Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security+ > 1 - IOC | Malware Types > Flashcards

1 - IOC | Malware Types Flashcards

1
Q

Where to look to determine if system is infected?

A

Memory, Registries, and Macros

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Characteristics of a Virus?

A
  • Attaches itself to other code and replicates - Replicates when an infected file executes and launches. Then it attaches to other files, adds its code to the application’s code, and spreads. - Infects other machines only if a user an another machine accesses an infected object and launches the code.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Resident Virus?

A
  • Resides in memory
  • Loaded each time the system starts
  • Can remain active even after any host program terminates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Non-Resident Virus

A
  • Once executed, this virus looks for target locally and across the network
  • Infects and exits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Boot sector virus

A
  • Placed into the first sector of the hard drive
  • Loads into memory when the computer boots
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Macro virus

A
  • Inserted into a Microsoft Office document
  • Uses the macro language and executes when the document opens
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Program and File Infecting Virus

A
  • Many common viruses are this
  • Infects executable program files and becomes active in memory
  • Seeks other files to infect
  • Easily indentified by their binary pattern, or signature, which works like a fingerprint.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Polymorphic Virus

A
  • Can change its form or signature each time its executed to avoid detection.
  • Can be hard to detect without an identifiable pattern or signature to match it.
  • Usually identified by heuristics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Heuristic Scanning

A

Examines the instructions running within a program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Armored Virus

A
  • Has a layer of protection that it can use against the person who tries to analyze it; it will thwart attempts by analysts to examine its code.
  • Tricks the program into thinking that it is located in a different place from where it actually resides.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Stealth Virus

A
  • Resides in memory
  • Uses various techniques to go unnoticed by antivirus programs.
  • Avoids detection by temporarily removing itself from an infected file or masking a file’s size.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Multipartite Virus

A
  • Infects executable files and also attacks the MBR (Master Boot Record) of the system.
  • If both tbe boot sector is not cleaned along with the infected files | the files can easily be infected again.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Characteristics of Worms

A
  • Self replicating
  • Doesn’t need a host file or user intervention
  • Commonly spreads through email, network, and Internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Characteristics of Ransomware

A
  • Attempts to hold a user’s information for monetary gain.
  • An evolved and more demanding form of “scareware”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Characteristics of Trojan Horses

A
  • Programs disguised as useful applications
  • Its capability to spread depends on the popularity of the software and a user’s willingness to download and install the software.
  • Can perform actions without the user’s knowledge or consent
  • Often classified by their payload or function.
  • Trojans can download other Trojans
  • Associated with backdoors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

RAT

A
  • Remote Access Trojan
  • Allow a remote attacker to take control of the targeted system.
  • When executed, a remote access Trojan provides a remotely accessible backdoor for an attacker to covertly monitor the system or easily gain entry
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

RootKits

A
  • Piece of software than can be installed and hidden on a computer mainly to compromise the system and gain escalated privileges
  • Hard to detect since it runs in the background
  • Can spot it by looking for memory proccesses, monitoring outbound communications, and checking for installed programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Kernel Rootkits

A
  • Modify the kernel component of an OS
  • Can intercept system calls passed to the kernel and filter out queries that the rootkit software generates
  • Can use encryption to protect outbound communications
  • Often piggyback on commonly used ports to communicate without interrupting other applications.
  • You can avoid rootkit by running Windows from an account with lesser privileges
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Logic Bombs

A
  • Virus or Trojan horse designed to execute malicious actions when a certain event occurs or after a certain period of time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Bot

A
  • An automated computer program that needs no user interaction.
  • Systems that outside sources can control.
  • otnet masters can perform tasks, gather information, and commit crimes while remaining undetected.
21
Q

Spyware

A
  • Software that communicates information from a user’s system to another party without notifying the user.
  • Spyware monitors user activity on the system, potentially including keystrokes typed, and sends this logged information to the originator.
22
Q

Adware

A
  • Type of spyware that pops up advertisements based on what it has learned about the user
23
Q

Social Engineering

A
  • The process by which an attacker seeks to extract useful information from users, often by just tricking them into helping the attacker.
24
Q

Reverse Social Engineering

A

An attacker provides information to the legitimate user that causes the user to believe the attacker is an authorized technical assistant.

25
Q

Phishing

A
  • An attempt to acquire sensitive information by masquerading as a trustworthy entity via electronic communication, usually email.
  • In most cases, the phisher must persuade the victim to intentionally perform a series of actions that provide access to confidential information.
26
Q

Spear Phishing

A
  • Targeted version of phishing.
  • Whereas phishing often involves mass emailing, spear phishing might go after a specific individual.
27
Q

Whaling

A
  • Whaling employs spear phishing tactics but goes after high-profile targets such as an executive within a company.
28
Q

Vishing

A
  • Also known as voice phishing.
  • The attacker uses fake caller ID to appear as a trusted organization and attempts to get the individual to enter account details via the phone.
29
Q

Smishing

A

Also known as SMS phishing, this attack uses phishing methods through text messaging.

30
Q

Pharming

A
  • This term is a combination of farming and phishing.
  • Pharming does not require the user to be tricked into clicking a link. Instead, pharming redirects victims to a bogus website, even if the user correctly entered the intended site.
  • To accomplish this, the attacker employs another attack, such as DNS cache poisoning.
31
Q

Tailgating

A
  • Involves piggybacking or following closely behind someone who has authorized physical access within an environment.
    • Tailgating involves appearing to be part of an authorized group or capitalizing on people’s desire to be polite.
32
Q

Impersonation

A
  • Impersonation is simply a method in which someone assumes the character or appearance of someone else.
  • The attacker pretends to be something he or she is not.
  • Impersonation is often used in conjunction with a pretext or invented scenario.
33
Q

Shoulder Surfing

A
  • Means looking over someone’s shoulder to obtain information.
  • Shoulder surfing includes any method of direct observation.
    • This could include, for example, locating a camera nearby or even using binoculars from a distance.
34
Q

Hoaxes

A
  • The attempt at deceiving people into believing something that is false.
  • Although they present a threat, the threat doesn’t actually exist
35
Q

Watering Hole

A
  • Where an attacker attacks a site that the target frequently visits.
    • The goal is often to compromise the larger environment—for example, the company the target works for.
36
Q

Principles of Influence (Reasons for Effectiveness)

A
  • Authority
    • Job titles, uniforms, symbols, badges, and even specific expertise
  • Intimidation
    • Not complying might have a negative impact
  • Consensus/Social Proof
    • Doing or believing what others around us believe
  • Scarcity | Urgency
    • Attempt to spur someone to act quickly on a request before giving the request more thought.
  • Familiarity | Liking
    • People tend to comply with requests from those whom they like or have common ground with.
  • Trust
    • Exposing trust
37
Q

IP Spoofing

A
  • Accomplished by modifying the source address of traffic or the source of information
38
Q

Spoofing

A

Method of providing false identity information to gain unauthorized access.

39
Q

MAC Spoofing

A

Spoofing the MAC address in order to gain access to a network.

40
Q

Blind Spoofing

A

The attacker sends data and only makes assumptions of responses.

41
Q

Informed Spoofing

A

The attacker can participate in a session and can monitor the bidirectional communications.

42
Q

Buffer Overflow

A
  • Causes disruption of service and data lost.
  • This condition occurs when the data presented to an application or service exceeds the storage space allocation that has been reserved in memory for that application or service.
43
Q

Integer Overflow

A
  • Integer overflow is another type of overflow
  • Programs that do not carefully account for integer overflows can result in undesirable behaviors and consequences.
  • Overflows present an opportunity for compromise using privilege escalation.
44
Q

Zero-Day Attack

A

A computer threat that tries to exploit computer app vulternabilities that are unknown to others or even the software developer

45
Q

Cross-Site Scripting (XSS)

A
  • Places a malicious client-side script on a website
  • Causes an unknowing browser user to conduct unauthorized access activities, expose confidential data, and log successful attacks back to the attacker without users being aware of their participation
  • XSS vulnerabilities can be used to hijack the user’s session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.
46
Q

Cross-Site Request Forgery (CSRF)

A
  • This attack causes end users to execute an unwanted action on a site they are already logged into.
47
Q

SQL Injection

A
  • Malicious code is inserted into strings that are later passed to a database server.
  • The SQL server then parses and executes this code.

Security+ (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions