Malware Flashcards

1
Q

What is a definition for Malware?

A

Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How to make money with malware?

A
  • Adware
  • Ransomware
  • Bot-nets for hire
  • Crypting: encrypt the code of malware to evade detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name and describe the 10 types of malware

A

Viruses: a malicious executable code attached to another executable file
Worms: can run by themselves, spread over the network
Trojans: malware that carries out malicious operations under the appearance of a desired operation
Spyware: steals private information from a computer system
Ransomware: encrypts data, prompts user to pay ransom to retrieve data
Backdoors: grant the cyber criminals future access to the system
Rootkits: modifies the OS to make a backdoor
Keyloggers: records everything the user types
Adware: displays advertisements to the user to generate profit
Riskware: apps that perform sensitive operations that can pose threats if they are compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the main components of antiviral programs (conventional malware detection)?

A
  • scanning logic
  • engine: contains other components
  • database: contains information about how previously analyzed malware looks like / behaves
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name 7 typical components of conventional malware detection systems

A

Fingerprint scanning, File type recognition / parsing, archive uncompressed, unpacker for runtime packers, emulator, file disinfection and system cleanup, database and database update logic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the typical flow of conventional malware detection?

A

Unarchive, recognize file type, parse file type, unpack, fingerprint scanning + heuristics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is string scanning?

A

Search for pattern p in text s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is hash scanning?

A

Match string hashes to db of previously-analyzed and detected malware
Use fuzzy hash functions such as SSDeep for robustness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the properties of fuzzy hashing algorithms?

A
  • minimal or no diffusion at all: small changes lead to minimal changes
  • no confusion at all relationship between key and fuzzy hash is easy to identify
  • good collision rate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are Malware-Specific Detection Algorithms?

A

Custom malware detection logic for a single malware family or variant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name 5 techniques conventional malware detection uses to detect malware

A
  • string scanning
  • hash scanning
  • malware-specific detection algorithms
  • heuristics
  • emulation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are Heuristics?

A

Properties that generalize beyond previously seen malware instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is emulation?

A

Run a program within a virtual environment and monitor what it does

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does NextGen Malware Detection work?

A

Use machine learning for classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some problems of NextGen Malware Detection?

A
  • labelling of data inconsistent or nonexistent
  • concept drift: malware evolves -> detection must continuously evolve
  • adversarial ML
How well did you know this?
1
Not at all
2
3
4
5
Perfectly