CH03 Maware Infections Flashcards
What is a threat vector ?
method used by an attacker to access a victim’s machine. How the attacker get to the machine itself
What is Attack Vector?
method used by an attacker to gain access to an victim’s machine in order to infect it with malware. It includes both the way attacker got to the machine and how they are going to infect it
What is Watering hole?
Malware is placed on a website that you know your potential victims will access
What is Typosquatting ?
url with very similar address as the real one. Ex: amazon.com vs. amazonS.com
What is a zombie ?
victimized computer whose control is under the attacker
What is Botnet
A collection of compromised computers under the control of a master node
What is Command and Control (C2)
node that controls hundreds of other computer that are part of their botnet
What is Active Interception ?
Occurs when a computer is placed between the sender and receiver and is able to capture or modify the traffic between them. Someone sending out false wifi network pretending to be public hotspot.. and all my network traffic goes through the attacker’s computer. He can capture whatever I am doing
What is Privilege Escalation ?
Occurs when you are able to exploit a design flaw or bug in a system to gain access to resources that a normal user isn’t able to access. You are gaining access to a system as another user and finding ways to escalate their privilege to an admin role.
What are Backdoors ?
Backdoors are used to bypass normal security and authentication functions. Remote Access Trojan (RAT) acts like a backdoor by granting attacker a persistent access
What is an Ester Egg ?
Non-malicious code that when invoked, displays an insider joke, hidden message, or secret feature
What is Logic Bomb ?
malicious code that has been inserted inside a program and will execute only when certain conditions have been met.
What is dropper and downloader?
one of the exploitation techniques used by APT (Advanced Persistent Threat).
running lightweight shell code on your system which will download the rest of the code
Dropper - Malware designed to install or run other types of malware embedded in a payload on an infected host. They are usually a stage one dropper, it’s that cod you first get. And once you get that code and run it, it then goes out to get some other code using its own downloader
Downloader - a piece of code that connects to the internet to retrieve additional tools after the initial infection happens by a dropper.
Droppers are likely to implement anti-forensics techniques to prevent detection and analysis…. Such as encrypting their payloads, or compressing their payloads, or obfuscating their payloads, which makes reverse engineering a lot harder
What is Code Injection ?
Exploit technique that runs malicious code with the identification number of a legitimate process
What is Masquerading ?
dropper replaces a genuine executable with a malicious one
