6. Malware Flashcards

1
Q

Virus

A

Attach to clean files, spread, and corrupt host files without user knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Worms

A

Standalone program replicating and spreading to other computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Trojans

A

Disguise as legitimate software, granting unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ransomware

A

Encrypts user data, demands ransom for decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Zombies and Botnets

A

Compromised computers remotely controlled in a network for malicious purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Rootkits

A

Hides presence and activities on a computer, and operates at the OS level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Backdoors and Logic Bombs

A

Backdoors allow unauthorized access, Logic bombs execute malicious actions when a certain condition is met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Keyloggers

A

Record keystrokes, capture passwords or sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Spyware and Bloatware

A

Spyware monitors and gathers user/system information.
Bloatware consumes resources without value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Boot Sector (Virus)

A

Stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Macro (Virus)

A

A form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Program (Virus)

A

Tries to find executables or application files to infect with malicious code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Multipartite (Virus)

A

A combination of a boot sector and a program
Able to load every time the computer boots up
can install itself in a program where it can be run every time the computer starts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Encrypted (Virus)

A

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Polymorphic (Virus)

A

Advanced version of an encrypted virus, but instead of just encrypting the contents it will change the virus code each time it is executed by altering the decryption module for it to evade detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Metamorphic (Virus)

A

Able to rewrite themselves entirely before it attempts to infect a given file

17
Q

Stealth (Virus)

A

A technique used to prevent the virus from being detected by the anti-virus software

18
Q

Armored (Virus)

A

Have a layer of protection to confuse a program or a person who’s trying to analyze it

19
Q

Hoax (Virus)

A

Form of technical social engineering that attempts to scare our end users

20
Q

Remote Access Trojan (RAT)

A

Malicious software disguised as a piece of harmless software that provides the attacker with remote control of a victim’s machine.

21
Q

Ransomware

A

Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker.

22
Q

Ring 3 (Outermost Ring)

A

Where user level permissions are used

23
Q

Ring 0 (Innermost ring)

A

Kernel mode

24
Q

Ring 1

A

Admin or root user of an operating system

25
Q

DLL Injection

A

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library.

26
Q

Dynamic Link Library (DLL)

A

Collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development.

27
Q

Shim

A

A piece of software code that is placed between two components and that intercepts the calls between those components and can be used to redirect them.

28
Q

Stage 1 Dropper or Downloader

A

Piece of malware that is usually created as a lightweight shellcode
that can be executed on a given system

29
Q

Dropper

A

Specific malware type designed to initiate or run other malware
forms within a payload on an infected host

30
Q

Downloader

A

Retrieve additional tools post the initial infection facilitated by a
dropper

31
Q

Shellcode

A

Broader term that encompasses lightweight code meant to
execute an exploit on a given target

32
Q

Stage 2: Downloader

A

Downloads and installs a remote access Trojan to conduct
command and control on the victimized system

33
Q

9 indicators of malware attacks

A

Account Lockouts, Concurrent Session Utilization, Blocked Content, Impossible Travel, Resource Consumption, Resource Inaccessibility, Out-of-Cycle Logging, Missing Logs, Published or Documented Attacks