Malware Flashcards
What is a definition for Malware?
Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
How to make money with malware?
- Adware
- Ransomware
- Bot-nets for hire
- Crypting: encrypt the code of malware to evade detection
Name and describe the 10 types of malware
Viruses: a malicious executable code attached to another executable file
Worms: can run by themselves, spread over the network
Trojans: malware that carries out malicious operations under the appearance of a desired operation
Spyware: steals private information from a computer system
Ransomware: encrypts data, prompts user to pay ransom to retrieve data
Backdoors: grant the cyber criminals future access to the system
Rootkits: modifies the OS to make a backdoor
Keyloggers: records everything the user types
Adware: displays advertisements to the user to generate profit
Riskware: apps that perform sensitive operations that can pose threats if they are compromised
What are the main components of antiviral programs (conventional malware detection)?
- scanning logic
- engine: contains other components
- database: contains information about how previously analyzed malware looks like / behaves
Name 7 typical components of conventional malware detection systems
Fingerprint scanning, File type recognition / parsing, archive uncompressed, unpacker for runtime packers, emulator, file disinfection and system cleanup, database and database update logic
What is the typical flow of conventional malware detection?
Unarchive, recognize file type, parse file type, unpack, fingerprint scanning + heuristics
What is string scanning?
Search for pattern p in text s
What is hash scanning?
Match string hashes to db of previously-analyzed and detected malware
Use fuzzy hash functions such as SSDeep for robustness
What are the properties of fuzzy hashing algorithms?
- minimal or no diffusion at all: small changes lead to minimal changes
- no confusion at all relationship between key and fuzzy hash is easy to identify
- good collision rate
What are Malware-Specific Detection Algorithms?
Custom malware detection logic for a single malware family or variant
Name 5 techniques conventional malware detection uses to detect malware
- string scanning
- hash scanning
- malware-specific detection algorithms
- heuristics
- emulation
What are Heuristics?
Properties that generalize beyond previously seen malware instances
What is emulation?
Run a program within a virtual environment and monitor what it does
How does NextGen Malware Detection work?
Use machine learning for classification
What are some problems of NextGen Malware Detection?
- labelling of data inconsistent or nonexistent
- concept drift: malware evolves -> detection must continuously evolve
- adversarial ML