Malware Flashcards
Malware
Software designed to infiltrate a computer system and possibly damage it, without the user’s knowledge or consent:
Viruses, Worms, Trojan horses, Ransomware, Spyware, Rootkits, Spam
Virus
Malicious code that runs on a machine without the user’s knowledge and infects the computer when executed.
Boot Sector - stored in the first sector of a hard drive and are loaded into memory upon boot up.
Macro - embedded into a document and is executed when the document is opened by the user.
Program - infect an executable or application.
Multipartite - combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer.
Encrypted Virus
Polymorphic - advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection.
Metamorphic - virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)
Stealth
Armored - have a layer of protection to confuse a program or person analyzing it.
Hoax
Worm
Malicious software, like a virus, but is able to replicate itself without user interaction.
Self-replicate and spread without a user’s consent or action.
Can cause disruption to normal network traffic and computing activities.
Trojans
Trojan Horse - malicious software that is disguised as a piece of harmless or desirable software (perform desired functions and malicious functions)
Remote Access Trojan (RAT) - provides the attacker with remote control of a victim computer and is the most commonly used type of Trojan.
Ransomware
Malware that restricts access to a victim’s computer system until a ransom is received.
Ransomware uses a vulnerability in your software to gain access and then encrypts your files.
Spyware
Malware that secretly gathers information about the user without their consent.
Captures keystrokes made by the victim and takes screenshots that are sent to the attacker.
Adware - Displays advertisements based upon its spying on you.
Grayware - software that isn’t benign nor malicious and tends to behave improperly without serious consequences.
Rootkits
Software designed to gain admin level control over a system without detection.
DLL Injection - malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime.
Driver Manipulation - an attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level; A shim is placed between two components to intercept calls and redirect them.
Rootkits are activated before booting the OS and are difficult to detect.
Spam
Activity that abuses electronic messaging systems, most commonly through email.
Spammers often exploit a company’s open mail relays to send their messages.
CAN-SPAM Act of 2003.
Summary of Malware
Virus - code that infects a computer when a file is opened or executed.
Worm - acts like a virus but can self-replicate.
Trojan - appears to do a desired function but also does something malicious.
Ransomware - takes control of your computer or data unless you pay.
Spyware - software that collects your information without your consent.
Rootkit - gains admin control of your system by targeting boot loader or kernel.
Spam - abuse of electronic messaging systems.