Malware and Indicators of Compromise Flashcards
Polymorphic Malware
Malware that can change its code after each use, making each replicant different from a detection point of view.
Virus
A piece of malicious code that replicates by attaching itself to another piece of executable code.
Armored Virus
A virus that is much more difficult, if not impossible for antivirus companies and security researchers to decompile the program in an attempt to reverse engineer its functionality.
Crypto-malware
An early name given to malware that encrypts files on a system and then leaves them unusable either permanently, acting as a denial of service, or temporarily until a ransom is paid, making it ransomware.
Ransomware
A form of malware that performs some action and extracts ransom from a user.
Worm
Pieces of code that attempt to penetrate networks and computer systems. Worms replicate themselves without needing to attach to other pieces of executable code.
Trojan
A piece of software that appears to do one thing but hides some other functionality.
Rootkit
A form of malware that is specifically designed to modify the operation of the operating system in some fashion to facilitate nonstandard functionality.
A rootkit can do virtually anything that the operating system does.
Rootkits modify the operating system kernel and supporting functions, changing the nature of the system’s operation.
Rootkits act as a form of malware that can change thread priorities to boost an application’s performance, performing keylogging, act as a sniffer, hide other files from other applications, or create backdoors in the authentication system.
The use of rootkit functionality to hide other processes and files enables an attacker to use a portion of a computer without the user or other applications knowing what is happening.
Rootkits can load before the operating system loads, acting as loadable library modules, effectively changing portions of the operating system outside the kernel.
Keylogger
A piece of software that logs all of the keystrokes that a user enters.
Microsoft Word can be considered a keylogger which isn’t necessarily a bad thing.
What makes a keylogger a malicious piece of software is when its operation is unknown to the user, and it is not under the user’s control.
Adware
Software that is supported by advertising.
Adware comes in many different forms. With legitimate adware, the user is aware of the advertising and agrees to the arrangement in return for free use of the software.
Adware can also refer to a form of malware, which is characterized by software that presents unwanted ads.
Adware is sometimes just an irritant and other times they can represent an actual security threat.
Spyware
Software that “spies” on users, recording and reporting on their activities.
Spyware is typically installed without user knowledge.
It can perform a wide range of activities such as;
keylogging, monitoring how a user applies a specific piece of software, monitoring attempts to cheat at games, stealing information, etc.
Many states have passed legislation banning the unapproved installation of software, but spyware can circumvent this issue through complex and confusing end-user license agreements.
Bots
A functioning piece of software that performs some task, under the control of another program.
Bots can do a wide array of things, from spam to fraud to spyware and more.
Botnet
The entire assembly of a series of bots controlled across the network in a group.
Some botnets are legal and perform desired actions in a distributed fashion.
Illegal botnets work in the same fashion, with bots distributed and controlled from a central set of servers.
Some of the latest botnets are designed to mine bitcoins, using distributed processing power for gain.
Some of the more famous botnets include Zeus, a botnet that performs keystroke logging and is used primarily for the purpose of stealing banking information.
RAT
a remote-access Trojan (RAT) is a toolkit designed to provide the capability of covert surveillance and/or the capability to gain unauthorized access to a target system.
RATs often mimic similar behaviors of keylogger or packet sniffer applications using the automated collection of keystrokes, usernames, passwords, screenshots, browser history, e-mails, chat logs, and more, but they also do so with a design of intelligence.
A RAT should be considered as another form of malware, but rather than just being a program, it has an operator behind it, guiding it to do even more persistent damage.
RATs can be delivered via phishing e-mails, watering holes, or any of a myriad of other malware infection vectors.
RATs typically involve the creation of hidden file structures on a system and are vulnerable to detection by modern anti-malware programs.
Logic Bomb
A piece of code that sits dormant for a period of time until some event or date invokes its malicious payload.
Unlike viruses and Trojans, logic bombs, are a type of malicious software that is deliberately installed, generally by an authorized user.
