COMPTIA SECURITY + WEEK 2 CHAPTER 3 & 4 Flashcards
What is malware?
A wide range of software intentionally designed to cause harm to systems, networks, or users.
Malware can gather information, provide illicit access, and take unwanted actions on a system.
Name three types of malware.
- Ransomware
- Trojan
- Worm
Other types include spyware, bloatware, virus, keylogger, logic bomb, and rootkit.
What is ransomware?
Malware that takes over a computer and demands a ransom for access to data.
It can encrypt files and hold them hostage until payment is made.
What are indicators of compromise (IoCs) for ransomware?
- Command and control traffic
- Use of legitimate tools in abnormal ways
- Lateral movement processes
- Encryption of files
- Ransom notices
- Data exfiltration behaviors
These indicators help in identifying ransomware attacks.
What is a Trojan?
Malware disguised as legitimate software that provides attackers a path into a system.
The term comes from the Trojan horse myth, where the malware relies on user interaction to install.
What are common indicators of compromise for Trojans?
- Signatures for specific malware
- Command and control hostnames
- Newly created folders or files
Remote Access Trojans (RATs) provide attackers with remote access to systems.
What are botnets?
Groups of systems under central command, with individual systems referred to as bots.
They often utilize command and control techniques for coordinated attacks.
How do worms spread?
Worms spread themselves, often through automated means without user interaction.
They can spread via email attachments, network shares, and vulnerable devices.
What is the significance of the Stuxnet worm?
Recognized as the first implementation of a worm as a cyber weapon aimed at the Iranian nuclear program.
It utilized advanced techniques to cause physical damage to industrial systems.
What is spyware?
Malware designed to obtain information about an individual, organization, or system.
It can track browsing habits, installed software, or sensitive data.
What are common IoCs for spyware?
- Remote-access indicators
- Known software file fingerprints
- Malicious processes disguised as system processes
- Injection attacks against browsers
Spyware can use techniques from other types of malware.
What is bloatware?
Unwanted applications installed on systems by manufacturers.
While not typically malicious, it can take up resources and create vulnerabilities.
What differentiates spyware from bloatware?
Spyware’s primary intention is to gather information about the user, while bloatware consists of unwanted programs.
Bloatware may not have malicious intent but can still pose risks.
What are the mitigation practices for Trojans?
- Awareness practices
- Control of software acquisition
- Anti-malware and EDR tools
These practices help prevent the installation and execution of Trojans.
What is a command and control (C&C) system?
A system that allows attackers to communicate with and control compromised systems.
C&C systems often use encrypted connections to avoid detection.
What is the primary intention of spyware?
To gather information about the user, their use of the system and Internet, and the configuration of the system.
What distinguishes bloatware from spyware?
Bloatware is simply unwanted programs, while spyware is designed to collect user data.
Define computer viruses.
Malicious programs that self-copy and self-replicate once activated.
What are the two main types of viruses based on their memory usage?
- Memory-resident viruses
- Non-memory-resident viruses
What type of virus resides inside the boot sector of a drive?
Boot sector viruses.
How do macro viruses spread?
Using macros or code inside word processing software or other tools.
True or False: Fileless viruses require local file storage.
False.
What is an example of a method to prevent fileless virus attacks?
Using antimalware tools that can detect unexpected behavior from scripting tools.