Malware Families Flashcards
What is a Virus
a virus is a malicious code whose primary function is to replicate and to deliver its payload. And remember that we said, a virus requires a host to execute and replicate.
Boot Sector Virus
boot sector virus infects the boot or the first sector of a drive then loads into memory upon boot up
File Infector Virus
file infector virus infects .com, or .exe files by overriding the original code. And it can easily affect another executable with the same extension
Companion Virus
A companion virus disguises itself as a legitimate file, it takes on a legitimate file name, but it uses a different extension with a higher priority to the processor. So for example, you might have a file on your system called good.exe, the companion virus will name itself good.com, which is a higher priority to the processor.
Macro Virus
The macro virus is written in a macro language and it’s platform-independent. It infects and replicates templates and documents
What is a worm?
a worm is malicious code that exploits known vulnerabilities. It is self replicating and it takes advantage of network features to spread
What type of Network Feature?
email and file sharing, instant messaging, even network packets
Internet Worm
internet worm is one that’s injected into a website and then re replicates itself onto any computer when that page is accessed and loaded.
Email-Worm
Email worms are distributed there via attachments and or embedded links
File sharing worms
known as P2P are distributed via a peer to peer transfer
Instant messaging worms
are distributed via messaging platforms and they’re disguised as attachments or links
network transport worms
hidden in network packets so they can spread and self propagate through shared access to any device, drive or file across the network, very dangerous.
What is a Trojan?
Trojan is malicious code that looks legitimate and it acts like a bona fide file or application. For example, a game, a video or music. So it’s just doing whatever you expected it to do, playing the video, playing the song, providing you with a game, but at the same time, it’s taking control, it’s delivering its payload
RAT
RAT stands for remote access Trojan, and its objective is to gain control of the system via a remote network connection. So you’re playing the game, but the attacker is actually making it connect to you
Backdoor Trojan
A backdoor is used to open a less obvious connection for later access. Again you’re playing that game and the backdoor Trojan opens up another channel.
Downloader Trojan
Downloader targets an already infected computer to download additional or new versions of the malicious code
Fake AV Trojan
fake AV well, it behaves like any virus software, but it demands payment to remove threats either real or fake
What is a RootKit?
that’s designed to take privileged control of the device, access right to the kernel of the operating system or to the firmware, but really high level privilege control
Components of a RootKit?
Dropper, loader, and rootkit itself, difficult to identify and remove
Firmware
Firmware is going to be malicious code that gets embedded in the device firmware, and it can modify functionality
Kernel
Kernel rootkit is designed to function at the level of the operating system itself, and it can add new code to the operating system or even delete and replace operating system code
BootLoader
bootloader rootkit boots up at the same time as the operating system, by infecting the master boot record, the MBR, and it can modify or delete boot records
Memory
memory rootkit hides in RAM and a by-product of it hiding a RAM is it reduces performance by occupying resources.
Identify dangers of RootKits?
modify functionality, add new code to an operating system, delete boot records, or use up resources. It can also be persistent, stays active when the computer is turned on until it is turned off.
