Malware Flashcards
What is a virus?
They spread by infecting other files or programs, often through email attachments or infected websites. Once activated, viruses can cause various types of damage, from corrupting files to disabling entire systems. The motivation for spreading malware can range from looking to make a profit to disrupting daily business activities. Sometimes, they are designed to shut down operations, and others attempt to extract information.
What is a trojan?
They are deceptive programs masquerading as legitimate software. Defenses have become increasingly sophisticated, and hackers, instead of attempting a full-on assault, will try to find alternative means of entering a system. This will often involve tricking legitimate users into downloading or installing the Trojan software, giving the attacker unauthorized access to the system. Trojans can be used to steal sensitive information, such as passwords or credit card details, or to create backdoors for future attacks.
What is a worm?
These pieces of code are standalone programs that can replicate and spread independently without needing a host file or program. They exploit vulnerabilities in network protocols to infect other systems, often causing network congestion or system crashes. Worms can also create botnets, networks of infected computers controlled by a central attacker. These can then be used to launch more direct attacks, such as Denial of Service, where a website is bombarded with network requests, reducing its ability to perform its function. Networks infected with worms will experience slower performance as their bandwidth is siphoned off to make the requests.
What is a signature?
A signature database is a digital store that contains definitions of known malware, allowing the software to compare files and processes on a computer against these signatures to identify potential threats. These signatures are created by security researchers who analyze malware samples and extract unique characteristics that can be used for detection. When the software scans a file or process, it compares its signature against the entries in the database to determine if it matches any known malware.
What is heuristic?
It is a rule crafted by an expert. For instance, if a web address has been linked to malware activity, one might write a rule blocking any traffic from this website. So the heuristic, similar to if/else rules found in coding, would say if the address is on the blacklist, then don’t let the traffic through. Otherwise, the traffic is allowed to pass. In other words, it is a clearly defined rule. Heuristics can help block unknown attacks as they are general rules of conduct rather than rules developed for a particular attack. However, they are not dynamic and will not change in the face of new behaviors detected
What is quarantined?
They are typically encrypted or compressed to ensure they cannot be executed or accessed. After quarantining the malware, the software provides the user with options for further action. This may include deleting the malware, attempting to clean and repair infected files, or sending the sample to the software vendor for analysis. The removal process aims to eliminate the malware from the system entirely, ensuring that it no longer poses a threat.
What is detonation chamber?
It is typically implemented within a virtual sandbox environment, providing a safe space for executing potentially harmful elements. One approach involves initiating Universal Resource Locator (URL) requests within this chamber to assess the behavior and impact of the suspected content without risking harm to the broader network. By executing URL requests within the detonation chamber, analysts can observe the network activity generated by the suspicious content. This allows them to identify any attempts by the malware to connect to external servers, download additional malicious files, or perform other harmful actions.
What is behavior-based detection?
Focuses on monitoring software behavior and identifying patterns indicative of malware. For example, if a program attempts to modify critical system files or access sensitive data without proper authorization, it may be flagged as potentially malicious.
