Topic 2A Flashcards
(16 cards)
What is malware?
Malware is a software that enters a computer system without the user’s knowledge or consent and then
performs an unwanted and harmful action.
What are the 5 types of malware classifications?
Imprison, launch, snoop, deceive and evade.
What are the two types of imprison malware?
Ransomware: prevents a user’s device from functioning properly until a fee is paid. They usually pretend to be a law enforcement agency or software vendor displaying a warning that the license for the software has expired.
Cryptomalware: Imprisons users and encrypts all files on the device so that none of them can be opened. The price of the encryption key will increase every few hours or days. New variants of cryptomalware are able to encrypt all files on a network or attacked device connected to the computer.
What is a launch malware?
Its a malware that launches attacks from an infected computer to other computers. Launch malware includes virus, worm and bot.
What is a file based virus?
It is malicious code that attaches to a file, unloads its payload to perform a malicious action and self replicates by inserting code into other files without any human interaction.
What is a fileless virus?
Fileless viruses take advantage of native services and processes that are part of the OS to avoid detection and carry out attacks. It does this by directly loading into the computers random access memory.
What is a worm?
Worms use the computer networks to replicate themselves. They enter through the network and use vulnerabilities in applications or OS to delete files or allow for remote access to the computer by attackers.
What is a bot?
Computers infected by bots are places under remote control of an attacker. When bot computers are gathered into a logical computer network they create a botnet and receive instructions through a command and control structure from bot herders.
What is snoop malware?
Snoop malware includes spyware and keyloggers.
keyloggers capture and store the keystrokes of a user and can be used to search for useful information such as passwords and credit card info. Spyware is tracking software that gathers information on the device and the user.
What is deceive malware?
It attempts to deceive the user (think skyblock mods).
It includes trojans, which runs a program but also does something malicious in the back ground, and a remote access trojan which is like a trojan but gives unauthorized remote access to the victims computer using specially configured communication protocols allowing the threat agent unrestricted access.
What is evade malware?
malware that evades detection
examples: Backdoor. logic bomb, rootkit
Backdoor circumvents normal security protections.
Logic bomb is added to a legitimate program but stays dormant until triggered by a specific logical event.
Rootkits hide the presence of itself and other malware by making alterations to lower levels of the OS.
What are application attacks?
Looks for vulnerabilities in applications or manipulates applications to compromise them
What are cross-site scripting attacks?
It is tricking a valid website into feeding a malicious script to a user’s web browser, so that it accepts user input without validating it.
What are SQL injection attacks
Inserts statements which manipulate a database server by introducing malicious commands into them. Entering SQL statements as user input can allow for information to be manipulated and extracted from the database.
What is Cross-site request forgery?
CSRF uses auth tokens sent to users by a website. Users that are currently authenticated on a website can be tricked into loading another webpage, while inheriting the identity and privileges of the victim. This can allow for unauthorized bank transfers etc.
What is Server Site request forgery?
SSRF attacks exploit how web servers process external information received from other servers. Some web applications are designed to read information from or write
