1.1 Analyze Indicators of Compromise and Determine the Type of Malware Flashcards
What is the Malware or Malicious code ?
Malware or malicious code is any element of software that performs an unwanted function
from the perspective of the legitimate user or owner of a computer system.
How to Recognize a Specific Type of Malware ?
We can Naru Narurecognise Malware in the following ways..
a. Recognize Malware from given scenario
b. List of symptoms
c. Description of infection or compromise
d. How it reaches a system
e. How it infects the system.
What is a virus ?
A computer virus is a type of malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works.Viruses can execute and replicate themselves
What are the malicious activities performed by viruse ?
Data deletion,
Data Corruption
Data Alteration.
DoS Attack
What are Specific Virus Types.
Their are total 8 Types of Virus.
- Polymorphic viruses
- Macro Viruses
- Stealth Viruses
- Armored Viruses
- Retro Viruses
- Phage Viruses
- Companion Viruses
- Multipart or multipartite viruses
Define Virus Types ?
- Polymorphic viruses - Poly means multiple and morphic means form ,Polymorphic viruses have the ability to mask their own code using encryption in order to avoid detection by antivirus scanners.It change its signature.
- Macro Virus- Macro viruses live within documents or emails and exploit the scripting capabilities of productivity software.Nor enable macro in ms office
- Stealth viruses - Stealth viruses attempt to avoid detection by masking or hiding their activities.
- Armored Virus - Armored viruses Armored viruses are any form of malware that has been crafted to avoid
detection and make removal dif!cult.Use cryptography to avoid detection
5.Retroviruses Retroviruses are speci!cally targeted at antivirus systems to render them useless. - Phage Viruses - Infect different parts of system.Regenerate themself by unremoved parts.
- Companion Virus - A companion virus borrows the root filename of a common executable and then gives itself the .com extension in an attempt to get itself launched rather than the intended application.
- Multipart or multipartite viruses - Multipart viruses perform multiple tasks and may infect a system in numerous ways.Combination of two three viruses types is the multipartite.
What is Crypto-malware ?
Crypto-malware is any form of malware that uses cryptography as a weapon or a defense.Crypto as a weapon is seen in malware such as ransomware, while crypto as a defense is seen in malware such as polymorphic and armored viruses.Crypto-malware seeks out the encryption keys of encrypted storage devices and then discloses those keys to a remote attacker.
What is Ransomware ?
Ransonware is an Crypto-malware ,it encrypts
user data, in order to hinder its use while demanding payment.
What is a Worm ?
Worm is different from virus ,Worm is able to self replicate ,Its aim is to self replicate.It don’t require a host file or hard drive to infect.
What is a Trojan ?
A Trojan horse is a form of malicious software that is disguised as something useful or legitimate.common forms of Trojan horses are games and screensavers, but any software can be made into a Trojan.
What is a Rootkit ?
A rootkit is a special type of hacker tool that embeds itself deep within an operating system .It is a malicious code typically infects a operating system or kernel of OS,very difficult to detect ,It can do anything to system as legitimate user can do.Best practice is reinstall the os .
What is keylogger ?
A keylogger is a form of malware that records the keystrokes typed into a system’s keyboard.A keylogger infection might exhibit sluggish keyboard response, require typing keys twice to get them to be recognized by the system, and cause overall system performance
degradation.
What is Adware ?
Adware - displays pop-up advertisements to users based on their activities, URLs they have visited,
applications they have accessed, and so on. Adware is used to customize advertisements to prospective customers.
What is Spyware ?
Spyware is any form of malicious code that collects
activity about users without their direct knowledge or permission.The spy which website you visit ,capture keystrokes ,application you launch capture webcam or microphone
What is Bots ?
Computers infected with malicious software and controlled as a group without the owners’ knowledge,Botnets can be used to perform distributed denial-of-service attack (DDoS attack),A DDoS attack occurs when a hacker has deposited remote-controlled agents, zombies, or bots onto numerous secondary
victims and then uses the deployed bots as a single entity to attack a primary target or a server
