1.1 Compromise & Malware Flashcards
spyware
- spawn browser pop-up windows
- modify DNS (Domain Name System) queries attempting to direct user to other websites, often of dubious provenance
ransomware
type of Trojan malware that tries to extort money from victim
adware
browser plug-in displays commercial offers and deals
- some adware may exhibit spyware-like behavior, by tracking the websites a user visits and displaying targeted ads
crypto-malware
- class of ransomware that attempts to encrypt data files
- user will be unable to access files without obtaining the private encryption key, which is held by the attacker
botnet
set of computers that has been infected by a control program called a bot, that enables attackers to exploit the computers to mount attacks
Remote Access Trojan (RAT)
functions as a backdoor, and allows attacker to access PC, upload files, and install software on it
spyware
program that monitors user activity and sends info to someone else
- can occur with or without user’s knowledge
rootkit
backdoor malware that changes core system files and programming interfaces, so that local shell processes no longer reveal their presence
logic bomb
malicious program or script that is set to run under particular circumstances or in response to defined event, such as admin’s account becoming disabled
worm
type of virus that spreads through memory and network connections, rather than infecting files
mine
- scripted trap that runs in the event an account is deleted or disabled
- anti-virus software is unlikely to detect this kind of malicious script or program, so the security specialist would not be able to discover the script during an investigation
- mine would become known once it gets executed and causes damage
Remote Access Trojan
- functions as a backdoor
- allows attacker to access PC, upload files, and install software on it
- allow user to use computer in a botnet to launch Distributed Denial of Service (DoS) attacks
- can allow user to use computer in a botnet to launch mass-mail spam attacks
- must establish connection from compromised host to a Command and Control (C2 or C&C) host or network operated by attacker
tailgating
social engineering technique to gain access to a building by following someone else (or persuading them to “hold the door”)
T or F. While viruses can be removed with antivirus, if the files are encrypted, chances are they will not be recoverable
True
T or F. Keeping operating systems and applications up-to-date before an infection is vital to prevent getting infected in the first place
True