Malware Flashcards
Software that is designed to infiltrate and damage a system
Malware
Malicious code that runs on a machine without the user’s knowledge and infects the computer when executed
Virus
True or False? Viruses require user action in order to reproduce and spread
True
Type of virus that is stored in the first sector of a hard drive and is loaded into memory upon boot
Boot sector virus
Type of virus embedded into a document and is executed when the document is opened by the user
Macro virus
Type of virus that seeks out executables or application files to infect
Program virus
Type of virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer
Multipartite virus
Type of virus that uses a cipher to encrypt its contents to avoid detection by any antivirus software
Encryption virus
Type of virus that changes its code each time it’s executed by altering the decryption module to evade detection
Polymorphic virus
Type of virus that has the ability to rewrite itself entirely before attempting to infect a file
Metamorphic virus
Type of virus that has a layer of protection to confuse a program or a person who’s trying to analyze it
Armored virus
A piece of malicious software that can replicate itself without any interaction
Worm
A piece of malicious software that is disguised as a piece of harmless or desirable software
Trojan
Type of Trojan that provides the attacker with remote control of a victim computer
Remote Access Trojan (RAT)
Malware that restricts access to a victim’s computer system until a ransom is received
Ransomware
Malware that uses a vulnerability in your software to gain access and then encrypts your files
Ransomware
Malware that secretly gathers information about the user without their consent
Spyware
Displays advertisements based upon its spying on you
Adware
Software that isn’t benign nor malicious and tends to behave improperly without serious consequences
Grayware
(“joke”ware like crazy mouse)
Software designed to gain administrative level control over a system without detection
Rootkit
Type of rootkit that has malicious code that is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime
DLL Injection (Dynamic Link Libraries)
Type of rootkit attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level
Driver Manipulation
A piece of software code that is placed between two components to intercept calls and redirect them
Shim
A collection of compromised computers under the control of a master (command and control: C2) node
Botnet
Occurs when many machines target a single victim and attack them at the exact same time
DDoS
A hospital’s file server has become infected with malware. The files on the server all appear to be encrypted and cannot be opened. The network administrator receives an email from the attacker asking for 20 bitcoin in exchange for the decryption key. Which type of malware MOST likely infected these computers?
a) Spyware
b) Ransomware
c) Keylogger
d) Rootkit
b) Ransomware
A computer was recently infected with a piece of malware. Without any user intervention, the malware is now spreading throughout the corporate network and infecting other computers that it finds. Which type of malware MOST likely infected these computers?
a) Worm
b) Virus
c) Trojan
d) Ransomware
a) Worm
Which of the following is the BEST way to regularly prevent different security threats from occurring within your network?
a) Disaster recovery planning
b) User training and awareness
c) Penetration testing
d) Business continuity training
b) User training and awareness
Studies have shown that an investment in end-user cybersecurity awareness training has the best return on investment of any risk mitigation strategy