Malware Infections Flashcards

1
Q

Threat Vector/Attack Vector

A

Threat Vector:
Method used by an attacker to access a victim’s machine

Attack Vector:
Method used by an attacker to gain access to a victim’s machine in order to infect it with malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Watering Holes

A

Malware is placed on a website that you know your potential victims will access

Ex: DionTraining.com = correct
DionTranings.com = incorrect (potentially malicious)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Active Interception

A

Occurs when a computer is placed between the sender and receiver and is able to capture or modify the traffic between them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privilege Escalation

A

Occurs when you are able to exploit a design flaw or bug in a system to gain access to resources that a normal user isn’t able to access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Backdoors & Logic Bombs

A

Backdoors are used to bypass normal security and authentication functions

Remote Access Trojan (RAT) is placed by an attacker to maintain persistent access

Logic Bomb
Malicious code that has been inserted inside a program and will execute only when certain conditions have been met

Easter Egg
Non-malicious code that when invoked, displays an insider joke, hidden message, or secret feature

Logic bombs and Easter eggs should not be used according to secure coding standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Symptoms of Infection

A

Hard drives, files, or applications are not accessible anymore
Strange noises occur
Unusual error messages
Display looks strange
Jumbled printouts
Double file extensions are being displayed, such as textfile.txt.exe
New files and folders have been created or files and folders are missing/corrupted
System Restore will not function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Malware Removal

A

o Identify symptoms of a malware infection
o Quarantine the infected systems
o Disable System Restore (if using a Windows machine)
o Remediate the infected system
o Schedule automatic updates and scans
o Enable System Restore and create a new restore point
o Provide end user security awareness training

If a boot sector virus is suspected, reboot the computer from an external device and scan it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Preventing Malware

A

Viruses, worms, trojans, ransomware, spyware, rootkits, spam, worms, & trojans are best detected with anti-malware solutions

Scanners can detect a file containing a rootkit before it is installed…
Removal of a rootkit is difficult and the best plan is to reimage the machine

Verify your email servers aren’t configured as open mail relays or SMTP open relays

Remove email addresses from website
Use whitelists and blacklists
Train and educate end users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Exploit Technique

A

Describes the specific method by which malware code infects a target host
Most modern malware uses file-less techniques to avoid detection by signature-based security software

How does an APT use modern malware to operate?
Dropper or downloader
Maintain access
Strengthen access
Actions on objectives
Concealment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Dropper

A

Malware designed to install or run other types of malware embedded in a payload on an infected host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Downloader

A

A piece of code that connects to the Internet to retrieve additional tools after the initial infection by a dropper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Shellcode

A

Any lightweight code designed to run an exploit on the target, which may include any type of code format from scripting languages to binary code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Code Injection

A
Exploit technique that runs malicious code with the identification number of a legitimate process:
Masquerading
DLL injection
DLL sideloading
Process hollowing

Droppers are likely to implement anti-forensics techniques to prevent detection and analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Living Off the Land

A

Exploit techniques that use standard system tools and packages to perform intrusions

Detection of an adversary is more difficult when they are executing malware code within standard tools and processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Vulnerability Scans (Credentialed vs. Non-Credentialed)

A

Credentialed:
Require logging in with a given set of credentials
Conducted with a trusted user’s eye view of the environment
Uncover many vulnerabilities that non-credentialed scans may overlook

Non-credentialed:
Do not require credentials & do not get trusted access to the systems they are scanning
Tend to miss most vulnerabilities within a target environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly