Malware Flashcards
What kinds of malware needs a host program?
Trap Doors Viruses Trojan Horses Logic Bombs Browser extensions, plugins
What kinds of malware do not need a host?
Worms
Botnets
APTs
What is a trap door?
Contains a secret entry point that is activated by a special input or a specific user
What is a logic bomb?
Malicious code embedded in the program that is set to go off when certain conditions are met
What is a Trojan Horse?
Performs malicious activity while the host program is executing
Host program appears normal and doing what it is supposed to. Trojan does work in the background.
What is a virus?
Malicious code that is spread by modifying an existing program
It finds and checks for uninfected programs before infecting them and using them to spread
Avoids detection by adjusting the size of itself once it has infected the host program
What are the four stages of a virus?
Dormant
Propagation
Triggering
Execution
Types of Viruses
- Parasitic (scans/infects programs)
- Memory-resident (disappears on reboot/resides in memory only)
- Boot sector (runs/spreads when system is booted)
- Polymorphic (encrypts part of virus using random key, alters the way it looks)
What is a rootkit?
Modifies OS code and data structures
Resides in the OS
Intercepts system calls to hide user-level malware
What is an internet worm?
Uses network connections to spread
Causes resource exhaustion due to repeated infections
Exploits security flaws, such as buffer overflow, trap doors, guessing passwords to gain access
Can accept shell commands
Bootstrap loads itself to the host machine and then fetches instructions
Hard to detect: loads in memory, encrypts itself, changes its name and process ID
How do we prevent internet worms?
Prevention (limit connections to outside world via firewall)
Detection and identification
Removal
What are the types of antivirus?
Simple scanners: checks for signatures
Heuristic scanners
Activity traps: honeypots
Full featured analysis: sandboxes
What is a reflected amplification attack?
A bot sends multiple requests to NTP and floods packets to a victim it has spoofed
What is a botnet?
Network of bots controlled by an attacker to perform a coordinated malicious activities
Needs a Command and Control to communicate
What kind of attacks do botnets do?
Spam Keylogging Data/Identity Theft DDoS attacks Clickfraud Phishing and Pharming