Malware Flashcards
Computer Virus
Made up of malicious code that’s run on a machine without the user’s
knowledge and this allows the code to infect the computer whenever it has been
run
Boot Sector virus
Is stored in the first sector of a hard drive and is then loaded
into memory whenever the computer boots up
Macro virus
Form of code that allows a virus to be embedded inside another
document so that when that document is opened by the user, the virus is
executed
Program virus
Try to find executables or application files to infect with their malicious
code
Multipartite virus
Combination of a boot sector type virus and a program virus
Able to place itself in the boot sector and be loaded every time the
computer boots
It can install itself in a program where it can be run every time the
computer starts up
Encrypted virus
Designed to hide itself from being detected by encrypting its malicious
code or payloads to avoid detection by any antivirus software
Polymorphic virus
Advanced version of an encrypted virus, but instead of just encrypting the
contents it will actually change the viruses code each time it is executed
by altering the decryption module in order for it to evade detection
Metamorphic virus
Able to rewrite themselves entirely before it attempts to infect a given file
Stealth
Technique used to prevent the virus from being detected by the anti-virus
software
Armored virus
Have a layer of protection to confuse a program or a person who’s trying
to analyze it
Worm
Piece of malicious software, much like a virus, but it can replicate itself without
any user interaction
Trojan
Piece of malicious software that is disguised as a piece of harmless or desirable
software
RAT
Remote Access Trojan
Provides the attacker with remote
control of a victim machine
Ransomware
Type of malicious software that is designed to block access to a computer system
or its data by encrypting it until a ransom is paid to the attacker
Botnet
Network of compromised computers or devices controlled remotely by malicious
actors
Zombie
Name of a compromised computer or device that is part of a botnet
Used to perform tasks using remote commands from the attacker without the
user’s knowledge
C&C Node
Command and Control Node
Computer responsible for managing and coordinating the activities of other
nodes or devices within a network
DDoS
Distributed Denial of Service
Occurs when many machines target a single victim and attack them at the
exact same time
DoS
Denial of Service
Rootkit
Designed to gain administrative level control over a given computer system
without being detected
DLL
Dynamic Link Library
Collection of code and data that can be used by multiple programs
simultaneously to allow for code reuse and modularization in software
development
DLL Injection
Technique used to run arbitrary code within the address space of another
process by forcing it to load a dynamic-link library
Shim
Piece of software code that is placed between two components and that
intercepts the calls between those components and can be used redirect
them
Backdoor
Originally placed in computer programs to bypass the normal security and
authentication functions
Most often put into systems by designers and programmers
Easter egg
a hidden feature or novelty within a program that is typically inserted by the
software developers as an inside joke
Code often has significant vulnerabilities
Logic Bombs
Malicious code that’s inserted into a program, and the malicious code will only
execute when certain conditions have been met
Keylogger
Piece of software or hardware that records every single keystroke that is made
on a computer or mobile device
Spyware
Malicious software that is designed to gather and send information about a user
or organization without their knowledge
Bloatware
Any software that comes pre-installed on a new computer or smartphone that
you, as the user, did not specifically request, want, or need
Fileless Malware
Used to create a process in the system memory without
relying on the local file system of the infected host
Stage 1 Dropper or Downloader
Piece of malware that is usually created as a lightweight shellcode
that can be executed on a given system
Dropper
Specific malware type designed to initiate or run other malware
forms within a payload on an infected host
Downloader
Retrieve additional tools post the initial infection facilitated by a
dropper
Shellcode
Broader term that encompasses lightweight code meant to
execute an exploit on a given target
Living off the Land
A strategy adopted by many Advanced Persistent Threats
and criminal organizations
the threat actors try to exploit the standard tools to
perform intrusions
IOC
Indicator of Compromise
Common indicators of compromise
- Account Lockouts
- Concurrent Session Utilization
- Blocked Content
- Impossible Travel
- Resource consumption
- Resource inaccessibility
- Out-of-cycle Logging
- Missing Logs
- Published or Documented Attacks