J.Dion Sec. 6 Malware Flashcards

1
Q

Any software that is designed to infiltrate a computer system without the user’s knowledge.

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What two things does malware need to create?

A

Threat vector
Attack vector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Specific method used by an attacker to infiltrate a victim’s machine.

A

Threat Vector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some examples of threat vectors?

A

Unpatched software
Installing code
User clicks on a link
Phishing campaign
Other vulnerabilities or exploits that can be taken advantage of.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A means by which an attacker gains access to a computer to infect the system with malware.

A

Attack vector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When we say threat vector think

A

ways the attacker breaks into the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When we say attack vector think

A

ways the attacker breaks into and infects the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What vulnerability was the MS17-010 security patch was made to patch?

A

The EternalBlue vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the vulnerability on computers missing the MS17-010 patch?

A

File and printer services that operate over the SMB protocol are vulnerable on the system until it has been updated with the patch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which known attack ran scans all day and all night to find as many unpatched Windows machines running version 7 through 10 missing the MS17-010 patch?

A

WannaCry ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How did WannaCry Ransomware do it?

A

They would run the exploit against machines not updated, gain administrative rights over the system to then encrypt the user’s files with a message on the screen saying “Computers locked and if you want to access it you owe x-amount of bitcoin for decryption key.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Malicious code that’s run on a machine without the user’s knowledge and this allows the code to infect the computer whenever it has been run.

A

Computer virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 10 different types of viruses?

A

Boot sector
Macro
Program
Multipartite
Encrypted
Polymorphic
Metamorphic
Stealth
Armor
Hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Virus type that is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up.

A

Boot sector virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why are boot sector viruses difficult to detect?

A

Boot sector viruses are installed before the operating system boots up and are able to from antivirus scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How to detect boot sector viruses?

A

Use a specific antivirus that looks for boot sector viruses which are usually run from a network anti-virus scanning engine or from an anti-virus that can be loaded from a Linux live boot disc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Virus type that is a form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed.

A

Macro virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Where are the most common macros examples found?

A

In Microsoft Word documents or Excel spreadsheets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What makes macros malicious?

A

Macros by default are used to add specific functionality to different documents without needing to create an entire program to do it.

Malice occurs when someone purposely adds malicious codes into documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Virus type that tries to find executable or application files to infect with their malicious code.

A

Program virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Virus type that is a combination of a boot sector type virus and a program virus.

A

Mutipartite virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How does a multipartite virus work?

A

The virus can place itself into the boot sector and be loaded every time at boot time then it can install itself within a program.

Virus maintains persistence on infected machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Standalone malware programs that replicate and spread to other systems by exploiting software vulnerabilities.

A

Worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Malicious software that attaches to clean files and spreads into a computer system.

A

Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Malicious programs which appear to be legitimate software that allow unauthorized access to a victim’s system when executed.

A

Trojans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Encrypts a user’s data and holds it hostage until a ransom is paid to the attacker for decryption.

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Compromised computers that are remotely controlled by attackers and used in coordination to form a botnet.

A

Zombies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Network of zombies and are often used for DDoS attacks, spam distribution, or cryptocurrency mining.

A

Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Malicious tools that hide their activities and operator at the OS level to allow for ongoing priviledged access.

A

Rootkits

30
Q

Malicious means of bypassing normal authentication process to gain unauthorized access to a system.

A

Backdoors

31
Q

Embedded code placed in legitimate programs that execute a malicious action when a specific condition or trigger occurs.

A

Logic Bombs

32
Q

Record a user’s keystrokes and are used to capture passwords or other sensitive information.

A

Keyloggers

33
Q

Software that secretly monitors and gathers users information or activities and sends data to third parties.

A

Spyware

34
Q

Unnecessary or pre-installed software that consumes system resources and space without offering any value to the user.

A

Bloatware

35
Q

What is an example of a program virus?

A

Browsing the internet and accidentally opening a program virus that will try to install itself into one of your programs like Microsoft Word.

36
Q

How do program viruses infect?

A

When a program virus is installed into a computer program like Microsoft Word, every time the infected application is opened the installed program virus will infect the computer each and every time. It can keep re-infecting the system.

37
Q

Type of virus designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software.

A

Encrypted Virus

38
Q

Why are encrypted viruses difficult for anti-virus software to detect?

A

The malicious code is scrambled into cipher text which makes it unreadable to both the user and anti-virus software.

39
Q

Type of virus that is an advanced version of an encrypted virus but instead of just encrypting the contents, it will actually change the virus’s code each time it is executed by altering the decryption module in order for it to evade detection.

A

Polymorphic virus

40
Q

Type of virus that is able to rewrite itself entirely before it attempts to infect a given file.

A

Metamorphic Virus

41
Q

This type of virus is not necessarily a specific type of virus as much as it is a technique used to prevent the virus from being detected by the anti-virus software.

A

Stealth Virus

42
Q

What techniques do stealth viruses use to avoid being detected by anti-virus software?

A

Encrypting its contents
Modifying its payload

43
Q

Type of virus that has a layer of protection to confuse a program or a person who is trying to analyze it.

A

Armored Virus

43
Q

Type of virus that isn’t an actual virus but a form of technical social engineering that attempts to scare end users into taking undesirable actions on their systems.

A

Hoax

44
Q

Piece of malicious software, much like a virus, but it can replicate itself without any user interaction.

A

Worm

45
Q

How do worms infect?

A

Worms take advantage of vulnerabilities in operating systems and applications if appropriate security controls or security patching isn’t done.

Worm could scan network and find a workstation that is missing a security patch then taking advantage of workstation

45
Q

What is the key difference between a virus and worm?

A

A virus requires a user to take some action such as opening a file, clicking on a malicious web link, or connecting a mass storage device to the system.

Where as a worm, can replicate itself and spread throughout the network without user’s consent or action.

46
Q

Why are worms very dangerous?

A

They can affect the workstation and other computing assets.

They can cause disruptions to the normal network traffic since they are constantly trying to replicate and spread across the network.
Consuming not only network resource but also compute power, processing power, memory power, and network capacity.

47
Q

What happens when a worm replicates itself too rapidly?

A

Denial-of-service attack against network and associated servers.

48
Q

How fast was the worm Nimda able to propagate across the entire internet in 2021?

A

22 minutes

49
Q

This worm is one of the largest seen in to date and was able to infect between 9 and 15 million machines.

A

Conficker in 2009

50
Q

What vulnerability was the worm Conficker seeking?

A

Windows operating system critical security patch known as 08-067.

51
Q

What was the security patch 08-067 designed to solve?

A

A software vulnerability inside the way Windows was doing file and printer sharing.

52
Q

Piece of malicious software that is disguised as a piece of harmless or desirable software.

A

Trojan

53
Q

Type of Trojan that is widely used by modern attackers because it provides the attacker with remote control of a victim machine.

A

Remote Access Trojan (RAT)

54
Q

How are Trojans commonly used by attackers?

A

Attackers exploit a vulnerability in a workstation, conduct data exfiltration to steal sensitive documents, and then create back doors to create persistence in your system.

55
Q

Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker.

A

Ransomware

56
Q

The Colonial Pipeline attack in 2021 was what type of attack?

A

Ransomware

57
Q

What group led the Colonial Pipeline attack in 2021?

A

Darkside

58
Q

What happened in the Colonial Pipeline attack?

A

Colonial Pipeline was attacked with ransomware

Pipeline was shut down for 5 days caused massive disruptions to USA fuel on the East coast.

The attackers, Darkside, demanded/received a ransom of $4.4 million dollars in bitcoin for exchange of a decryption key.

59
Q

What ransomware attack occurred in 2020?

A

Universitatsklinikum Dusseldorf in September 2020 was disrupted by a ransomware attack.

Hospital computers were disrupted and patients had to be diverted to other hospitals for emergency treatments.

A woman with a life-threatening condition died due to this delay in care and being diverted.

This was the first death directly related to ransomware attack in a hospital.

60
Q

Network of compromised computers or devices controlled remotely by malicious actors.

A

Botnet

61
Q

What can an attacker use through a botnet attack?

A

If attackers are successful they gain access to use a computers processing, memory, storage, and networking resources.

62
Q

Name of a compromised computer or device that is part of a botnet and used to perform tasks using remote commands.

A

Zombie

63
Q

Responsible for managing and coordinating the activities of other nodes or devices within a network.

A

Command and Control Node

Also known as C2 node

64
Q

These are used to span others by sending out phishing campaigns and other malware.

A

Botnets

65
Q

What is the most common type of botnet attack?

A

DDoS

Distributed Denial of Service Attack

66
Q

Used for cyberattacks or other malicious activity.

a. Botnet
b. Zombie

A

Used to perform the task using remote commands from the attacker without the user’s knowledge.

a. Botnet
b. Zombie

67
Q

Tasks using remote commands from the attacker without the user’s knowledge to perform crypto mining or break encryption.

A

Zombie

68
Q

Type of software that is designed to gain administrative-level control over a given computer system without being detected.

A

Rootkit

69
Q
A