever the computer boots

Question 6

Macro Virus

Answer 6

A form of code that allows a virus to be embedded inside another document so that when the user is opening that document, the virus is executed.

Question 7

Program Virus

Answer 7

Tries to find executables or application files to infect with their malicious code.

Question 8

Multipartile virus

Answer 8

A combination of a boot sector type virus and a program virus. Even if someone finds the program part of the virus and cleans it out from within the OS, they may have missed the boot sector portion.

Question 9

Encrypted Virus

Answer 9

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software

Question 10

Polymorphic Virus

Answer 10

Advanced version of an encrypted virus, but instead of just encrypting the contents, it will actually change the virus’ code each time it is executed by altering the decryption model in order for it to evade detection.

Question 11

Metamorphic Virus

Answer 11

Able to rewrite itself entirely before it attempts to infect a given file. More advanced version of a polymorphic virus.

Question 12

Worm

Answer 12

Piece of malicious software, much like a virus, but it can replicate itself without any user interaction.

Question 13

Worm vs Virus

Answer 13

Worm - Can replicate itself without interaction from the user

Virus - Requires the user to take some action.

Question 14

Trojan

Answer 14

A piece of malicious software that is disguised as a piece of harmless or desirable software.

Question 15

RAT

Answer 15

Remote Access Trojan. This type of trojan is widely used by modern attackers because it provides the attacker with remote control of a victim’s machine.

Question 16

Best practices for preventing ransomware?

Answer 16

Conduct regular backups of critical data, files, and systems,

Installing regular software updates, especially to operating systems and antivirus

Provide security awareness training to the end users.

Implementing multi-factor authentication to systems to provide an added layer of security

Question 17

Rootkit

Answer 17

Type of software designed to gain administrative-level control over a given computer system without being detected. Seamlessly embed itself into the OS.

Question 18

Kernel mode

Answer 18

Allows a system to control access to things like device drivers, sound cards, and monitors. Designed to dig deeply into the OS.

Question 19

DLL Injection

Answer 19

The technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library. A DLL is a file type that contains code, resources, and data that can be shared between multiple programs; they are executed on demand and loaded into memory.

Question 20

Backdoor

Answer 20

Used to bypass the standard security and authentication function

Question 21

Logic Bomb

Answer 21

Malicious code that’s inserted into a program and will only execute when certain conditions have been met.

Question 22

Fileless Malware

Answer 22

Used to create in the system memory without relying on the local file system of the infected host.

Step 1: Droper or downloader. Lightweight shell code that can be executed on a targeted system.

Step 2: download and install a remote access trojan to command and control the victimized system.

Actions on objectives phase: threat actors execute primary objectives to meet core objectives (data exfiltration or file encryption).

Question 23

Dropper

Answer 23

Initiates or runs other malware forms within a payload on an infected host

Question 24

Downloader

Answer 24

Retrieves additional tools post the initial infection facilitated by a dropper

Question 25

Shellcode

Answer 25

Encompasses lightweight code meant to execute an exploit on a given target.

Question 26

Concealment

Answer 26

Used to help threat actors prolong unauthorized access to a system by hiding tracks, erasing log files, and hiding any evidence of malicious activities.

Question 27

Indicators of Malware Attacks

Answer 27

Account lockouts, blocked content, resource consumption, out-of-cycle logging, published or documented attacks, concurrent session utilization, impossible travel, resource inaccessibility, and missing logs.