Malware Flashcards
What is malware?
Any software that is designed to infiltrate a system and cause damage
What are two things malware needs?
An attack/threat vector and an attack surface.
What is a virus?
a type of malware that attaches to another program and can replicate and spread to other computer.
What does a virus need to be dangerous?
Human interaction.
What is a boot sector virus?
A type of virus stored in the boot sector of a hard drive first, and then loaded into memory whenever the infected system boots.
What is a program virus?
A type of virus that tries to find executables or application files to infect with their malicious codes.
What is an encrypted virus?
A type of virus that is designed to hide itself from being detected by AVS via encrypting it’s malicious code or payloads.
What is a metamorphic virus?
A type of virus that’s able to rewrite itself entirely before it attempts to infect a given file.
What is an Armor virus?
A type of virus with extra layers of protection that are meant to confuse analyzers
What is a macro virus?
A virus written in the macro language. A programming language used to automate repeated tasks.
What is a multipartite virus?
A combination of boot-sector and program virus.
What is a polymorphic virus?
An Advanced form of encrypted virus that scrambles its code each time it’s executed.
What is a Stealth Virus?
A type of technique used to prevent a virus from being picked up by AVS
What is a hoax?
A form of technical social engineering that attempts to scare users into taking undesirable actions on their systems.
What is a Worm?
Malicious software that can self replicate without user interaction.
What is a Trojan
Malicious software that is disguised as a piece of harmless or desirable software.
What is ransomware?
Malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker
What are some ways to mitigate ransomware attacks?
- Conducting regular backups
- Installing regular software updates
- Providing security awareness training
- Implementing multi-factor authentication for a system
What is a botnet?
A network of compromised computers or devices controlled remotely by malicious actors
What is a zombie?
A compromised computer or device that is a part of a botnet
What is a Command and Control Node(C2 Node)?
Responsible for the managing and coordination of activities to other devices with a network.
What are common uses for botnets?
Implementing phising campaigns, DDoS attacks, crypto mining.
What is a rootkit?
A type of software designed to gain admin level control over a given system undetected
What are the 3 rings of protection?
In the context of security, the rings create a form of separation for how data and devices can be accessed.
Ring 0(Kernel Mode): Allows a system to control access to hardware
Ring 1(Root/Admin): Level where root/admin operates
Ring 2(Outermost): Level where user permissions live.
What is DLL Injection?
Technique used to run code within the address space of another process by forcing it to load a DLL.
What is a DLL?
Dynamic-Link Library
A shared library in windows based systems. This library file can contain code, data, and/or resources
What is a shim?
Software that is placed between two components capable of intercepting communications.
