Chapter 3 - Malware Flashcards
What is Malware?
Software designed to infiltrate a computer system and possibly damage it w/o the user’s knowledge or consent (basically all the bad things out there that can do harm)
What are the different types of Malware?
- Viruses
- Worms
- Trojan horses
- Ransomware
- Spyware
- Rootkits
- Spam
What is a computer Virus?
Malicious code that runs on a machine without the user’s knowledge & infects the computer when executed (downloading something that has code in it)
What are the 10 different types of computer viruses?
1- Boot sector= Boot sector viruses are stored in the first sector of a hard drive & are loaded into memory upon boot up (hard to detect bc they are installed after the operating system boots up)
2- Macro= a from of code that allows Viruses to be embedded into a document & is executed when the document is opened by the user (word doc has them, they *aren’t malicious)
3- Program= Program viruses see infect an executable or application (Program viruses seek out executables or application files to infect. For example, if you went & loaded a virus & was able to install itself into ur Microsoft Word program, every time u opened up Word u’d be loading that virus again & again. And that’s why a program virus targets programs.)
4- Multipartite= Virus that combines boot & program viruses to first attach itself to the boot sector & system files before attacking other files on the computer (A multipartite virus is a combination of a boot sector type virus and a program virus. By using this combination, the virus is able to place itself in the boot sector and be loaded every time the computer boots. & by doing so, it can then install itself in a program where it can be run each & every time the computer starts up. This allows it to have a persistence & be able to be there over & over again.)
5- Encrypted =this virus is going to use a cipher to encrypt the contents of itself to avoid detection by any antivirus software.
6- Polymorphic= Advanced version of an encrypted virus that changes its code every time it is executed by altering the decryption module to avoid detection (what it’s doing is it’s trying to morph the way its code looks so that a signature-based antivirus can’t detect it anymore.)
7- Metamorphic= Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus=Metamorphic viruses are able to rewrite themselves entirely before it attempts to infect a file. & essentially, this is an advanced version of a polymorphic virus.)
8- Stealth=When we talked about encrypted & polymorphic & metamorphic viruses, these are all examples of stealth viruses. They’re viruses that are using various different techniques to avoid detection by an antivirus software
9- Armored= Armored viruses have a layer of protection to confuse a program or person analyzing it (Again, this is another way that the virus is trying to protect itself & increase its odds of being able to spread to other users
without being detected.)
10- Hoax= is actually not a virus in the traditional sense. Instead, when we get a virus hoax, we’re trying to trick a user into infecting their own machine. This might come in the form of a message or a website that pops up. It may be that we call them on the phone & pretend that we’re from Microsoft tech support & tell them that their machine has been infected. (form of social engineering)
What is a computer Worm
a worm is a piece of malicious software, (much like a virus. But it has a key difference.) A worm can replicate itself without any user interaction. If u remember when I talked about viruses, I said that a user has to install a program, or open a file, for that virus to be able to take its action. But with worms, that’s simply not the case. Worms are able to self-replicate & spread throughout ur network, W/O a user’s consent, or their action. This is bc they take advantage of security holes in operating systems & applications.
What are signs of a computer worm?
So, if a worm knows that there’s some1 out there who hasn’t installed a security patch, they can take advantage of that, & use that to spread from victim to victim, across the network, & across the world. Bc of this, worms can cause disruption to ur normal network traffic, & computing activities. This is bc they’re spreading and replicating really fast. & when they do this from ur victim machine, They’re using up computing power. Its processing power, its memory, & its network traffic capability. & all of that is going to start (1) slowing down your system. In some cases, this can even cause your (2) system to crash.
Worms are known for spreading far and wide over the Internet, in a very short amount of time.
What are Trojans Horse?
Malicious software that is disguised as a piece of harmless or desirable software
(Basically, a Trojan says, I’m going to perform this function for u. & it will perform that desired function, but it will also perform a malicious one, too.)
▪ Trojans perform desired functions and malicious functions
What is RAT stand for and mean?
Remote Access Trojan (RAT) Provides the attacker with remote control of a victim computer
What is the most commonly used type of Trojan?
Remote Access Trojan (RAT)
Summary of all Malware?
1- Virus
▪ Code that infects a computer when a file is opened or executed
2- Worm
▪ Acts like a virus but can self-replicate
3- Trojan
▪ Appears to do a desired function but also does something malicious
4- Ransomware
▪ Takes control of your computer or data unless you pay
5- Spyware
▪ Software that collects your information without your consent
5- Rootkit
▪ Gains administrative control of your system by targeting boot loader or kernel
6- Spam
▪ Abuse of electronic messaging systems
What is a Ransomware?
Ransomware is a type of malware that restricts access to a victim’s computer or their files until a ransom is received.
How does ransomware work?
Ransomware uses a vulnerability in ur software to gain access & then encrypts your files
What is Spyware?
spyware is a type of malicious software that’s installed on your system and gathers information about you without your consent.
What does Spyware do? & what could it contain?
What it does is it starts looking through all of your files, ur emails, ur instant messages, ur calendar invites, & whatever other information u might have on ur system, & it gathers that all up & builds a profile on u, that’s the best case.
In the worst case, it may include a keylogger, too. Now, with a keylogger, this is going to allow that program to capture any keystrokes you make on a victim machine. So if u’re typing in a website name and ur username & ur password, it can collect that & send it back to the attacker.
It even has the ability to take screenshots of what u’re seeing on the screen, & send that back at routine intervals through email or instant message. Keyloggers are very dangerous to your security
What are Adware
Adware is a specific type of spyware
where it’s going to display advertisements to u, based on what it saw when it spied on u. So if it looked through ur emails & ur websites & ur cookies & ur browser history, it could start figuring out maybe that u’re interested in weddings. & advertise weddings.
