ISC2 - Study Notes 15 Flashcards
uses code to make it difficult for AV researchers to reverse-engineer the code.
Some viruses can morph or mutate each time they replicate to another machine or even each time they run. Even though the file changes, the code used to replicate and deliver the payload remains the same.
Armored Virus / Polymorphic Virus
A ??? virus actually mutates the code used to replicate and deliver a payload.
??? virus has multiple components. For example, it could combine a boot sector virus with a virus that infects one or more files.
Metamorphic / Multipartite
provides an attacker with control over a target computer via the Internet. Many Trojans install ???, and then attackers can use the ??? to do anything on the target computer. This includes using the ??? to install malware, install keyloggers, and join the compromised computer to a botnet.
RAT
fake virus (which shows user has been infected with virus) from website that tricks user to installing malicious software (fake anti-virus) on their system.
Scareware
is a false message about a malware risk that doesn’t exist. Attackers and uneducated users typically spread ??? through e-mail while urging other users to forward it to everyone they know. Many times these e-mails encourage users to take action that can harm their system.
Malware Hoax
Attackers sometimes deliver malware via malicious banner ads, commonly called ???. These look like regular ads, but they contain malicious code. Many of them include a link taking users to a server hosting a drive-by download. Others are Flash applets with malicious code embedded in them.
malvertising
Install antivirus software on all systems.
Install antivirus and antispam software on e-mail servers.
Install antivirus and content-filtering software on firewalls.
Keep all antivirus and antispam software up to date.
Perform regular antivirus and vulnerability scans.
Keep all systems up to date
Educate users
Implementing Malicious Code Countermeasures :
Behavior-based detection attempts to detect previously unknown viruses. It uses a baseline to detect anomalies.
A spam filter attempts to detect unsolicited e-mail and block it.
Info
records provide a method to reduce spam by identifying spoofed e-mail. ??? records identify e-mail servers authorized to send out e-mail for a domain. E-mail servers that receive e-mail can use ??? records to validate e-mail. If a different server sent the e-mail (not one identified in the ??? record), the receiving server marks the e-mail as spoofed. The server can then block all spoofed e-mail from this server to reduce spam levels.
Sender Policy Framework (SPF)
uses digital signatures to authenticate e-mails. ??? uses a certificate to provide authentication, integrity, and nonrepudiation. The sending e-mail server attaches a digital signature to outgoing e-mail. The receiving e-mail server uses the digital signature to verify the e-mail has been sent by the sending e-mail server.
Domain Keys Identified Mail (DKIM)
