Malware

Question 1

How is malware classifed

Answer 1

How it spreads and the payload, as if they need a host program/are independent and whether it replicates or not

Question 2

Attack Kit

Answer 2

A toolkit which provides a variety of payloads that novices can deploy

Question 3

Attack Sources

Answer 3

Pollitically motivated, criminals, organised crime, organisations that sell services, national gov agenices

Question 4

APTS Meaning

Answer 4

Advanced Persistent Threats

Question 5

APTS Definition

Answer 5

Persistent use of variety of intrusion tech to selected targets.

Question 6

APTS Characteristics

Answer 6

Advanced (wide variety of tech), persistent (attacks over extended period of time), threats (active involvement of people increases threat liklihood)

Question 7

Aim of APTS?

Answer 7

From stealing Intellectual property to disrupting a network

Question 8

APTS techniques

Answer 8

Social engineering, spear phishing, drive by downloads

Question 9

Intent of APTS?

Answer 9

to infect target and use other tools to maintain access

Question 10

Virus

Answer 10

Malware which infects a program and modifies to include a copy. Secretely run when the host program is run

Question 11

Virus Components

Answer 11

Infection Mechanism (Vector), Trigger (Logic Bomb), Payload

Question 12

Virus Phases

Answer 12

Dormant, Triggering, Propagation, Execution

Question 13

Triggering Phase

Answer 13

Virus is activated caused by system events

Question 14

Dormant Phase

Answer 14

Virus is idle. will be activated. not all have this.

Question 15

Propagation Phase

Answer 15

Places a copy in programs

Question 16

Execution Phase

Answer 16

Function is performed, may be harmless or damaging

Question 17

Macro + Scripting Viruses

Answer 17

Attaches itself to documents and uses macro programming capabilities of documents application to execute and propagate

Question 18

Why are macro viruses threatening

Answer 18

Platform dependent, infect documents not code, easily spread, traditional file access system control struggles to find them, much easier to write/modify than traditional viruses

Question 19

Virus Classifications

Answer 19

By Target, By Concealment strategy

Question 20

Break down Virus Classifications by target

Answer 20

Boot sector Infector, File Infector, Macro virus, Multi-partite Virus

Question 21

Break down Virus Classifications by concealment strategy

Answer 21

Encryption, Stealth, Polymorphic, Metamorphic

Question 22

What are Worms

Answer 22

Seeks more machines to infect. Infected machines serve as an auto launch pad. Exploits software vulnerabilites

Question 23

How do worms spread

Answer 23

Network Connections, Shared media, macro code in emails & instant messanger file transfer. Upon activation worm replicates and propagates.

Question 24

Worm Target Discovery

Answer 24

Scanning, Random, Hit-list, topological, local subnet

Question 25

Worm Technology

Answer 25

Multi-platform, multi exploit, ultrafast speading, polymorphic, metamorphic

Question 26

Mobile Code

Answer 26

Transmitted from a remote system to a local system and executed there. Often acts as a mechanism for a virus, worm, trojan.

Question 27

How is mobile code achieved

Answer 27

Cross site scripting, interative and dynamic websites, email attachements, downloads from untrusted sites

Question 28

Drive By Download

Answer 28

Webpage installs virus without user knowing

Question 29

Watering Hole Attack

Answer 29

variant of drive by download but targetted for a victim

Question 30

Malvertising

Answer 30

Malware on website in advertisements without comprimising them

Question 31

Clickjacking

Answer 31

Collecting a users clicks, can alter UI to add hidden buttons to redirect user

Question 32

Social Engineering

Answer 32

Tricking users to comprimise their own system

Question 33

How is Social Engineering achieved

Answer 33

Spam - Bulk Email, used for phishing, Trojan Horse, Ransomware

Question 34

Attack Agent Bots

Answer 34

Takes over another internet attached computer and uses to launch/manage attacks. Uses DDoS, spamming, sniffing, keylogging

Question 35

Remote Control Facility

Answer 35

Distinguishes a bot from a worm. Bot is controlled from a facility like an IRC server whereas worm propagates itself. Incomming message acts as commands for bots

Question 36

Keylogger

Answer 36

Captures keystrokes, can filter for keywords such as password

Question 37

Spyware

Answer 37

Monitors comprimised machine

Question 38

Info Theft Phishing

Answer 38

Exploits Social engineering to leverage users trust by pretending to be a trusted source

Question 39

Spearphishing

Answer 39

This is phishing but the target is selected and researched

Question 40

Stealthing backdoor

Answer 40

secret entrypoint in a program allowing attacker to bypass security

Question 41

Maintenance Hook

Answer 41

A backdoor used by programmers

Question 42

Rootkit characteristics

Answer 42

Persistent, Memory based, user mode, kernel mode, virtual machine based, external mode

Question 43

Malware prevention countermeasures

Answer 43

Policy, Awareness, Vulnerability mitigation, Threat Mitigation

Question 44

Malware countermeasures is prevention is failed

Answer 44

Detection, Identification, Removal

Question 45

Generations of Anti Virus

Answer 45

Simple Scanners, Heuristic Scanners, Activity traps, full featured protection

Question 46

Sandbox Analysis

Answer 46

Using malware in a VM to test, anaylse and mitigate