Malware Flashcards
Objective 2.4
Define / Explain
Malware
Malware
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Malicious software designed to infiltrate computer systems and potentially damage them without user consent
Malware
Define / Explain
List
Malware Categories
Malware
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Viruses
- Worms
- Trojans
- Ransomware
- Spyware
- Rootkits
- Spam
Malware
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
D:efine / Explain
Threat Vector
Malware - Threat Vector vs. Attack Vector
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Method used to infiltrate a victim’s machine
Malware - Threat Vector vs. Attack Vector
Define / Explain
Informational
Threat Vector Examples
Malware - Threat Vector vs. Attack Vector
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Unpatched software
- USB drive installation
- Phishing campaigns
Malware - Threat Vector vs. Attack Vector
Informational
Define / Explain
Attack Vector
Malware - Threat Vector vs. Attack Vector
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Means by which the attacker gains access and infects the system
- Combines both infiltration method and infection process
Malware - Threat Vector vs. Attack Vector
Define / Explain
Define / Explain
Viruses
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Attach to clean files, spread, and corrupt host files
Malware - Types of Malware Attacks
Define / Explain
Define / Explain
Worms
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Standalone programs replicating and spreading to other computers
Malware - Types of Malware Attacks
Define / Explain
Define / Explain
Trojans
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Disguise as legitimate software, grant unauthorized access
Malware - Types of Malware Attacks
Define / Explain
Define / Explain
Ransomware
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Encrypts user data, demands ransom for decryption
Malware - Types of Malware Attacks
Define / Explain
Define / Explain
Zombies and Botnets
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Compromised computers remotely controlled in a network for malicious purposes
Malware - Types of Malware Attacks
Define / Explain
Define / Explain
Rootkits
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Hide presence and activities on a computer, operate at the OS level
Malware - Types of Malware Attacks
Define / Explain
Define / Explain
Backdoors and Logic Bombs
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Backdoors allow unauthorized access, logic bombs execute malicious actions
Malware - Types of Malware Attacks
Define / Explain
Define / Explain
Keyloggers
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Record keystrokes, capture passwords or sensitive information
Malware - Types of Malware Attacks
Define / Explain
Define / Explain
Spyware and Bloatware
Malware - Types of Malware Attacks
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Spyware monitors and gathers user/system information, bloatware consumes resources without value
Malware - Types of Malware Attacks
Define / Explain
Informational
Malware Techniques and Infection Vectors…
Malware - Malware Techniques and Infection Vectors
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Evolving from file-based tactics to modern fileless techniques
- Multi-stage deployment, leveraging system tools, and obfuscation techniques
Malware - Malware Techniques and Infection Vectors
Informational
Informational / List
Indications of Malware Attack…
Malware - Indications of Malware Attack
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Account lockouts
- Concurrent session utilization
- Blocked content
- Impossible travel
- Resource consumption
- Inaccessibility
- Out-of-cycle logging
- Missing logs
- Documented attacks
Malware - Indications of Malware Attack
Informational / List
Define / Explain
Computer Virus
Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Made up of malicious code that’s run on a machine without the user’s knowledge and this allows the code to infect the computer whenever it has been run
Viruses
Define / Explain
Define / Explain
Boot Sector
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
One that is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Macro
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Program
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Try to find executables or application files to infect with their malicious code
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Multipartite
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Combination of a boot sector type virus and a program virus
- Able to place itself in the boot sector and be loaded every time the computer boots
- It can install itself in a program where it can be run every time the computer starts up
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Encrypted
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Polymorphic
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Advanced version of an encrypted virus, but instead of just encrypting the contents it will actually change the viruses code each time it is executed by altering the decryption module in order for it to evade detection
Viruses - 10 Different Types of Viruses
Define/ / Explain
Define / Explain
Metamorphic
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Able to rewrite themselves entirely before it attempts to infect a given file
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Stealth
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Technique used to prevent the virus from being detected by the ahnti-virus software
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Armored
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Have a layer of protection to confuse a program or a person who’s trying to analyze it
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Hoax
Viruses - 10 Different Types of Viruses
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Form of technical social engineering that attempts to scare our end users into taking some kind of undesirable action on their system
Viruses - 10 Different Types of Viruses
Define / Explain
Define / Explain
Worm
Worms
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Piece of malicious software, much like a virus, but it can replicate itself without any user interaction
- Able to self-replicate and spread throughout your network without a user’s consent or their action
Worms
Define / Explain
Informational
Worms are dangerous for two reasons…
Worms
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Infect your workstation and other computing assets
- Cause disruptions to your normal network traffic since they are constantly trying to replicate and spread themselves across the network
Worms
Informational
Informational
Worms are best known for…
Worms
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
spreading far and wide over the internet in a relative short amount of time
Worms
Informational
Define / Explain
Ransomware
Ransomware
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker
Ransomware
Define / Explain
Informational
How can we protect ourselves and our organizations against ransomware?
Ransomware
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Always conduct regular backups
- Install software updates regularly
- Provide security awareness training to your users
- Implement Multi-Factor Authentication (MFA)
Ransomware
Informational
Informational
What should you do if you find yourself or your organization as the victim of a ransomware attack?
Ransomware
Obj. 2.4 - Given a scenario, analyze indicators of malicious activity
- Never pay the ransomd
- If you suspect ransomware has infected your machine, you should disconnect it from the network
- Notify the authorities
- Restore your data and systems from known good backups
Ransomware
Informational
