Chapter 8 - Malicious Software Flashcards
Malicious software (malware)
any program that contains instructions that run on a computer system and perform operations that the user does not intend
How does malware attack all three tenets of cybersecurity
- Confidentiality - malware can disclose your organization’s private information
- Integrity - malware can modify database records, either immediately or over a period of time
- Availability - malware can erase or overwrite files or inflict considerable damage to storage media
System infectors
target computer hardware and software startup functions
File infectors
attack and modify executable programs
Examples of executable programs
COM, EXE, SYS, and DLL
Data infectors
attack document files containing embedded macro programming capabilities
Lifecycle of a virus
Virus is dormant -> the user transmits an infected object to another computer -> the virus locates and infects suitable objects on the new computer
Rootkits
malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised
Rootkits are…
difficult to detect and remove
Ransomware
attempts to generate funds directly from a computer user by limiting access to data through encryption
Spam
consumers computing resources bandwidth and central processing unit (CPU)
Why is spam dangerous?
Diverts IT professionals from more critical activities and may contain malware
Worms
self-contained programs designed to propagate from one host machine to another using the host’s own network system
How are worms different from viruses?
Unlike viruses, they do not require a host program to survive and replicate
Trojan horses
programs that masquerade as useful programs while hiding malicious intent
Trojan horses are…
the largest class of malware
How do trojan horses spread
through emails, website downloads, social networking sites, and bots
Logic bombs
programs that execute a malicious function of some kind when they detect certain conditions
Logic bombs can…
cause immediate damage or can initiate a sequence of events that cause damage over a longer period
Logic bombs typically originate from…
organization insiders because they have more detailed knowledge of the IT infrastructure
Active content
dynamic objects that do something when the user opens a webpage
Vulnerabilities of active content
Users inadvertently download bits of mobile code which gain access to the hard disk and do things like fill up the desktop with infected file icons
Add-ons
companion programs that extend the web browser
Malicious add-ons
browser add-ons that contain some type of malware
Botnets
robotically controlled networks that perform various functions
Botnets can be used to…
distribute malware and spam; to launch DoS attacks
DoS attacks
overwhelm a server or network segment to the point that the server or network becomes unusable
Distributed denial-of-service attacks (DDoS)
use intermediary hosts to conduct the attack
Synchronize (SYN) flood attacks
attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer
Smurf attack
attackers forge ICMP echo request packets from remote locations to generate DoS attacks
Spyware
any unsolicited background process that installs itself on a user’s computer and collects information about the user’s browsing habits and website activities
Adware
triggers nuisances such as popup ads and banners when a user visits certain websites
Why is adware dangerous…
Affects productivity and collects and tracks information
Phishing
tricks users into providing logon information on what appears to be a legitimate website but is actually a website set up by an attacker to obtain this information
Spear phishing
attacker supplies information about the victim that seems to come from a legitimate company
Pharming
the use of social engineering to obtain access credentials such as usernames and passwords
Keystroke loggers
capture keystrokes or user entries and forward the information to the attacker
Why are keystroke loggers dangerous?
they allow the attacker to capture logon information, banking information, and other sensitive info
Homepage hijacking
exploiting a browser vulnerability to reset the homepage and then installing a browser helper object trojan program
Webpage defacements
someone gaining unauthorized access to a web server and altering the index page of a site on the server
Phases of an attack
Reconnaissance, gaining access, maintaining access, and covering your tracks
Defense in depth
the practice of layering defenses into zones to increase the overall protection level and provide more reaction time to respond to incidents
Application defenses
implement antivirus screening, ensure that applications are up to date, install firewalls
Operating system defenses
deploy change-detection and integrity-checking software, ensure that all operating systems are consistent, disabling unnecessary services
Network infrastructure defenses
use proxy services, use content filtering, disable any unnecessary network services
