CH02 Malware Flashcards
Virus Definition
Malicious code that runs on a machine without the user’s knowledge and infects the computer when executed.
Viruses require a user action in order to reproduce and spread
What is Boot Sector Virus?
viruses are stored in the first sector of a hard drive and are loaded into memory upon boot up.
What is Macro Virus?
Virus embedded into a document and is executed when the document is opened by the user
What is program virus?
Program viruses infect an executable or application
What is Multipartite virus?
Virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer
What is Encrypted Virus?
Uses cipher to encrypt the contents of itself to avoid detection by any antivirus software
What is Polymorphic virus?
Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection
What is Metamorphic virus?
Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)
What is Stealth virus ?
refers to a category of virus that protects itself. (Example: Encrypted, polymorphic, and metamorphic viruses)
What is Armored virus?
Armored viruses have a layer of protection to confuse a program or person analyzing it
What is Hoax ?
Tries to trick the user into infecting their own machine. May come in the form of a message or a website that pops up. It disguises itself and prompts users to call tech support telling them that their machine has been infected
What is worm?
Malicious software, like a virus, but is able to replicate itself without user interaction.
Worms can cause disruption to normal network traffic and computing activities
Example : 2009: 9-15 million computers infected with conficker
What is Trojans?
Malicious software that is disguised as a piece of harmless or desirable software
Trojans perform desired functions and malicious functions
What is Remote Access Trojan (RAT)?
Provides the attacker with remote control of a victim computer and is the most commonly used type of Trojan
What is Ransomware ?
malware that restricts access to a victim’s computer system until a random is received.
Ransomware uses a vulnerability in your software to gain access and then encrypts your files
Example : $17 million: SamSam cost the City of Atlanta
What is Spyware ?
Malware that secretly gathers information about the user without their consent
Captures keystrokes made by the victim and takes screenshots that are sent to the attacker
What is Adware ?
Type of spyware that displays advertisements based upon its spying on you
What is Grayware ?
Software that isn’t benign nor malicious and tends to behave improperly without serious consequences
What is Rootkit ?
Software designed to gain administrative level control over a system without detection
DLL injection is commonly used by rootkits to maintain their persistent control
Rootkits are activated before booting the operating system and are difficult to detect
What is DLL Injection ?
Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime
What is Driver Manipulation ?
An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level
A shim is placed between two components to intercept calls and redirect them
What is Spam ?
Activity that abuses electronic messaging systems, most commonly through email
