Malware Infections Flashcards
Malware Infection
Threat Vector - method used by an attacker to access a victim’s machine.
Attack Vector - method used by an attacker to gain access to a victim’s machine in order to infect it with malware.
Common Delivery Methods
Malware infections usually start within software, messaging, and media.
Watering Holes - malware is placed on website that you know your potential victims will access (DionTraining.com vs DionTrainings.com).
Botnets and Zombies
Botnet - a collection of compromised computers under the control of a master node. C2 - Several zombies - Attack method - Victims. Can be utilized in other processor intensive functions and activities.
Active Interception & Privilege Escalation
Active Interception - occurs when a computer is placed between the sender and receiver and is able to capture or modify the traffic between them.
Privilege Escalation - occurs when you are able to exploit a design flaw or bug in a system to gain access to resources that a normal user isn’t able to access.
Backdoors and Logic Bombs
Backdoors are used to bypass normal security and authentication functions.
Remote Access Trojan (RAT) is placed by an attacker to maintain persistent access.
Logic Bomb - malicious code that has been inserted inside a program and will execute only when certain conditions have been met.
Easter Egg - non-malicious code that when invoked, displays an insider joke, hidden message, or secret feature.
Logic Bombs and Easter Eggs should not be used according to secure coding standards.
Symptoms of Infection
Your computer might have been infected if it begins to act strangely:
Hard drives, files, or applications are not accessible anymore
Strange noises
Unusual error messages
Display looks strange
Jumbled printouts
Double file extensions are being displayed, such as textfile.txt.exe
New files and folders have been created or files and folders are missing
System Restore will not function
Removing Malware
Identify symptoms of a malware infection
Quarantine the infected systems
Disable System Restore (if Windows machine)
Remediate the infected system
Schedule automatic updates and scans
Enable System Restore and create a new restore point
Provide end user security awareness training
If a boot sector virus is suspected, reboot the computer from an external device and scan it
Preventing Malware
Worms, Trojans, and Ransomware are best detected with anti-malware solutions.
Scanners can detect a file containing a rootkit before it is installed.
Removal of a rootkit is difficult and the best plan is to reimage the machine.
Verify your email servers aren’t configured as open mail relays or SMTP open relays.
Remove email addresses from website.
Use whitelist and blacklists.
Train and educate users.
Update your anti-malware software automatically and scan your computer.
Update and patch the OS and applications regularly.