1.1 Given a scenario, analyze indicators of compromise and determine the type of malware. Flashcards
Malware
Malicious software
Gather information - Keystrokes
Virus
Malware that can reproduce itself through file systems or the network
Program viruses
It’s part of the application
• Boot sector viruses - Who needs an OS?
• Script viruses - Operating system and browser-based
• Macro viruses - Common in Microsoft Office
Boot sector viruses
Virus type that undermines OS
Script viruses
Operating system and browser-based
Macro viruses
Common in Microsoft Office
Worms
• Malware that self-replicates
• Doesn’t need you to do anything
• Uses the network as a transmission medium
• Self-propagates and spreads quickly
• Firewalls and IDS/IPS can mitigate many worm infestations
BAD when they get inside
Worms Process
1. Infected computer searches for vulnerable system 2. Vulnerable computer is exploited 3. Backdoor is installedand downloads worm
• Personal data
- Important documents
* Family pictures and videos
• Organization data
- Planning documents
- Employee personally identifiable information (PII)
- Financial information
- Company private data
Ransomware
Hold your computer, data hostage
could be fake
security professional can help get rid of this type of malware
• Crypto-malware
New generation of ransomware
• Your data is unavailable until you provide cash
• Malware encrypts your data files
• Pictures, documents, music, movies, etc.
• Your OS remains available
• They want you running, but not working
• You must pay the bad guys to obtain the decryption key
• Untraceable payment system
• An unfortunate use of public-key cryptography
Ransomware Protection
an offline backup, ideally
• Patch those vulnerabilities operating system , applications security patches
antivirus/anit-malware signatures are up to date
Trojan horse
- Software that pretends to be something else
- Circumvents your existing security
- The better Trojans are built to avoid and disable AV
Backdoors
- Often placed on your computer through malware
- Some malware software can take advantage of backdoors created by other malware
- Some software includes a backdoor