Malware Flashcards
What are the TWO components that every piece of malware has?
1) Propagation Mechanism
2) Payload
Describe what the “propagation mechanism” component of malware is
How malware spreads from one system to another.
Describe what the “payload” component of malware is.
The malicious action that the malware performs.
What are the defining characteristics of a VIRUS?
It spreads from system to system based on some type of user action.
Examples: Opening e-mail attachments, clicking on a link to a malicious website, inserting infected USB into workstation.
What is the best way to defend against a VIRUS?
User education.
What are the defining characteristics of a WORM?
They spread from system to system without any user interaction. They reach out and exploit system vulnerabilities, infecting systems without the user doing anything. Once a worm has infected a system, it uses that system as a new base for spreading to other parts of the local area network, or the broader intranet.
What is the best way to defend against a WORM?
The best way to defend against worms is keeping systems updated with the most recent operating system and application patches. This is because they require vulnerable systems to spread.
What are the defining characteristics of a TROJAN?
They pretend to be legitimate pieces of software that a user might want to download and install. When the user runs the program, it does perform as expected, however the Trojan horse also carries a malicious hidden payload that performs some unwanted action behind the scenes.
What is the best way to defend against a TROJAN?
Application control.
What are the defining characteristics of REMOTE ACCESS TROJANS (RATs)?
They are a special class of Trojan horse that serve a specific purpose. They provide hackers with the ability to remotely access and control infected systems.
What is application control?
Limiting the software that may run on systems to titles and versions specifically approved by the administrators.
Main characteristics of VIRUSES, WORMS, and TROJANS.
VIRUS - Spreads between systems after a user action.
WORM - Self replicating.
TROJAN - Pose as legitimate software with a hidden malicious effect.
What are the three different types of malware payloads?
Adware, Spyware, and Ransomware
Describe the ADWARE payload.
Malware used for the purpose of displaying advertisements, but instead of generating revenue for the content owner, the revenue goes to the malware author.
What are the mechanisms of ADWARE?
- Changing the default search engine
- Displaying pop-up advertisements
- Replacing legitimate ads on websites with ones that benefit the malware author
Describe the SPYWARE payload.
Malware that gathers user info without their knowledge or consent and then reports it back to the malware author to use.
Examples: Identity theft, access to financial accounts, espionage.
Different techniques of SPYWARE.
- Keystroke loggers
+ Captures every key a user presses - Web browser monitoring
+ Used to target advertising to the user or report on user activity - Search hard drive and/or cloud storage
+ Seeks out sensitive info like social security numbers to be used in identity theft
Describe the RANSOMWARE payload.
Blocks the use of a computer or data until a ransom is paid, most commonly by encrypting files and selling the key for ransom.
What are the top 3 methods for preventing malware on a computer or system?
1) Installing and keeping an up to date anti-malware software
2) Installing security patches as early as possible
3) Educating end users on the dangers of malware
What makes BACKDOORS and LOGIC BOMBS different than other types of malware?
Instead of being independent programs used to deliver a malicious payload, they are pieces of code inserted into other applications with malicious intent.
What is a BACKDOOR?
When a programmer provides a means to grant themselves or others future access to a system, usually with benevolent purposes.
What are some common occurrences that create a BACKDOOR?
- Hard-coded accounts with a specific username and password that will always grant access to the system
- Default passwords a user may not remember to change
- Unknown access channels, where there’s a way to gain access to a system without going through the normal authentication process.
What is a LOGIC BOMB?
Malware that is set to execute a payload when certain conditions are met.
Examples: When a specific time and date occurs, the contents in a file contain certain information, or the results of an API call.
What are 3 examples of advanced malware concepts?
Rootkits, polymorphism, and armored viruses.