Malware Infections Flashcards

1
Q

Malware Infection

A

Threat Vector - method used by an attacker to access a victim’s machine.
Attack Vector - method used by an attacker to gain access to a victim’s machine in order to infect it with malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Common Delivery Methods

A

Malware infections usually start within software, messaging, and media.
Watering Holes - malware is placed on website that you know your potential victims will access (DionTraining.com vs DionTrainings.com).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Botnets and Zombies

A

Botnet - a collection of compromised computers under the control of a master node. C2 - Several zombies - Attack method - Victims. Can be utilized in other processor intensive functions and activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Active Interception & Privilege Escalation

A

Active Interception - occurs when a computer is placed between the sender and receiver and is able to capture or modify the traffic between them.
Privilege Escalation - occurs when you are able to exploit a design flaw or bug in a system to gain access to resources that a normal user isn’t able to access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Backdoors and Logic Bombs

A

Backdoors are used to bypass normal security and authentication functions.
Remote Access Trojan (RAT) is placed by an attacker to maintain persistent access.
Logic Bomb - malicious code that has been inserted inside a program and will execute only when certain conditions have been met.
Easter Egg - non-malicious code that when invoked, displays an insider joke, hidden message, or secret feature.
Logic Bombs and Easter Eggs should not be used according to secure coding standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Symptoms of Infection

A

Your computer might have been infected if it begins to act strangely:
Hard drives, files, or applications are not accessible anymore
Strange noises
Unusual error messages
Display looks strange
Jumbled printouts
Double file extensions are being displayed, such as textfile.txt.exe
New files and folders have been created or files and folders are missing
System Restore will not function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Removing Malware

A

Identify symptoms of a malware infection
Quarantine the infected systems
Disable System Restore (if Windows machine)
Remediate the infected system
Schedule automatic updates and scans
Enable System Restore and create a new restore point
Provide end user security awareness training
If a boot sector virus is suspected, reboot the computer from an external device and scan it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Preventing Malware

A

Worms, Trojans, and Ransomware are best detected with anti-malware solutions.
Scanners can detect a file containing a rootkit before it is installed.
Removal of a rootkit is difficult and the best plan is to reimage the machine.
Verify your email servers aren’t configured as open mail relays or SMTP open relays.
Remove email addresses from website.
Use whitelist and blacklists.
Train and educate users.
Update your anti-malware software automatically and scan your computer.
Update and patch the OS and applications regularly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly