Malware Flashcards
Malware
Any software that is designed to infiltrate a computer system without the user’s knowledge.
Threat Vector
Specific method used by an attacker to infiltrate a victm’s machine. Breaks into system.
Attack Vector
A means by which an attacker gains access to a computer to infect the system with malware. Breaks into and infects system.
Computer Virus
Malicious code is run on a machine without the user’s knowledge, and this allows for the code to infect the computer wherever it has been run.
Boot Sector Virus
Stored in the first sector of the hard drive and then loaded into memory whenever the computer boots
Macro Virus
A form of code that allows a virus to be embedded inside another document so that when the user is opening that document, the virus is executed.
Program Virus
Tries to find executables or application files to infect with their malicious code.
Multipartile virus
A combination of a boot sector type virus and a program virus. Even if someone finds the program part of the virus and cleans it out from within the OS, they may have missed the boot sector portion.
Encrypted Virus
Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software
Polymorphic Virus
Advanced version of an encrypted virus, but instead of just encrypting the contents, it will actually change the virus’ code each time it is executed by altering the decryption model in order for it to evade detection.
Metamorphic Virus
Able to rewrite itself entirely before it attempts to infect a given file. More advanced version of a polymorphic virus.
Worm
Piece of malicious software, much like a virus, but it can replicate itself without any user interaction.
Worm vs Virus
Worm - Can replicate itself without interaction from the user
Virus - Requires the user to take some action.
Trojan
A piece of malicious software that is disguised as a piece of harmless or desirable software.
RAT
Remote Access Trojan. This type of trojan is widely used by modern attackers because it provides the attacker with remote control of a victim’s machine.
Best practices for preventing ransomware?
Conduct regular backups of critical data, files, and systems,
Installing regular software updates, especially to operating systems and antivirus
Provide security awareness training to the end users.
Implementing multi-factor authentication to systems to provide an added layer of security
Rootkit
Type of software designed to gain administrative-level control over a given computer system without being detected. Seamlessly embed itself into the OS.
Kernel mode
Allows a system to control access to things like device drivers, sound cards, and monitors. Designed to dig deeply into the OS.
DLL Injection
The technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library. A DLL is a file type that contains code, resources, and data that can be shared between multiple programs; they are executed on demand and loaded into memory.
Backdoor
Used to bypass the standard security and authentication function
Logic Bomb
Malicious code that’s inserted into a program and will only execute when certain conditions have been met.
Fileless Malware
Used to create in the system memory without relying on the local file system of the infected host.
Step 1: Droper or downloader. Lightweight shell code that can be executed on a targeted system.
Step 2: download and install a remote access trojan to command and control the victimized system.
Actions on objectives phase: threat actors execute primary objectives to meet core objectives (data exfiltration or file encryption).
Dropper
Initiates or runs other malware forms within a payload on an infected host
Downloader
Retrieves additional tools post the initial infection facilitated by a dropper
Shellcode
Encompasses lightweight code meant to execute an exploit on a given target.
Concealment
Used to help threat actors prolong unauthorized access to a system by hiding tracks, erasing log files, and hiding any evidence of malicious activities.
Indicators of Malware Attacks
Account lockouts, blocked content, resource consumption, out-of-cycle logging, published or documented attacks, concurrent session utilization, impossible travel, resource inaccessibility, and missing logs.