J.Dion Sec. 6 Malware Flashcards
Any software that is designed to infiltrate a computer system without the user’s knowledge.
Malware
What two things does malware need to create?
Threat vector
Attack vector
Specific method used by an attacker to infiltrate a victim’s machine.
Threat Vector
What are some examples of threat vectors?
Unpatched software
Installing code
User clicks on a link
Phishing campaign
Other vulnerabilities or exploits that can be taken advantage of.
A means by which an attacker gains access to a computer to infect the system with malware.
Attack vector
When we say threat vector think
ways the attacker breaks into the system.
When we say attack vector think
ways the attacker breaks into and infects the system.
What vulnerability was the MS17-010 security patch was made to patch?
The EternalBlue vulnerability
What is the vulnerability on computers missing the MS17-010 patch?
File and printer services that operate over the SMB protocol are vulnerable on the system until it has been updated with the patch.
Which known attack ran scans all day and all night to find as many unpatched Windows machines running version 7 through 10 missing the MS17-010 patch?
WannaCry ransomware
How did WannaCry Ransomware do it?
They would run the exploit against machines not updated, gain administrative rights over the system to then encrypt the user’s files with a message on the screen saying “Computers locked and if you want to access it you owe x-amount of bitcoin for decryption key.”
Malicious code that’s run on a machine without the user’s knowledge and this allows the code to infect the computer whenever it has been run.
Computer virus
What are the 10 different types of viruses?
Boot sector
Macro
Program
Multipartite
Encrypted
Polymorphic
Metamorphic
Stealth
Armor
Hoax
Virus type that is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up.
Boot sector virus
Why are boot sector viruses difficult to detect?
Boot sector viruses are installed before the operating system boots up and are able to from antivirus scans.
How to detect boot sector viruses?
Use a specific antivirus that looks for boot sector viruses which are usually run from a network anti-virus scanning engine or from an anti-virus that can be loaded from a Linux live boot disc.
Virus type that is a form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed.
Macro virus
Where are the most common macros examples found?
In Microsoft Word documents or Excel spreadsheets
What makes macros malicious?
Macros by default are used to add specific functionality to different documents without needing to create an entire program to do it.
Malice occurs when someone purposely adds malicious codes into documents.
Virus type that tries to find executable or application files to infect with their malicious code.
Program virus
Virus type that is a combination of a boot sector type virus and a program virus.
Mutipartite virus
How does a multipartite virus work?
The virus can place itself into the boot sector and be loaded every time at boot time then it can install itself within a program.
Virus maintains persistence on infected machine.
Standalone malware programs that replicate and spread to other systems by exploiting software vulnerabilities.
Worms
Malicious software that attaches to clean files and spreads into a computer system.
Virus
Malicious programs which appear to be legitimate software that allow unauthorized access to a victim’s system when executed.
Trojans
Encrypts a user’s data and holds it hostage until a ransom is paid to the attacker for decryption.
Ransomware
Compromised computers that are remotely controlled by attackers and used in coordination to form a botnet.
Zombies
Network of zombies and are often used for DDoS attacks, spam distribution, or cryptocurrency mining.
Botnet